ports@
Here a trivial patch which improves compatibility with unwind.
I'm using the following unwind.config:
preference { recursor oDoT-autoconf }
forwarder { 172.31.2.1 }
force accept bogus forwarder {
some.internal.domain
}
where 172.31.2.1 is Unifi GW and nginx is configured as:
server {
listen 127.0.0.1:80;
resolver 127.0.0.1;
set $nas_uri "http://nas.some.internal.domain";;
location / {
proxy_pass $nas_uri;
}
}
it can't be used due errors in log:
2024/06/15 11:53:55 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0
2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0
2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0
2024/06/15 11:54:05 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0
because nginx rejects response with enabled AD bit.
So, here the diff to include a patch that allows it. This patch was sent to
both nginx and freenginx upstreams.
diff --git www/nginx/Makefile www/nginx/Makefile
index e0ed50751ed..2051bc152b3 100644
--- www/nginx/Makefile
+++ www/nginx/Makefile
@@ -21,7 +21,7 @@ COMMENT-securelink= nginx HMAC secure link module
VERSION= 1.26.1
DISTNAME= nginx-${VERSION}
CATEGORIES= www
-REVISION-main= 0
+REVISION-main= 1
VERSION-njs= 0.8.2
VERSION-rtmp= 1.2.1
diff --git www/nginx/patches/patch-src_core_ngx_resolver_c
www/nginx/patches/patch-src_core_ngx_resolver_c
new file mode 100644
index 00000000000..b07cea4cc97
--- /dev/null
+++ www/nginx/patches/patch-src_core_ngx_resolver_c
@@ -0,0 +1,12 @@
+Index: src/core/ngx_resolver.c
+--- src/core/ngx_resolver.c.orig
++++ src/core/ngx_resolver.c
+@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
+ (response->nar_hi << 8) + response->nar_lo);
+
+ /* response to a standard query */
+- if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
++ if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
+ ngx_log_error(r->log_level, r->log, 0,
+ "invalid %s DNS response %ui fl:%04Xi",
+ tcp ? "TCP" : "UDP", ident, flags);
--
wbr, Kirill
