ports@ Here a trivial patch which improves compatibility with unwind.
I'm using the following unwind.config: preference { recursor oDoT-autoconf } forwarder { 172.31.2.1 } force accept bogus forwarder { some.internal.domain } where 172.31.2.1 is Unifi GW and nginx is configured as: server { listen 127.0.0.1:80; resolver 127.0.0.1; set $nas_uri "http://nas.some.internal.domain"; location / { proxy_pass $nas_uri; } } it can't be used due errors in log: 2024/06/15 11:53:55 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0 2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0 2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0 2024/06/15 11:54:05 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0 because nginx rejects response with enabled AD bit. So, here the diff to include a patch that allows it. This patch was sent to both nginx and freenginx upstreams. diff --git www/nginx/Makefile www/nginx/Makefile index e0ed50751ed..2051bc152b3 100644 --- www/nginx/Makefile +++ www/nginx/Makefile @@ -21,7 +21,7 @@ COMMENT-securelink= nginx HMAC secure link module VERSION= 1.26.1 DISTNAME= nginx-${VERSION} CATEGORIES= www -REVISION-main= 0 +REVISION-main= 1 VERSION-njs= 0.8.2 VERSION-rtmp= 1.2.1 diff --git www/nginx/patches/patch-src_core_ngx_resolver_c www/nginx/patches/patch-src_core_ngx_resolver_c new file mode 100644 index 00000000000..b07cea4cc97 --- /dev/null +++ www/nginx/patches/patch-src_core_ngx_resolver_c @@ -0,0 +1,12 @@ +Index: src/core/ngx_resolver.c +--- src/core/ngx_resolver.c.orig ++++ src/core/ngx_resolver.c +@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha + (response->nar_hi << 8) + response->nar_lo); + + /* response to a standard query */ +- if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) { ++ if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) { + ngx_log_error(r->log_level, r->log, 0, + "invalid %s DNS response %ui fl:%04Xi", + tcp ? "TCP" : "UDP", ident, flags); -- wbr, Kirill