proxied requests hang when DNS response has wrong ident

Ruslan Ermilov ru at nginx.com
Tue Jul 15 11:41:45 UTC 2014


On Tue, Jul 15, 2014 at 08:04:44PM +1000, Pramod Korathota wrote:
> We have recently discovered a very rare occurence when requests through
> nginx will hang if the resolver sends a response with a mismatching ident.
>  We are seeing this in production with 1.7.1 and I have been able to
> re-produce with 1.7.3. The relevant parts of the config are:
> 
> resolver 10.65.255.4;
> 
> location / {
>         proxy_pass      http://$host.internal$request_uri;
> }

Проблема валидна.  Патч какой-то такой:

# HG changeset patch
# User Ruslan Ermilov <ru at nginx.com>
# Date 1405424486 -14400
#      Tue Jul 15 15:41:26 2014 +0400
# Node ID 8a16ec3871efad5990604a21c6bc00c0c9347446
# Parent  abd460ece11e9c85d4c0c4a8e6ac46cfb5fa62b5
Resolver: fixed resend on malformed responses.

DNS request resend on malformed responses was broken in 98876ce2a7fd.

Reported by Pramod Korathota.

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1467,7 +1467,6 @@ ngx_resolver_process_a(ngx_resolver_t *r
             goto failed;
         }
 
-        rn->naddrs6 = 0;
         qident = (rn->query6[0] << 8) + rn->query6[1];
 
         break;
@@ -1482,7 +1481,6 @@ ngx_resolver_process_a(ngx_resolver_t *r
             goto failed;
         }
 
-        rn->naddrs = 0;
         qident = (rn->query[0] << 8) + rn->query[1];
     }
 
@@ -1507,6 +1505,8 @@ ngx_resolver_process_a(ngx_resolver_t *r
 
         case NGX_RESOLVE_AAAA:
 
+            rn->naddrs6 = 0;
+
             if (rn->naddrs == (u_short) -1) {
                 goto next;
             }
@@ -1519,6 +1519,8 @@ ngx_resolver_process_a(ngx_resolver_t *r
 
         default: /* NGX_RESOLVE_A */
 
+            rn->naddrs = 0;
+
             if (rn->naddrs6 == (u_short) -1) {
                 goto next;
             }
@@ -1539,6 +1541,8 @@ ngx_resolver_process_a(ngx_resolver_t *r
 
         case NGX_RESOLVE_AAAA:
 
+            rn->naddrs6 = 0;
+
             if (rn->naddrs == (u_short) -1) {
                 rn->code = (u_char) code;
                 goto next;
@@ -1548,6 +1552,8 @@ ngx_resolver_process_a(ngx_resolver_t *r
 
         default: /* NGX_RESOLVE_A */
 
+            rn->naddrs = 0;
+
             if (rn->naddrs6 == (u_short) -1) {
                 rn->code = (u_char) code;
                 goto next;
@@ -1817,6 +1823,25 @@ ngx_resolver_process_a(ngx_resolver_t *r
         }
     }
 
+    switch (qtype) {
+
+#if (NGX_HAVE_INET6)
+    case NGX_RESOLVE_AAAA:
+
+        if (rn->naddrs6 == (u_short) -1) {
+            rn->naddrs6 = 0;
+        }
+
+        break;
+#endif
+
+    default: /* NGX_RESOLVE_A */
+
+        if (rn->naddrs == (u_short) -1) {
+            rn->naddrs = 0;
+        }
+    }
+
     if (rn->naddrs != (u_short) -1
 #if (NGX_HAVE_INET6)
         && rn->naddrs6 != (u_short) -1



More information about the nginx mailing list