Allow response with AD bit in resolver
Kirill A. Korinsky
kirill at korins.ky
Sat Jun 15 11:02:28 UTC 2024
Greetings,
Here a trivial patch which allows DNS responses with enabled AD bit
from used resolver.
Index: src/core/ngx_resolver.c
--- src/core/ngx_resolver.c.orig
+++ src/core/ngx_resolver.c
@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
(response->nar_hi << 8) + response->nar_lo);
/* response to a standard query */
- if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
+ if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
ngx_log_error(r->log_level, r->log, 0,
"invalid %s DNS response %ui fl:%04Xi",
tcp ? "TCP" : "UDP", ident, flags);
--
wbr, Kirill
More information about the nginx
mailing list