Allow response with AD bit in resolver

Sun Jun 16 01:45:15 UTC 2024

On Sun, 16 Jun 2024 04:29:51 +0300
Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
> 
> On Sat, Jun 15, 2024 at 12:02:28PM +0100, Kirill A. Korinsky wrote:
> 
> > Greetings,
> > 
> > Here a trivial patch which allows DNS responses with enabled AD bit
> > from used resolver.
> > 
> > Index: src/core/ngx_resolver.c
> > --- src/core/ngx_resolver.c.orig
> > +++ src/core/ngx_resolver.c
> > @@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
> >                     (response->nar_hi << 8) + response->nar_lo);
> >  
> >      /* response to a standard query */
> > -    if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
> > +    if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
> >          ngx_log_error(r->log_level, r->log, 0,
> >                        "invalid %s DNS response %ui fl:%04Xi",
> >                        tcp ? "TCP" : "UDP", ident, flags);
> > 
> 
> Looks good to me, pushed with an appropriate commit log, thanks.
>

Sounds familiar :)

https://mailman.nginx.org/pipermail/nginx-devel/2022-May/YQ3MYP4VNQYWEJS3XYLPMU4HZUKS4PYF.html