Allow response with AD bit in resolver

Kirill A. Korinsky kirill at korins.ky
Sat Jun 15 11:02:28 UTC 2024


Greetings,

Here a trivial patch which allows DNS responses with enabled AD bit
from used resolver.

Index: src/core/ngx_resolver.c
--- src/core/ngx_resolver.c.orig
+++ src/core/ngx_resolver.c
@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
                    (response->nar_hi << 8) + response->nar_lo);
 
     /* response to a standard query */
-    if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
+    if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
         ngx_log_error(r->log_level, r->log, 0,
                       "invalid %s DNS response %ui fl:%04Xi",
                       tcp ? "TCP" : "UDP", ident, flags);

-- 
wbr, Kirill



More information about the nginx mailing list