How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip and resolved ip?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip and resolved ip?

vedranf
Hello,
I'm working with the proxy module, and with a dns resolver configured. The
traffic i'm using is both ipv4 and ipv6.

I'm trying to understand Nginx behavior when using "proxy_bind" directive
and when the resolver returns both ipv4 and ipv6 addresses.

In particular i'd like to understand what happens when:

1. "proxy_bind" binds to an ipv6 address, and the resolver returns only ipv4
addresses (and the other way around - binding to ipv4, resolving only to
ipv6).

2. "proxy_bind" binds to an ipv6 address, the resolver returns both ipv4 and
ipv6 addresses, but the first attempted ip address is an ipv4 address (and
the other way around - binding to ipv4, first attempted is ipv6).

Can you please shed some light on this?

Thanks,
Shmulik Bibi

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,255814,255814#msg-255814

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip and resolved ip?

Maxim Dounin
Hello!

On Mon, Dec 29, 2014 at 02:36:55AM -0500, shmulik wrote:

> Hello,
> I'm working with the proxy module, and with a dns resolver configured. The
> traffic i'm using is both ipv4 and ipv6.
>
> I'm trying to understand Nginx behavior when using "proxy_bind" directive
> and when the resolver returns both ipv4 and ipv6 addresses.
>
> In particular i'd like to understand what happens when:
>
> 1. "proxy_bind" binds to an ipv6 address, and the resolver returns only ipv4
> addresses (and the other way around - binding to ipv4, resolving only to
> ipv6).
>
> 2. "proxy_bind" binds to an ipv6 address, the resolver returns both ipv4 and
> ipv6 addresses, but the first attempted ip address is an ipv4 address (and
> the other way around - binding to ipv4, first attempted is ipv6).
>
> Can you please shed some light on this?

In either case nginx will call bind() syscall with the address
provided in the proxy_bind directive.  If address family doesn't
match one used in the connection, this is expected to result in an
error.  The error itself will be logged into error log, and 500
(Internal Server Error) will be returned to the client.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip and resolved ip?

vedranf
Thank you.

So if i understood correctly:

When i bind an ipv6 address, and the resolver returns 1 ipv4 address and 1
ipv6 address - if the first attempted address is the ipv4 address, the
result will be an error + sending back to the client a "500 Internal Server
Error"?

In such scenarios, is there any way i can tell Nginx to skip the non
matching ip version? (i.e. in the above example, to skip directly to the
resolved ipv6 address).

Thanks,
Shmulik

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,255814,255873#msg-255873

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip and resolved ip?

Maxim Dounin
Hello!

On Tue, Dec 30, 2014 at 06:58:51AM -0500, shmulik wrote:

> Thank you.
>
> So if i understood correctly:
>
> When i bind an ipv6 address, and the resolver returns 1 ipv4 address and 1
> ipv6 address - if the first attempted address is the ipv4 address, the
> result will be an error + sending back to the client a "500 Internal Server
> Error"?

Yes.

> In such scenarios, is there any way i can tell Nginx to skip the non
> matching ip version? (i.e. in the above example, to skip directly to the
> resolved ipv6 address).

No.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx