id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2024 "Error log contains ""unexpected response for"" when resolver is called" darius-m@… "Whenever the resolver is called to resolve a name for the first time, a line containing ""unexpected response for"", with error level ""error"" appears in the error log. The following configuration can be used to reproduce the error: {{{ server { listen 80; listen [::]:80; server_name localhost; resolver 1.1.1.1 valid=5s ipv6=off; allow 127.0.0.1; deny all; location / { set $server www.nginx.com; proxy_pass http://$server; } } }}} After running `curl localhost/`, the `error.log` file contains a line with `unexpected response for www.nginx.com`. The same error also appears for SSL OSCP stapling, but using `proxy_pass` was used since it is much easier to reproduce. I am unsure how dangerous this error actually is, as the server appears to fetch the correct information despite this message, and it does not repeat as long as the DNS entry is kept in the resolver's cache. I used `valid=5s` as a resolver parameter to make sure the error shows up repeatedly, but can be reproduced without it (it is rarer howerver, since the DNS entry will last longer). The installed nginx is the one delivered through the `apt` package manager from the newest [[https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-debian-ubuntu-packages|nginx repositories]] for Ubuntu, but appears to not be specific to Ubuntu." defect new minor nginx-core 1.18.x resolver Linux test-nginx-resolv 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.18.0 built by gcc 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1) built with OpenSSL 1.1.1 11 Sep 2018 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.18.0/debian/debuild-base/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'"