How Nginx behaves with "proxy_bind" and DNS resolver with non matching ip versions between bind ip a

addis_a · December 29, 2014, 8:37am

Hello,
I’m working with the proxy module, and with a dns resolver configured.
The
traffic i’m using is both ipv4 and ipv6.

I’m trying to understand Nginx behavior when using “proxy_bind”
directive
and when the resolver returns both ipv4 and ipv6 addresses.

In particular i’d like to understand what happens when:

“proxy_bind” binds to an ipv6 address, and the resolver returns only
ipv4
addresses (and the other way around - binding to ipv4, resolving only to
ipv6).
“proxy_bind” binds to an ipv6 address, the resolver returns both ipv4
and
ipv6 addresses, but the first attempted ip address is an ipv4 address
(and
the other way around - binding to ipv4, first attempted is ipv6).

Can you please shed some light on this?

Thanks,
Shmulik Bibi

Posted at Nginx Forum:

shmulik · December 30, 2014, 12:59pm

Thank you.

So if i understood correctly:

When i bind an ipv6 address, and the resolver returns 1 ipv4 address and
1
ipv6 address - if the first attempted address is the ipv4 address, the
result will be an error + sending back to the client a “500 Internal
Server
Error”?

In such scenarios, is there any way i can tell Nginx to skip the non
matching ip version? (i.e. in the above example, to skip directly to the
resolved ipv6 address).

Thanks,
Shmulik

Posted at Nginx Forum:

shmulik · December 29, 2014, 5:49pm

Hello!

On Mon, Dec 29, 2014 at 02:36:55AM -0500, shmulik wrote:

addresses (and the other way around - binding to ipv4, resolving only to
ipv6).

“proxy_bind” binds to an ipv6 address, the resolver returns both ipv4 and
ipv6 addresses, but the first attempted ip address is an ipv4 address (and
the other way around - binding to ipv4, first attempted is ipv6).

Can you please shed some light on this?

In either case nginx will call bind() syscall with the address
provided in the proxy_bind directive. If address family doesn’t
match one used in the connection, this is expected to result in an
error. The error itself will be logged into error log, and 500
(Internal Server Error) will be returned to the client.

–
Maxim D.
http://nginx.org/

shmulik · January 5, 2015, 7:05am

Hello!

On Tue, Dec 30, 2014 at 06:58:51AM -0500, shmulik wrote:

Thank you.

So if i understood correctly:

When i bind an ipv6 address, and the resolver returns 1 ipv4 address and 1
ipv6 address - if the first attempted address is the ipv4 address, the
result will be an error + sending back to the client a “500 Internal Server
Error”?

Yes.

In such scenarios, is there any way i can tell Nginx to skip the non
matching ip version? (i.e. in the above example, to skip directly to the
resolved ipv6 address).

No.

–
Maxim D.
http://nginx.org/