Closed cookiemonsteruk closed 2 years ago
@TuxInvader for when you can spare a moment please.
Spotted the errors I made. I missed a semicolon at the end of line 25 and made a typo missing a letter.
With those I got the error after adding the semicolon nginx: [emerg] unknown "dns_qname" variable
With the line now reading:
js_set $dns.qname dns.get_qname;
Now the config test if happy.
Now I can start testing.
I was too early to close.
First I had to change from worker_process auto; to 2 . I was getting failed to spawn messages.
Then I got
2022/01/04 21:03:23 [error] 91486#91486: *1 js function "dns_preread_dns_request" not found while prereading client data, udp client: 192.168.5.183, server: 0.0.0.0:53
when sending a dns dig request to nginx. Call is dig www.example.com @192.168.5.56
So I thought I needed to look at what changes might be needed in that function and made some (see below) but I end up with gobs of errors
2022/01/04 21:09:06 [alert] 91486#91486: recvmsg() truncated data
I am most confused how we're to use the example configs now. To reiterate I'm just using nginx-dns-routing.conf example file.
I've tried both ways, putting at the top
#load_module modules/ngx_stream_js_module.so;
load_module njs.d/dns/dns.js;
and
load_module modules/ngx_stream_js_module.so;
#load_module njs.d/dns/dns.js;
and changing in the DNS TCP and UDP server blocks
js_preread dns.dns_preread_dns_request;
In all cases I get those truncated data errors, both with dns. in front of dns_preread_dns_request and without. Also both cases of loading modules at the top. Clearly I'm misunderstanding the instruction, could you please point out my error?
I think you want
user nginx;
worker_processes auto;
load_module modules/ngx_stream_js_module.so;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
# logging
log_format dns '$remote_addr [$time_local] $protocol "$dns_qname" "$upstream_pool"';
access_log /var/log/nginx/dns-access.log dns;
# import NJS module
js_import /etc/nginx/njs.d/dns/dns.js
# NJS function to get the dns_qname, requires a js_preread in the server to populate the variable from the DNS packet
js_set $dns_qname dns.get_qname;
# This maps the qname domain to the DNS server for routing
map $dns_qname $upstream_pool {
hostnames;
*.nginx dnsmasq;
*.k8s dnsmasq;
default google;
}
# Google upstream
upstream google {
zone dns 64k;
server 8.8.8.8:53;
}
# dnsmasq local upstream
upstream dnsmasq {
zone dns 64k;
server 192.168.5.1:53;
}
# DNS(TCP) Serverr
server {
listen 53;
js_preread dns.preread_dns_request;
proxy_pass $upstream_pool;
}
# DNS(UDP) Server
server {
listen 53 udp;
js_preread dns.preread_dns_request;
proxy_responses 1;
proxy_pass $upstream_pool;
}
}
Thank you for taking the time to put it together. I'll be tryng this setup asap.
Thanks @TuxInvader for your help. My setup is working again.
stream section:
stream {
# DNS logging
# Disable DNS logging
access_log off;
log_format dns '$remote_addr [$time_local] $protocol "$dns_qname"';
access_log /var/log/nginx/dns-access.log dns;
# import NJS module
js_import /etc/nginx/njs.d/dns/dns.js;
# NJS function to get the dns_qname, requires a js_preread in the server to populate the variable from the DNS packet
js_set $dns_qname dns.get_qname;
# DNS upstream pool.
upstream dns {
zone dns 64k;
server 127.0.0.1:53;
}
# DNS(TCP) and DNS over TLS (DoT) Server
# Terminate DoT and DNS TCP, and proxy onto standard DNS
server {
listen 853 ssl;
listen [::]:853 ssl;
include global/dot-ssl.conf;
include global/cert.conf;
js_preread dns.preread_dns_request;
proxy_pass dns;
}
# DNS over HTTPS (gateway) Service
# Upstream can be either DNS(TCP) or DoT. If upstream is DNS, proxy_ssl should be off.
server {
listen 127.0.0.1:8853;
js_filter dns.filter_doh_request;
proxy_pass dns;
}
}
Yes @TuxInvader the config you provided has made the testconfig pass now. Much obliged.
Hi. Using master, downloaded today 04/01/2022 13:34 I'm trying to setup one of the examples before making my configuration changes, but I'm struggling with the changes to njs deprecating js_include for js_import. Vanilla install of nginx-full on Ubuntu 20.04. Nginx installed from nginx repo, not Ubuntu's. I also installed from nginx: http://nginx.org/packages/mainline/ubuntu focal/nginx amd64 nginx-module-njs amd64 1.21.5+0.7.1-1~focal. Also from this repo I dowloaded the master as zip, unzipped on the server and as per instructions, copied the njs.d directory to /etc/nginx. That's the setup. Then to start from a working baseline I backed up /etc/nginx/nginx.conf and used the example /nginx-dns-master/examples/nginx-dns-routing.conf However:
root@webserv2:/etc/nginx# service nginx configtest nginx: [emerg] invalid number of arguments in "js_import" directive in /etc/nginx/nginx.conf:26 nginx: configuration file /etc/nginx/nginx.conf test failed
From the conversation here #14 I've ended up with this nginx.conf
What other changes I need to make to get this example working again please?