From: Otto Moerbeek Date: Mon, 27 Oct 2025 09:33:28 +0000 (+0100) Subject: Include a Date: response header for rejected HTTP1 requests X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F16375%2Fhead;p=thirdparty%2Fpdns.git Include a Date: response header for rejected HTTP1 requests This allows OpenBSD ntpd time constraint retrieval to work properly with nghttp2 incoming DoH. Note that requests having no alpn data do not appear in any stats. Should that be changed? Signed-off-by: Otto Moerbeek --- diff --git a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc index 3b4ce122e6..87f164a2bd 100644 --- a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc +++ b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc @@ -282,8 +282,20 @@ bool IncomingHTTP2Connection::checkALPN() ++d_ci.cs->dohFrontend->d_http1Stats.d_nbQueries; } - const std::string data("HTTP/1.1 400 Bad Request\r\nConnection: Close\r\n\r\nThis server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.\r\n"); - d_out.insert(d_out.end(), data.begin(), data.end()); + static const std::string data0("HTTP/1.1 400 Bad Request\r\nConnection: Close\r\n"); + + std::array data1{}; + static const std::string dateformat("Date: %a, %d %h %Y %T GMT\r\n"); + struct tm tmval{}; + time_t timestamp = time(nullptr); + size_t len = strftime(data1.data(), data1.size(), dateformat.data(), gmtime_r(×tamp, &tmval)); + assert(len != 0); + + static const std::string data2("\r\nThis server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.\r\n"); + + d_out.insert(d_out.end(), data0.begin(), data0.end()); + d_out.insert(d_out.end(), data1.begin(), data1.begin() + len); + d_out.insert(d_out.end(), data2.begin(), data2.end()); writeToSocket(false); vinfolog("DoH connection from %s expected ALPN value 'h2', got '%s'", d_ci.remote.toStringWithPort(), std::string(protocols.begin(), protocols.end()));