From 2f23fc90d2cf1b8fa8b885543ac01ba722ca23c0 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Mon, 27 Oct 2025 10:33:28 +0100 Subject: [PATCH] Include a Date: response header for rejected HTTP1 requests This allows OpenBSD ntpd time constraint retrieval to work properly with nghttp2 incoming DoH. Note that requests having no alpn data do not appear in any stats. Should that be changed? Signed-off-by: Otto Moerbeek --- pdns/dnsdistdist/dnsdist-nghttp2-in.cc | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc index 3b4ce122e6..87f164a2bd 100644 --- a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc +++ b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc @@ -282,8 +282,20 @@ bool IncomingHTTP2Connection::checkALPN() ++d_ci.cs->dohFrontend->d_http1Stats.d_nbQueries; } - const std::string data("HTTP/1.1 400 Bad Request\r\nConnection: Close\r\n\r\nThis server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.\r\n"); - d_out.insert(d_out.end(), data.begin(), data.end()); + static const std::string data0("HTTP/1.1 400 Bad Request\r\nConnection: Close\r\n"); + + std::array data1{}; + static const std::string dateformat("Date: %a, %d %h %Y %T GMT\r\n"); + struct tm tmval{}; + time_t timestamp = time(nullptr); + size_t len = strftime(data1.data(), data1.size(), dateformat.data(), gmtime_r(×tamp, &tmval)); + assert(len != 0); + + static const std::string data2("\r\nThis server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.\r\n"); + + d_out.insert(d_out.end(), data0.begin(), data0.end()); + d_out.insert(d_out.end(), data1.begin(), data1.begin() + len); + d_out.insert(d_out.end(), data2.begin(), data2.end()); writeToSocket(false); vinfolog("DoH connection from %s expected ALPN value 'h2', got '%s'", d_ci.remote.toStringWithPort(), std::string(protocols.begin(), protocols.end())); -- 2.47.3