fix(dnsdist): respond 505 to DoH HTTP/1.1 reqs

Closes: #16990

diff --git a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc
index 3cf9790bf043a40ac49837c70d97eaf041ea8925..e9549e6a8c4ae56d3a3e08c5637ac429d5e4f386 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc
+++ b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc
@@ -285,7 +285,7 @@ bool IncomingHTTP2Connection::checkALPN()
     ++d_ci.cs->dohFrontend->d_http1Stats.d_nbQueries;
   }
 
-  static const std::string data0("HTTP/1.1 400 Bad Request\r\nConnection: Close\r\n");
+  static const std::string data0("HTTP/1.1 505 HTTP Version Not Supported\r\nConnection: Close\r\n");
 
   std::array<char, 40> data1{};
   static const std::string dateformat("Date: %a, %d %h %Y %T GMT\r\n");

diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py
index 844397a003dab76c1c2b2a8f8e344178a08d56b3..b54bccc7774c3b00a25d598f04279f78d95910e3 100644 (file)
--- a/regression-tests.dnsdist/test_DOH.py
+++ b/regression-tests.dnsdist/test_DOH.py
@@ -1,19 +1,19 @@
 #!/usr/bin/env python
 
 import base64
-import dns
 import os
-import time
 import subprocess
+import time
 import unittest
-import clientsubnetoption
+from io import BytesIO
 
+import dns
+import pycurl
+
+import clientsubnetoption
 from dnsdistdohtests import DNSDistDOHTest
 from dnsdisttests import DNSDistTest, pickAvailablePort
 
-import pycurl
-from io import BytesIO
-
 
 class DOHTests(object):
     _consoleKey = DNSDistTest.generateConsoleKey()
@@ -443,7 +443,7 @@ class DOHTests(object):
         data = conn.perform_rb()
         rcode = conn.getinfo(pycurl.RESPONSE_CODE)
         responseHeaders = responseHeaders.getvalue()
-        self.assertEqual(rcode, 400)
+        self.assertEqual(rcode, 505)
         self.assertEqual(
             data,
             b"<html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>\r\n",