No puedo encontrar ninguna ayuda con UDP, así que he venido aquí para preguntar.
Tengo un clúster DNS configurado en Raspberry Pis con Ubuntu 20.04 y Nginx. El proxy se usa para UDP en el puerto 53. Necesito poner esto en producción, sin embargo, estoy cansado porque veo esto constantemente en el registro de errores:
upstream timed out (110: Connection timed out) while proxying connection, udp client: 192.168.1.172, server: 0.0.0.0:53, upstream: "192.168.70.80:53", bytes fro
m/to client:72/52, bytes from/to upstream:52/72
Aquí hay una parte del registro de acceso de Nginx (observe los errores 502):
192.168.1.136 | [29/Dec/2020:09:35:08 -0600] | UDP | 200 | 147 | 54 | 0.032 | "192.168.70.80:53"
192.168.1.172 | [29/Dec/2020:09:35:12 -0600] | UDP | 200 | 126 | 30 | 0.020 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:35:17 -0600] | UDP | 502 | 150 | 88 | 599.998 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:35:17 -0600] | UDP | 502 | 73 | 72 | 599.999 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:35:17 -0600] | UDP | 502 | 154 | 56 | 600.000 | "192.168.70.84:53" <--- HERE
192.168.2.47 | [29/Dec/2020:09:35:22 -0600] | UDP | 200 | 66 | 50 | 0.040 | "192.168.70.80:53"
192.168.1.172 | [29/Dec/2020:09:35:24 -0600] | UDP | 200 | 142 | 37 | 0.001 | "192.168.70.80:53"
192.168.1.172 | [29/Dec/2020:09:35:41 -0600] | UDP | 200 | 165 | 40 | 0.017 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:35:48 -0600] | UDP | 502 | 61 | 90 | 600.005 | "192.168.70.83:53" <--- HERE
192.168.1.172 | [29/Dec/2020:09:35:48 -0600] | UDP | 502 | 47 | 62 | 599.998 | "192.168.70.83:53" <--- HERE
192.168.1.172 | [29/Dec/2020:09:35:57 -0600] | UDP | 200 | 61 | 45 | 0.001 | "192.168.70.82:53"
192.168.1.136 | [29/Dec/2020:09:35:59 -0600] | UDP | 200 | 44 | 28 | 0.028 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:36:02 -0600] | UDP | 200 | 47 | 31 | 0.017 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:36:02 -0600] | UDP | 200 | 58 | 42 | 0.019 | "192.168.70.82:53"
192.168.1.172 | [29/Dec/2020:09:36:13 -0600] | UDP | 200 | 126 | 30 | 0.017 | "192.168.70.82:53"
192.168.1.136 | [29/Dec/2020:09:36:16 -0600] | UDP | 200 | 77 | 37 | 0.029 | "192.168.70.82:53"
192.168.2.47 | [29/Dec/2020:09:36:16 -0600] | UDP | 200 | 147 | 54 | 0.033 | "192.168.70.82:53"
Los servidores ejecutan dnsmasq. Tengo un puñado de clientes que utilizan este proxy DNS y nadie informa ningún problema a pesar de ver esto en el registro durante todo el día.
Este tutorial de Nginxme ayudó a configurar el proxy UDP.
Aquí está mi /etc/nginx/nginx.conf
(el bloque http es el predeterminado y no se usa):
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
#multi_accept on;
}
stream {
log_format dns '$remote_addr | [$time_local] | $protocol | $status | $bytes_sent | $bytes_received | $session_time | "$upstream_addr"';
access_log /var/log/nginx/access.log dns;
error_log /var/log/nginx/error.log;
upstream dns_servers {
least_conn;
server 192.168.70.80:53 fail_timeout=20s;
server 192.168.70.82:53 fail_timeout=20s;
server 192.168.70.83:53 fail_timeout=20s;
server 192.168.70.84:53 fail_timeout=20s;
}
server {
listen 53 udp;
proxy_pass dns_servers;
proxy_timeout 10m;
proxy_responses 1;
}
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format dns '[$time_local] | $remote_addr | $remote_user | $server_name $host to: $upstream_addr | '
'"$request" | $status | upstream_response_time $upstream_response_time msec '
'$msec | request_time $request_time';
access_log /var/log/nginx/access.log dns;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Esta es la primera vez que uso Nginx y no puedo entender por qué esto sigue apareciendo en mis registros. ¿Me falta alguna directiva que solucione este problema o una de mis directivas actuales está mal configurada?