DNS resolution of the proxy_pass domain name of nginx

February 20, 2024 314 point heat 0 likes 0 comments

When using Nginx as a reverse proxy server, it is often necessary to forward requests to other servers. In Nginx configuration, the proxy_pass instruction is a key instruction used to specify the request forwarding target. However, sometimes you may encounter problems related to DNS resolution of the target server, especially when proxy_pass specifies a domain name instead of an IP address.

For example, you may see an error message similar to "upstream timed out (Connection timed out)" in the Nginx error log. This means that Nginx timed out when trying to establish a connection with the upstream server. This may be because Nginx cannot resolve the specified domain name, so it cannot determine the IP address of the upstream server,

When the Nginx configuration uses proxy_pass to specify a domain name, Nginx needs to perform DNS resolution to obtain the IP address corresponding to the domain name. By default, it will use the host and dns server configured in/etc/hosts and/etc/resolve.conf to resolve the domain name. However, if DNS resolution fails or times out, Nginx will be unable to connect to the upstream server, Another situation is that the domain name resolution record has changed, but Nginx still requests the previously resolved server IP, which also causes this problem. This problem often occurs when the host IP is not fixed or often sends changes. For example, some computer rooms give dynamic IP, and the ddns domain name often changes. In this case, It also affects Nginx's access to upstream servers.


There are several solutions to these problems:

  1. Manually specify the IP address : The most direct solution is to manually write the IP address of the target server directly into the proxy_pass command instead of using the domain name. This can avoid DNS resolution problems and ensure that Nginx can connect to the upstream server correctly, but it is not suitable for the upstream domain name of ddns
     location / { proxy_pass  http://123.456.789.012 ; #  Replace with the actual IP address of the upstream server }


  2. Optimize DNS resolution : If you still want to use the domain name for reverse generation, you need to ensure that the Nginx server can correctly resolve the domain name. DNS resolution can be optimized in the following ways:
    • Use a reliable DNS server : Ensure that the Nginx server uses a reliable and stable DNS server for resolution.
    • Cache DNS records : You can reduce or increase the frequency of DNS resolution by enabling DNS cache, and improve the resolution speed, stability and timeliness. You can use the resolver instruction provided by Nginx to enable DNS cache.
       resolver <DNS_IP> valid=300s;

    The general syntax of the resolver instruction is as follows:

     resolver address ...  [parameters];

    Parameters include:

    Address: The IP address of one or more DNS servers. You can specify multiple addresses. Nginx will try these addresses in order until the hostname is successfully resolved or the timeout limit is reached.

    Parameters: optional parameters, used to configure the behavior of the parser. These parameters include:

    Valid id=time: Specify the validity period of DNS resolution results. The resolution results will be considered expired after being cached for the specified time. After expiration, Nginx will request the DNS server to resolve the host name again. The time can be seconds (s), minutes (m), hours (h), etc. For example, valid id=300s means that the DNS resolution results will be considered expired after being cached for 300 seconds (5 minutes).

    Ipv6=on | off: Specifies whether IPv6 resolution is enabled. By default, Nginx attempts to resolve IPv6 addresses. When set to off, IPv6 resolution is disabled.

    Ipv6=off: IPv6 resolution is disabled.

    Incomplete=on | off: Specifies whether to continue to request the next DNS server when the DNS server does not return all available IP addresses. By default, Nginx will continue to request other DNS servers when the DNS server returns some results. When set to off, Nginx will stop requesting other DNS servers after receiving incomplete responses.

    For example, the following is a sample configuration:

     resolver valid=300s ipv6=off;


    This configuration specifies that Nginx uses Google Public DNS servers ( and for DNS resolution, and caches the resolution results for 5 minutes. IPv6 resolution is disabled.

    The command resolve can be set globally in the http range, or it can be set separately in a server or even a location

  3. Retry mechanism : In some cases, DNS resolution may fail due to network problems or DNS server problems. In Nginx configuration, you can configure a retry mechanism to retry when the resolution fails.
     resolver <DNS_IP> valid=300s; set $backend " http://example.com "; location / { proxy_pass $backend; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; }

    This mechanism can only work when example.com corresponds to multiple IP addresses.

    When configuring the resolver command, Nginx will request the specified DNS server to resolve the IP address corresponding to the host name. If the host name has multiple IP addresses, Nginx will try to connect one of these IP addresses in order. If the connection to the first IP address fails, Nginx will try to connect to the next IP address, and so on, until the connection is successful or all IP addresses fail.

    In this case, if the proxy_next_upstream command configures to skip the current server when encountering an error, then when Nginx cannot connect to the first IP address, it will try to connect to the next IP address. This mechanism can increase the reliability of the system. Even if one of the IP addresses is unavailable, Nginx can still try to connect to other available IP addresses to ensure the continuity of the service.



If life is just like the first sight, what is the sad autumn wind painting fan

Article comments