DNS resolution of the proxy_pass domain name of nginx

When using Nginx as a reverse proxy server, it is often necessary to forward requests to other servers. In Nginx configuration, the proxy_pass instruction is a key instruction used to specify the request forwarding target. However, sometimes you may encounter problems related to DNS resolution of the target server, especially when proxy_pass specifies a domain name instead of an IP address.

For example, you may see an error message similar to "upstream timed out (Connection timed out)" in the Nginx error log. This means that Nginx timed out when trying to establish a connection with the upstream server. This may be because Nginx cannot resolve the specified domain name, so it cannot determine the IP address of the upstream server,

When the Nginx configuration uses proxy_pass to specify a domain name, Nginx needs to perform DNS resolution to obtain the IP address corresponding to the domain name. By default, it will use the host and dns server configured in/etc/hosts and/etc/resolve.conf to resolve the domain name. However, if DNS resolution fails or times out, Nginx will be unable to connect to the upstream server. Another case is that the domain name resolution record has changed, but This problem also occurs when Nginx still requests the previously resolved server IP address. This problem often occurs when the host IP address is not fixed or often changes. For example, some computer rooms give dynamic IP addresses, and the ddns domain name often changes in resolution. In this case, Nginx's access to upstream servers will also be affected.

resolvent

There are several solutions to these problems:

1. Manually specify the IP address : The most direct solution is to manually write the IP address of the target server directly into the proxy_pass command instead of using the domain name. This can avoid DNS resolution problems and ensure that Nginx can connect to the upstream server correctly, but it is not suitable for the upstream domain name of ddns

    location / { proxy_pass  http://123.456.789.012 ; # Replace with the actual IP address of the upstream server }

    

2. Optimize DNS resolution : If you still want to use the domain name for reverse generation, you need to ensure that the Nginx server can correctly resolve the domain name. DNS resolution can be optimized in the following ways:
   • Use a reliable DNS server : Ensure that the Nginx server uses a reliable and stable DNS server for resolution.
   • Cache DNS records : You can reduce or increase the frequency of DNS resolution by enabling DNS cache, and improve the resolution speed, stability and timeliness. You can use the resolver instruction provided by Nginx to enable DNS cache.

      resolver <DNS_IP> valid=300s;

   The general syntax of the resolver instruction is as follows:

    resolver address ... [parameters];

   Parameters include:

   Address: The IP address of one or more DNS servers. You can specify multiple addresses. Nginx will try these addresses in order until the hostname is successfully resolved or the timeout limit is reached.

   Parameters: optional parameters, used to configure the behavior of the parser. These parameters include:

   Valid id=time: Specify the validity period of DNS resolution results. The resolution results will be considered expired after being cached for the specified time. After expiration, Nginx will request the DNS server to resolve the host name again. The time can be seconds (s), minutes (m), hours (h), etc. For example, valid id=300s means that the DNS resolution results will be considered expired after being cached for 300 seconds (5 minutes).

   Ipv6=on | off: Specifies whether IPv6 resolution is enabled. By default, Nginx attempts to resolve IPv6 addresses. When set to off, IPv6 resolution is disabled.

   Ipv6=off: IPv6 resolution is disabled.

   Incomplete=on | off: Specifies whether to continue to request the next DNS server when the DNS server does not return all available IP addresses. By default, Nginx will continue to request other DNS servers when the DNS server returns some results. When set to off, Nginx will stop requesting other DNS servers after receiving incomplete responses.

   For example, the following is a sample configuration:

    resolver 8.8.8.8 8.8.4.4 valid=300s ipv6=off;

    

   This configuration specifies that Nginx uses Google Public DNS servers (8.8.8.8 and 8.8.4.4) for DNS resolution, and caches the resolution results for 5 minutes. IPv6 resolution is disabled.

   The command resolve can be set globally in the http range, or it can be set separately in a server or even a location

3. Retry mechanism : In some cases, DNS resolution may fail due to network problems or DNS server problems. In Nginx configuration, you can configure a retry mechanism to retry when the resolution fails.

    resolver <DNS_IP> valid=300s; set $backend " http://example.com "; location / { proxy_pass $backend; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; }

   This mechanism can only work when example.com corresponds to multiple IP addresses.

   When configuring the resolver command, Nginx will request the specified DNS server to resolve the IP address corresponding to the host name. If the host name has multiple IP addresses, Nginx will try to connect one of these IP addresses in order. If the connection to the first IP address fails, Nginx will try to connect to the next IP address, and so on, until the connection is successful or all IP addresses fail.

   In this case, if the proxy_next_upstream command configures to skip the current server when encountering an error, then when Nginx cannot connect to the first IP address, it will try to connect to the next IP address. This mechanism can increase the reliability of the system. Even if one of the IP addresses is unavailable, Nginx can still try to connect to other available IP addresses to ensure the continuity of the service.