39

I am using nginx as a reverse_proxy server with ELB. I am looking for explanation regarding the resolver value I set in the nginx.conf file. My nginx.conf:

http {  
   ...

   resolver x.x.x.x valid=30s;

   ...
}

server {

   ...

   set $elb "example.com";

location / { 
    ...

    rewrite ^/(.*) $1 break;
    proxy_pass http://$elb/$1?$args; 

    ...
   }
   ...    
}

I followed this - https://www.ruby-forum.com/topic/6816375#1166569 and set /etc/resolv.conf value as the resolver value and it works fine. What is standing behind this?

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
guyyug
  • 897
  • 1
  • 11
  • 23

2 Answers2

37

The nginx resolver directive is required because the system resolver blocks. Nginx is a multiplexing server (many connections in one OS process), so each call of system resolver will stop processing all connections till the resolver answer is received. That's why Nginx implemented its own internal non-blocking resolver.

If your config file has static DNS names (not generated), and you do not care about track IP changes without nginx reload, you don't need nginx's resolver. In this case all DNS names will be resolved on startup.

Nginx's resolver should be used, if you want to resolve domain name in runtime without nginx reload.

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
Dmitry MiksIr
  • 4,245
  • 1
  • 18
  • 29
  • Thanks @Terra, I am using dynamic DNS name (ELB), so I do need to track IP changes. Is using /etc/resolv.conf nameserver value is a proper solution? – guyyug Oct 30 '16 at 17:04
  • Yes, you can use any DNS servers including listed in resolve.conf – Dmitry MiksIr Oct 31 '16 at 00:18
  • Well, not "any", don't use public DNS. There is some security issues atm. Better to use local DNS resolver. – Dmitry MiksIr Oct 31 '16 at 00:25
  • We use a resolver simply because NGINX does not work without one. Also, when DNS changes we still have to restart NGINX. – Marc Jan 28 '22 at 09:10
  • Does NGINX Resolver require "Plus"? – A X Jul 11 '22 at 17:34
  • @AX there is two resolve directives. The one in upstream block is "Plus", but common directive is free. So if you are using upstream, you need a "Plus", but for proxy_pass use normal nginx enough – Dmitry MiksIr Jul 16 '22 at 19:38
  • @DmitryMiksIr Is it possible to use route 53 record created for DNS IP in nginx config as resolver instead of hardcoding DNS IP? e.g., resolver http://dns-router.cloudprovider.com which is route53 record for DNS IP – user923499 Dec 12 '22 at 14:54
  • @user923499 "The address can be specified as a domain name or IP address" from nginx doc so yes, you can use domain name – Dmitry MiksIr Dec 13 '22 at 15:18
24

Nginx resolver directive is critical to any AWS environment that relies on ELB and proxy_pass. Here is the post that I wrote recently describing problem and solutions to the static DNS caching by opensource nginx:

Nginx resolver explained and how to deal with changing IPs

Basically it will boil down to following config for simple case:

server {
  listen        80;
  server_name   example.com;

  location / {

    resolver 172.16.0.23;

    set $upstream_endpoint http://service-999999.eu-west-2.elb.amazonaws.com;

    proxy_pass $upstream_endpoint$request_uri;
  }
}
gansbrest
  • 789
  • 1
  • 8
  • 11
  • 41
    The webpage you linked annoyingly redirects to a page with some advertising with pictures of the Matrix. – void.pointer Nov 03 '18 at 15:24
  • 6
    It's a JS popover on the same page. There's a close button at the top right edge of the text box. – NReilingh Jul 19 '19 at 00:09
  • 22
    The usability of that link is bad enough that it damages the quality of this answer. I would propose removing the link or replacing with something that's readable. – John Snow Sep 05 '19 at 15:49
  • will there be any performance impact with using the resolver directive? As now each time after valid time, a DNS lookup will happen. – Atishay Baid Nov 11 '20 at 03:04
  • 6
    The answer on the (annoying) posted link seem to be mostly copied from https://www.jethrocarr.com/2013/11/02/nginx-reverse-proxies-and-dns-resolution/ (which has no annoying popups) – George Y. May 03 '21 at 23:08
  • 2
    Another blog post on this topic: https://tenzer.dk/nginx-with-dynamic-upstreams/ – Spenhouet Aug 26 '21 at 06:22
  • These answers suggest a configuring a single-point-of-failure resolver, which is particularly peculiar since we're talking about robustness. Can you specify multiple resolvers for fallback in case the resolver is unresponsive? – BobDoolittle Sep 21 '21 at 18:35
  • @BobDoolittle You can with nginx >= 1.1.7: `Before version 1.1.7, only a single name server could be configured` http://nginx.org/en/docs/http/ngx_http_core_module.html#:~:text=Before%20version%201.1.7%2C%20only%20a%20single%20name%20server%20could%20be%20configured – dtk Jan 10 '22 at 14:02