How does the Nginx resolver handle failures?

cn flag

I am using the Nginx resolver directive to implement an SNI forwarding proxy where Nginx inspects the TLS ClientHello header to retrieve the upstream host and then dynamically resolves the upstream address to forward the request onto.

The resolver documentation says that it'll cache DNS responses using the TTL by default, or using the valid parameter if specified.

Once Nginx has cached the DNS response for a particular upstream host and the cache expires, how does Nginx behave for the next request that requires resolution of the same host if DNS resolution fails?

Will the request simply fail if DNS resolution fails, or can Nginx use a stale response in the cache? Is there a difference in behaviour when specifying the valid parameter?

My goal here is to avoid downtime if DNS goes down temporarily and to improve latency by performing DNS resolution asynchronously (as is supported by Envoy). For example, if the DNS TTL is 300 seconds and the valid parameter is set to 60s, will DNS resolution get 5 failed attempts before an incoming request is failed?

Note that I am setting proxy_pass to a variable to make sure that Nginx re-resolves upstreams:

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.