I am using the Nginx resolver directive to implement an SNI forwarding proxy where Nginx inspects the TLS ClientHello header to retrieve the upstream host and then dynamically resolves the upstream address to forward the request onto.
The resolver documentation says that it'll cache DNS responses using the TTL by default, or using the valid parameter if specified.
Once Nginx has cached the DNS response for a particular upstream host and the cache expires, how does Nginx behave for the next request that requires resolution of the same host if DNS resolution fails?
Will the request simply fail if DNS resolution fails, or can Nginx use a stale response in the cache? Is there a difference in behaviour when specifying the valid parameter?
My goal here is to avoid downtime if DNS goes down temporarily and to improve latency by performing DNS resolution asynchronously (as is supported by Envoy). For example, if the DNS TTL is 300 seconds and the valid parameter is set to 60s, will DNS resolution get 5 failed attempts before an incoming request is failed?
Note that I am setting proxy_pass to a variable to make sure that Nginx re-resolves upstreams: https://serverfault.com/a/1010519/405056
