How to Configure nginx for Dynamic IPs with AWS Elastic Load Balancer

Takahiro Iwasa

Oct 29, 2021

2 min read

ELB

It has been more than 3 years since this post was published.

Introduction

When using AWS Elastic Load Balancer (ELB) or similar services that resolve to dynamic IP addresses, it’s crucial to properly configure nginx to manage DNS cache. Failing to address this can lead to issues as nginx may continue using outdated IPs. This guide explains how to manage nginx’s DNS cache behavior and reduce its TTL for better compatibility.

Why DNS Cache Matters

Elastic Load Balancers often return different IP addresses for the same DNS name, making DNS caching problematic. By default, nginx caches DNS resolutions indefinitely, which can cause it to direct traffic to stale IPs.

Common nginx Configuration and DNS Cache Issues

The following nginx.conf demonstrates a standard setup that does not account for DNS caching. This configuration will fail when the ELB changes its IP addresses.

location / {
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Server     $host;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
    proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;
}

This issue arises because nginx retains the resolved IP indefinitely, even when the DNS resolves to new IPs.

Adjusting nginx Configuration to Shorten DNS Cache TTL

To address this, you can explicitly define a DNS resolver with a shortened cache TTL. The following example demonstrates a corrected nginx.conf:

location / {
    # Added to shorten cache TTL
    resolver 192.168.0.2 valid=60s;
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Server     $host;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
    proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;
}

Key Details

resolver directive: Specifies the DNS server, such as the reserved VPC DNS IP (192.168.0.2).
- The IP address of the DNS server for each VPC is the base of the VPC network range plus two.
valid=60s: Limits the TTL of cached DNS responses to 60 seconds, ensuring nginx frequently resolves fresh IPs.

AWS reserves the DNS IP for each VPC. For more details, see the AWS Documentation on Subnet Sizing.

Conclusion

When using load balancers like AWS ELB that resolve to dynamic IPs, configuring nginx to reduce its DNS cache TTL is essential for reliable performance. The solution involves using the resolver directive with a short TTL, ensuring nginx consistently retrieves up-to-date DNS records.

By following the recommendations in this guide, you can avoid common pitfalls and ensure seamless integration between nginx and your load balancer.

Happy Coding! 🚀