Forum: NGINX DNS TTLs being ignored

E8a38beaaa93f4f24ce70178bc335830?d=identicon&s=25 Noah Cantor (Guest)
on 2011-10-28 16:31
(Received via mailing list)
I have recently come across several related issues which I have tracked
down
to nginx and the way it handles DNS.
I run nginx as a proxy for several back end services. It works really
well,
except for 1 thing.
My proxy_pass refers to an upstream which points to a DNS entry.
That DNS entry is a CNAME with a TTL of 60 seconds.
Nginx doesn't appear to be honoring that TTL. This has happened twice
now.
My upstream DNS information has changed, pointing to a new IP address.
Instead of recovering withing 1 minute (which would happen if TTLs were
being honored), I have had to restart nginx.
When I searched for it, I found that nginx doesn't appear to honor TTLs,
at
all (http://www.ruby-forum.com/topic/2657341).

What I'm hoping to find out, is why?
Why does nginx cache DNS entries, instead of referring to the operating
system? The OS has DNS handling built in. It respects TTLs, and it works
perfectly. Nginx, on the other hand, is effectively broken as a load
balancer, since upstreams might change IP addresses at any time (which
is
why we're using DNS names, instead of IP addresses.

Thanks,
Noah
01d109477433f1725357f49c29267615?d=identicon&s=25 Andrew Alexeev (Guest)
on 2011-10-28 16:51
(Received via mailing list)
Noah,

Right, thanks for your observation. It really took a while, but we're
actually about to fix this one shortly.
88e090e381e572cee79ee5f553abb006?d=identicon&s=25 Noah C. (noah_c)
on 2011-11-03 10:46
Thanks for the reply Andrew. Do you have any idea when it's likely to be
generally available? This is a pretty big nuisance for us, and I'd like
to be able to figure out if I need to look at using a new reverse proxy,
at least for the time being.

--Noah
01d109477433f1725357f49c29267615?d=identicon&s=25 Andrew Alexeev (Guest)
on 2011-11-03 10:51
(Received via mailing list)
Noah,

This fix/improvement be introduced in 1.1.8 which will come out around
Nov 14.

Hope this helps
01d109477433f1725357f49c29267615?d=identicon&s=25 Andrew Alexeev (Guest)
on 2011-11-15 10:50
(Received via mailing list)
On Nov 3, 2011, at 1:50 PM, Andrew Alexeev wrote:

> Noah,
>
> This fix/improvement be introduced in 1.1.8 which will come out around Nov 14.

Apologies, it didn't get in either 1.1.8 (yesterday) or 1.1.10 (today).
It's almost ready and would hopefully get into the next dev and stable
releases in a couple of weeks.
01d109477433f1725357f49c29267615?d=identicon&s=25 Andrew Alexeev (Guest)
on 2011-11-16 15:01
(Received via mailing list)
On Nov 15, 2011, at 1:50 PM, Andrew Alexeev wrote:

> On Nov 3, 2011, at 1:50 PM, Andrew Alexeev wrote:
>
>> Noah,
>>
>> This fix/improvement be introduced in 1.1.8 which will come out around Nov 14.
>
> Apologies, it didn't get in either 1.1.8 (yesterday) or 1.1.10 (today). It's
almost ready and would hopefully get into the next dev and stable releases in a
couple of weeks.

Jfyi, it went committed today

http://mailman.nginx.org/pipermail/nginx-devel/201...
http://nginx.org/en/docs/http/ngx_http_core_module...

and will be included in 1.1.9.
88e090e381e572cee79ee5f553abb006?d=identicon&s=25 Noah C. (noah_c)
on 2011-11-18 15:27
That's great news. Thank you very much. I'll be sure to get hold of it
as soon as 1.1.9 is released.

--Noah
34011bc56457235a2caa5ed1d4a29f3c?d=identicon&s=25 Jonathan Matthews (Guest)
on 2012-02-06 16:03
(Received via mailing list)
On 16 November 2011 14:00, Andrew Alexeev <andrew@nginx.com> wrote:
> Jfyi, it went committed today
>
> http://mailman.nginx.org/pipermail/nginx-devel/201...
> http://nginx.org/en/docs/http/ngx_http_core_module...
>
> and will be included in 1.1.9.

You mentioned it'd be in stable at some point.
I can't find it in any subsequent 1.0.x announcement - could you
clarify the status of this feature in stable please?

Many thanks,
Jonathan
--
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2012-02-06 16:13
(Received via mailing list)
Hello!

On Mon, Feb 06, 2012 at 03:03:14PM +0000, Jonathan Matthews wrote:

> >
> > Jfyi, it went committed today
> >
> > http://mailman.nginx.org/pipermail/nginx-devel/201...
> > http://nginx.org/en/docs/http/ngx_http_core_module...
> >
> > and will be included in 1.1.9.
>
> You mentioned it'd be in stable at some point.
> I can't find it in any subsequent 1.0.x announcement - could you
> clarify the status of this feature in stable please?

It's not in 1.0.x, and probably won't be.  The 1.1.x branch is
expected to become stable in near future.

Maxim Dounin
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.