How do I disable DNS Caching and DNS Reverse Lookup in Nginx ?

Sun Dec 29 18:08:18 UTC 2013

Hello all

Ive been assigned a task to set up an ipv6 to ipv4 reverse proxy for my
company. I decided to use nginx to do the job. I found the following article
online which describes how to configure nginx as a reverse proxy :

http://www.kutukupret.com/2011/05/02/nginx-as-reverse-proxy-ipv6-to-ipv4-website/

So this is how i set up my reverse proxy. First off I installed RHEL 6.5 on
a VM and installed nginx on it. Second off I set up an AAAA record in our
DNS as a test FQDN so that I could use that FQDN to connect through the
proxy to an IPV4 website. For example, the FQDN is ipv6.mycoolsite.com and
the IPv4 website is www.yourcoolsite.com. I set up the default.conf file as
such:

<quote>

server {
    listen      [::]:80 default ipv6only=on;
    server_name  ipv6.mycoolsite.com;

    #charset koi8-r;
    access_log /var/log/nginx/log/ipv6.mycoolsite.com.access.log  main;
    error_log  /var/log/nginx/log/ipv6.mycoolsite.com.error.log;
    location / {
       # root   /usr/share/nginx/html;
       # index  index.html index.htm;
    proxy_pass    http://www.yourcoolsite.com;
    proxy_redirect   default;
    proxy_set_header   X-Real-Host        $host;
    proxy_set_header   X-Real-IP   $remote_addr;
    proxy_set_header   X-Forwarded-Host   $host;
    proxy_set_header   X-Forwarded-Server $host;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_read_timeout 120;

        }

    }

</quote>

Here are the issues that I am currently having:

When I run the nginx service and I test the FQDN on an ipv6 enabled
computer, I am able to access the IPV4 website www.yourcoolsite.com. But
when I change the proxy_pass FQDN to a different IPV4 website in the config
file and reload the service, ipv6.mycoolsite.com still connects to
www.yourcoolsite.com and not to the new IPV4 FQDN. I think its loading a
cached copy of www.yourcoolsite.com instead of loading the new IPV4 FQDN.
When it finallly does load the new site, it does so REALLY slowly. I think
this is due to reverse DNS lookup occuring!

Now what I am trying to figure out here is what is causing the caching to
occur and the slow loading times? How do I go about disabling DNS caching as
well as the reverse DNS lookup? I want to be able to connect the IPV4
website specified in the default.conf file when ever I change the file and
reload the service. I dont want to connect to a cached copy of the previous
IPV4 entry ! 

any help will be greatly appreciated!!

Oh and when I check the access logs after I test the proxy, this is what I
see:

<quote>
 - - [29/Dec/2013:01:31:13 -0500] "GET
/commonspot/javascript/lightbox/window_ref.js HTTP/1.1" 200 11198
"http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:13 -0500] "GET /commonspot/javascript/util.js
HTTP/1.1" 200 64891 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux
i686; rv:17.0) Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:13 -0500] "GET
/commonspot/javascript/lightbox/lightbox.js HTTP/1.1" 200 59730
"http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET
/global/images/chrome/logos/slogan.png HTTP/1.1" 404 8839
"http://ipv6.mycoolsite.com/global/css/style.css" "Mozilla/5.0 (X11; Linux
i686; rv:17.0) Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET
/common/commonspot/templates/images/chrome/bg/results-bottom.png HTTP/1.1"
200 669 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686;
rv:17.0) Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec5.jpg HTTP/1.1" 404
8849 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec1.jpg HTTP/1.1" 404
8840 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec2.jpg HTTP/1.1" 404
8847 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec4.jpg HTTP/1.1" 404
8850 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
 - - [29/Dec/2013:01:32:08 -0500] "GET /images/2013Dec3.jpg HTTP/1.1" 404
8842 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
</quote>

Why am I getting a 404 response in the log entry?

Also here is the error log

<quote>

2013/12/27 13:13:01 [error] 6138#0: *248 upstream timed out (110: Connection
timed out) while connecting to upstream, client: xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: "GET
/commonspot/javascript/lightbox/lightbox.js HTTP/1.1", upstream:
"http://[2001:1900:2302:2000::ff]:80/commonspot/javascript/lightbox/lightbox.js",
host: "ipv6.mycoolsite.com", referrer:
"http://ipv6.mycoolsite.com/index.htm"
2013/12/27 13:43:08 [error] 6138#0: *276 upstream timed out (110: Connection
timed out) while connecting to upstream, client: xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: "GET /index.htm HTTP/1.1", upstream:
"http://[2001:1900:2302:2000::ff]:80/index.htm", host:
"ipv6.mycoolsite.com"
2013/12/29 01:14:03 [error] 13140#0: *402 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/validation-engine.css HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/validation-engine.css",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:03 [error] 13140#0: *406 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/jquery.scrollTo-min.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/jquery.scrollTo-min.js", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:03 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/always-include-ie.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/always-include-ie.js",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:04 [error] 13140#0: *404 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec2.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec2.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:04 [error] 13140#0: *408 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec4.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec4.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:15:34 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/css/colorbox.css HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/css/colorbox.css", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:25:57 [error] 13140#0: *472 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/intercept-include.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/intercept-include.js",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:32:07 [error] 13140#0: *510 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec3.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec3.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"

</quote>

I had to blank out the IPV6 address for privacy's sake. Also i have no idea
how to paste code properly in mailing lists! lol

Sorry I am a bit new web servers so any help will be greatly appreciated!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245904,245904#msg-245904