How do I disable DNS Caching and DNS Reverse Lookup in Nginx ?
linuxr00lz2013
nginx-forum at nginx.us
Sun Dec 29 18:08:18 UTC 2013
Hello all
Ive been assigned a task to set up an ipv6 to ipv4 reverse proxy for my
company. I decided to use nginx to do the job. I found the following article
online which describes how to configure nginx as a reverse proxy :
http://www.kutukupret.com/2011/05/02/nginx-as-reverse-proxy-ipv6-to-ipv4-website/
So this is how i set up my reverse proxy. First off I installed RHEL 6.5 on
a VM and installed nginx on it. Second off I set up an AAAA record in our
DNS as a test FQDN so that I could use that FQDN to connect through the
proxy to an IPV4 website. For example, the FQDN is ipv6.mycoolsite.com and
the IPv4 website is www.yourcoolsite.com. I set up the default.conf file as
such:
<quote>
server {
listen [::]:80 default ipv6only=on;
server_name ipv6.mycoolsite.com;
#charset koi8-r;
access_log /var/log/nginx/log/ipv6.mycoolsite.com.access.log main;
error_log /var/log/nginx/log/ipv6.mycoolsite.com.error.log;
location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
proxy_pass http://www.yourcoolsite.com;
proxy_redirect default;
proxy_set_header X-Real-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 120;
}
}
</quote>
Here are the issues that I am currently having:
When I run the nginx service and I test the FQDN on an ipv6 enabled
computer, I am able to access the IPV4 website www.yourcoolsite.com. But
when I change the proxy_pass FQDN to a different IPV4 website in the config
file and reload the service, ipv6.mycoolsite.com still connects to
www.yourcoolsite.com and not to the new IPV4 FQDN. I think its loading a
cached copy of www.yourcoolsite.com instead of loading the new IPV4 FQDN.
When it finallly does load the new site, it does so REALLY slowly. I think
this is due to reverse DNS lookup occuring!
Now what I am trying to figure out here is what is causing the caching to
occur and the slow loading times? How do I go about disabling DNS caching as
well as the reverse DNS lookup? I want to be able to connect the IPV4
website specified in the default.conf file when ever I change the file and
reload the service. I dont want to connect to a cached copy of the previous
IPV4 entry !
any help will be greatly appreciated!!
Oh and when I check the access logs after I test the proxy, this is what I
see:
<quote>
- - [29/Dec/2013:01:31:13 -0500] "GET
/commonspot/javascript/lightbox/window_ref.js HTTP/1.1" 200 11198
"http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:13 -0500] "GET /commonspot/javascript/util.js
HTTP/1.1" 200 64891 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux
i686; rv:17.0) Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:13 -0500] "GET
/commonspot/javascript/lightbox/lightbox.js HTTP/1.1" 200 59730
"http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET
/global/images/chrome/logos/slogan.png HTTP/1.1" 404 8839
"http://ipv6.mycoolsite.com/global/css/style.css" "Mozilla/5.0 (X11; Linux
i686; rv:17.0) Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET
/common/commonspot/templates/images/chrome/bg/results-bottom.png HTTP/1.1"
200 669 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686;
rv:17.0) Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec5.jpg HTTP/1.1" 404
8849 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec1.jpg HTTP/1.1" 404
8840 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec2.jpg HTTP/1.1" 404
8847 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:31:14 -0500] "GET /images/2013Dec4.jpg HTTP/1.1" 404
8850 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
- - [29/Dec/2013:01:32:08 -0500] "GET /images/2013Dec3.jpg HTTP/1.1" 404
8842 "http://ipv6.mycoolsite.com/" "Mozilla/5.0 (X11; Linux i686; rv:17.0)
Gecko/20131023 Firefox/17.0" "-"
</quote>
Why am I getting a 404 response in the log entry?
Also here is the error log
<quote>
2013/12/27 13:13:01 [error] 6138#0: *248 upstream timed out (110: Connection
timed out) while connecting to upstream, client: xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: "GET
/commonspot/javascript/lightbox/lightbox.js HTTP/1.1", upstream:
"http://[2001:1900:2302:2000::ff]:80/commonspot/javascript/lightbox/lightbox.js",
host: "ipv6.mycoolsite.com", referrer:
"http://ipv6.mycoolsite.com/index.htm"
2013/12/27 13:43:08 [error] 6138#0: *276 upstream timed out (110: Connection
timed out) while connecting to upstream, client: xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: "GET /index.htm HTTP/1.1", upstream:
"http://[2001:1900:2302:2000::ff]:80/index.htm", host:
"ipv6.mycoolsite.com"
2013/12/29 01:14:03 [error] 13140#0: *402 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/validation-engine.css HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/validation-engine.css",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:03 [error] 13140#0: *406 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/jquery.scrollTo-min.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/jquery.scrollTo-min.js", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:03 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/always-include-ie.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/always-include-ie.js",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:04 [error] 13140#0: *404 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec2.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec2.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:14:04 [error] 13140#0: *408 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec4.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec4.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:15:34 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/css/colorbox.css HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/css/colorbox.css", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:25:57 [error] 13140#0: *472 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/global/js/libs/intercept-include.js HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/global/js/libs/intercept-include.js",
host: "ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
2013/12/29 01:32:07 [error] 13140#0: *510 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: "GET
/images/2013Dec3.jpg HTTP/1.1", upstream:
"http://[2001:1900:2300:1::ff]:80/images/2013Dec3.jpg", host:
"ipv6.mycoolsite.com", referrer: "http://ipv6.mycoolsite.com/"
</quote>
I had to blank out the IPV6 address for privacy's sake. Also i have no idea
how to paste code properly in mailing lists! lol
Sorry I am a bit new web servers so any help will be greatly appreciated!
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245904,245904#msg-245904
More information about the nginx
mailing list