feature request: warn when domain name resolves to several addresses

Roger Pack rogerdpack2 at gmail.com
Wed Nov 20 02:26:35 UTC 2019

On Tue, Nov 19, 2019 at 12:01 PM Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!

Hi back again :)

> On Tue, Nov 19, 2019 at 10:47:01AM -0700, Roger Pack wrote:
> > I noticed that in ngx_http_proxy_module
> >
> > proxy_pass http://localhost:8000/uri/;
> > "If a domain name resolves to several addresses, all of them will be
> > used in a round-robin fashion. In addition, an address can be
> > specified as a server group."
> >
> > However this can be confusing for end users who innocently put the
> > domain name "localhost" then find that round-robin across ipv6 and
> > ipv4 is occurring, ref:
> > https://stackoverflow.com/a/58924751/32453
> This seems to be your own answer, and it looks incorrect to me.
> In particular, the 499 error is logged when the client closes
> connection, and there is no need to have more than one backend
> server specified to see 499 errors.

True, those cases were covered in some other answers to that question,
but I'll add a note. :)
It can also be logged when the backend server times out, at least
empirically that seems to be the case...
see also https://serverfault.com/questions/523340/post-request-is-repeated-with-nginx-loadbalanced-server-status-499/783624#783624

> > https://stackoverflow.com/a/52550758/32453
> Changing "localhost" to "" here "works" because having just
> one address triggers slightly different logic in the upstream
> code: with just one address, max_fails / fail_timeout logic is
> disabled, and nginx always uses the (only) address available, even
> if there are errors.

Right.  The confusion in my mind is that people configuring Nginx will
use one backend "localhost", and assume they have set it up for a
"single server" type server group.
Since they have listed only one host.  But it has not...
See for instance https://stackoverflow.com/a/52550758

> The underlying problem is still the same though: backends cannot
> cope with the load, and there are errors.

Right.  However with the "single server" scenario this behavior is
handled differently (it doesn't exhaust the server group of available
servers and begin to return with 502's exclusively for a time, as it
did in my instance...).

Basically if, while setting it up, you happen to forward to,
it will work fine, no "periods of 502's" (though you may get some

But if you forward it to "localhost" you may be surprised one day to
discover that you are getting "periods of 502's" if any connections
timeout (> 60s) for any reason.  Since only 2 of those and your entire
server group has been exhausted.

> (And no, it's not a DNS failure - DNS is only used when nginx
> resolves the name in the proxy_pass directive while parsing
> configuration on startup.)
> > Suggestion/feature request: If a domain name resolves to several
> > addresses, log a warning in error.log file somehow, or at least in the
> > output of -T, to warn  somehow.  Then there won't be unexpected
> > round-robins occurring and "supposedly single" servers being
> > considered unavailable due to timeouts, surprising people like myself.
> Multiple addresses are fairy normal, and I don't think that
> logging a warning is a good idea.

I'm just saying...it might help somebody like me out, in the future.
There be dragons...or maybe the default error log could be configured
to make it more obvious to people what is going on?

Or possibly the "-T" output could be enhanced to add "this server
group resolves to this many total unique servers" or something.
Your call of course, regardless :)

Thanks for the helps and conversations, all the best.

-Roger Pack-

More information about the nginx mailing list