Howto force Nginx resolver to use new source UDP port
jeanpaul
nginx-forum at forum.nginx.org
Thu Nov 17 10:17:06 UTC 2022
We're using Nginx as ingress controller in a Kubernetes environment. Nginx
uses a DNS service inside k8s with 1 single service-IP and multiple DNS PODs
behind that.
The translation from service-IP to any of the multiple DNS PODs is done via
DNAT rules.
The problem:
- Nginx establishes an UDP 'connection' on for example localIP 1.1.1.1
source-port 12345 towards serviceIP 1.2.3.4
- DNAT translates this as sourceport 12345 towards any DNS-POD; for example
2.3.4.5:53
- If DNS-POD 2.3.4.5 terminates Nginx is not aware of this because of the
'connection' towards serviceIP 1.2.3.4
- Nginx will send all future DNS request using the same tuple of
serviceIP:sourcePort, so 1.1.1.1:12345 -> 1.2.3.4:53
- This will result in a timeout because the destination POD isn't there
anymore
Is it possible to force Nginx to use different source UDP ports every X
seconds, of after a timeout?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295794,295794#msg-295794
More information about the nginx
mailing list