AWS ALB を使用する際の nginx DNS キャッシュ

Takahiro Iwasa (岩佐 孝浩)

2021年10月29日

2 min read

ELB

Elastic Load Balancing など、異なる IP アドレスに解決する場合、 nginx の DNS キャッシュを無効にするか、 TTL を短縮する必要があります。

次の nginx.conf は、 ALB が異なる IP アドレスを返すため、適切に機能しない可能性があります。

location / {
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Server     $host;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
    proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;
}

次の nginx.conf は、適切に機能するはずです。 IP アドレスを60秒間だけキャッシュします。

docs.aws.amazon.com

Subnet CIDR blocks - Amazon Virtual Private Cloud

The IP addresses for your subnets are represented using Classless Inter-Domain Routing (CIDR) notation. The CIDR block of a subnet can be the same as the CIDR block for the VPC (to create a single subnet in the VPC), or a subset of the CIDR block for the VPC (to create multiple subnets in the VPC). If you create more than one subnet in a VPC, the CIDR blocks of the subnets cannot overlap.

10.0.0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two.

location / {
    # Added to shorten cache TTL
    resolver 192.168.0.2 valid=60s;
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Server     $host;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
    proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;
}

--- 	2021-10-28 20:09:37 +0000
+++ 	2021-10-28 20:09:37 +0000
@@ -1,4 +1,6 @@
 location / {
+    # Added to shorten cache TTL
+    resolver 192.168.0.2 valid=60s;
     proxy_set_header Host                   $host;
     proxy_set_header X-Real-IP              $remote_addr;
     proxy_set_header X-Forwarded-Host       $host;