Hardcoding a nameserver IP address

I need to hardcode a nameserver IP address into a config file, unfortunately. I see that our instances have their nameservers set to (presumably via dhcp), but hoping to get a sense of how stable that is, or if there’s a more general/reliable/static address we could or should be pointing to.

That IP is specific to the VPC in which you’re deployed, and automatically configured by AWS

Do you want any nameserver, or a specific nameserver?

The IP you mention should not change, per environment, unless we migrate that environment to a different VPC, which is something we would only do for major release versions of our backend system

any nameserver is fine (since it’ll be calling back to our authoritative nameservers anyway), but avoiding excess latency is always nice. Sounds like we’d probably have a reasonable heads-up if that IP were to change…

Yes, we’d definitely give a heads-up.

Can you tell me a little more about how this nameserver will be used, so I make sure i’m giving you the right recommendation?

Sure. Varnish (which handles about 40% of our overall traffic) no longer supports DNS round-robin backend definitions, though it used to. Instead, it basically needs an IP for a backend. So we run an nginx process on the same instance that is basically just a proxy_pass directive to the hostname of the ELB in front of our app containers.

Even though I don’t necessarily expect this to be the real solution to the problem, we seem to get occasional 502s, I believe from that nginx process, and I’m just bolstering down some of the config there Ð and part of it is defining a resolver so we can limit the caching of the backend’s hostname.

Hmm, apparently, to take advantage of proxy_pass support for changing DNS, you need to:

  1. explicitly define resolver
  2. make sure the argument passed to proxy_pass includes a variable.

Otherwise, it just resolves the hostname at runtime and holds onto it until a restart.

oh huh. that’s definitely unusual…

Getting off-topic, but germane to the use case. We do exactly the same thing, and have for about a year now.

That nginx instance behind Varnish is actually one of the banes of my existence. It usually works fine, but after a deploy, occasionally will lose the ability to resolve the main app ELB (it sounds like we have the pipeline configured about the same as you), and we get 502s. A restart of the varnish instance kicks things back into shape, but there’s a bit of scramble and hustle each time.

Would love to share config/strategies for this (perhaps a separate thread is best). I could have sworn I saw a post a few weeks ago about a future Varnish change allowing for DNS-driven backends (which would allow us to just get rid of nginx), but I haven’t been able to find it since.