A question about resolving AWS ELB domain name

Hi, Kong guys

I’m using nginx as my api gateway currently, now I plan to switch to KONG. But I have a issue in nginx, I don’t know whether KONG can resolve it.

I’m using AWS ELB as upstream, ELB is a CNAME, it dynamically points to some IPS, sometimes it will change. So when it changes, api gateway will pass request to the wrong ip. So we need to add resolver into nginx config file. Like the following.

resolver valid=60s ipv6=off;

But it’s not enough, you still need to change upstreams to variable, otherwise it will resolve domain name once only at the first.

    location /2017-09-18 {
        #proxy_pass          http://internal-elb.us-west-2.elb.amazonaws.com:6000/2017-09-18;
        set $foo_host       http://internal-elb.us-west-2.elb.amazonaws.com:6000;
        proxy_pass          $foo_host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

I don’t whether this is a bug in nginx. But I want to know if this happen in KONG also? Or how does it work in KONG when I set a AWS ELB as upstream?



1 Like

This is a normal behavior of nginx. It uses the system resolver in init if you hardcode hostnames in there, and caches the result indefinitely as an optimization. To use the nginx resolver (which respects TTLs), you need to use variables as you did.

Kong implements it own DNS resolver in Lua (which also resolves SRV records whichever the open source nginx one does not), and as such is closer to the second scenario I described, although with Kong you almost never touch the nginx.conf file directly like this.

Extending the above question, I have seen cases where if we mention aws elb dns name in upstream’s Targets, it resulted in :

{"message":"failure to get a peer from the ring-balancer"}

Because aws elb names resolve to different ips at random times and it looks like ring-balancer is not able to fully deal with it. Hence its recommended to use ips of the machines in the Targets and not load balanacer names (as per https://docs.konghq.com/0.12.x/loadbalancing/#balancing-caveats). Is my understanding right ? But mentioning ips of the machines is not a scalable approach. Can you recommend an alternative ?