Nginx + dnsmasq = 'could not be resolved (5: Operation refused)'

Question

I'm trying to set up a django site using docker, nginx and uwsgi: I have a nginx docker container working as a reverse proxy (called ceca-nginx-proxy) where dnsmasq is running and another nginx (ceca-nginx) container that communicates with an uwsgi container (ceca-uwsgi), I can connect using curl (with curl --resolve http://test.ceca.com http://172.17.0.7) to the ceca-nginx container and I get the django site running in the ceca-uwsgi container, the problem is when I want to get the site via ceca-nginx-proxy: I'm getting this error in my ceca-nginx-proxy error log:

ceca-nginx could not be resolved (5: Operation refused), client: 172.17.0.1, server: *.ceca.com, request: "GET / HTTP/1.1", host: "172.17.0.8"

• 172.17.0.1 is the docker ip assigned
• *.ceca.com is the server_name defined in the ceca-nginx-proxy's nginx config
• 172.17.0.8 is the ceca-nginx-proxy ip

• The server block of ceca-nginx-proxy reverse proxy is:

  server {
      listen 80;
      server_name *.ceca.com;
      error_log   /tmp/proxy_error_nginx.log warn;
      access_log  /tmp/proxy_access_nginx.log;
  
      location / {
          set $example ceca-nginx;
          resolver 127.0.0.1;
          proxy_pass http://$example;
      }
  } 
  

  And I'm running dnsmasq in the same machine to resolve hostnames in /etc/hosts (hostnames from docker linked containers) like this:

  dnsmasq -q -8 /tmp/dnsmasq.log --port 53 -R -u root
  

  For what I see in dnsmasq.log, the hostname is resolving ok [1] but nginx is complaining and returning a "502 Bad Gateway" page. If anyone can help me with this, I'll be eternally grateful and buy lots of beer and fernet if we met.

  [1]
  
  Jun  6 21:39:47 dnsmasq[321]: query[A] ceca-nginx from 127.0.0.1
  Jun  6 21:39:48 dnsmasq[321]: /etc/hosts ceca-nginx is 172.17.0.7
  Jun  6 21:39:48 dnsmasq[321]: query[AAAA] ceca-nginx from 127.0.0.1
  

Answer 1

Your problem seems to be related to Nginx resolver directive configuration. By default, Nginx will try to resolve both IPv4 and IPV6 addresses. It will pick up first response from DNS server (dnsmasq in your case), cache it and fall down with an exception Operation refused, as it couldn't resolve DNS name to IPv6 address. The solution is add ipv6=off to your resolver directive, so it should look like this:

...
resolver 127.0.0.1 ipv6=off;
...

This will force Nginx to stop resolving DNS records to IPv6.