DNS Loadbalancing using Nginx
With latest release, Nginx introduces the ability to reverse proxy and load balance UDP traffic. As you know DNS uses UDP protocol, so we can configure Nginx as a loadbalancer for DNS servers to ensure high availability. In this article we will explain how to setup dns loadbalancing using nginx.
Nginx implements Layer 4 load balancing in the Stream module, so UDP and TCP load balancing is configured in the stream block as shown in the following snippet .
Add this snippet directly inside “nginx.conf” file
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | stream { upstream dns_servers { server 192.168.2.21:53; server 192.168.2.22:53; } server { listen 53 udp; proxy_pass dns_servers; error_log /var/log/nginx/dns.log info; } } |
Please make sure you are NOT adding these snippet inside the folder “/etc/nginx/conf.d” . This will result in a configuration validation error (“stream directive is not allowed here” ) as the default nginx.conf configuration file includes the content of files in the conf.d directory in the “http” block
In the above configuration, there are two backend DNS servers and nginx distributes traffic to those in round-robin fashion. The server directives specify the port number that our upstream servers are listening on, 53 (the default port for DNS). The “proxy_pass” directive tells nginx to send the traffic to the upstream “dns_servers” .
Restart nginx after configuration changes are made.
Use netstat to verify nginx is listening on UDP port 53
| 1 2 3 4 5 | [root@test.test.com ~]# netstat -nap |grep :53 udp 0 0 0.0.0.0:53 0.0.0.0:* 20119/nginx [root@test.test.com ~]# |
Now you can test the DNS proxy using the following
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [root@test.test.com ~]# dig techietown.info @127.0.0.1 ; DiG 9.8.2rc1–RedHat–9.8.2–0.47.rc1.el6_8.3 <<>> techietown.info @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; HEADER<<– opcode: QUERY, status: NOERROR, id: 51016 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;techietown.info. IN A ;; ANSWER SECTION: techietown.info. 600 IN A 51.22.25.169 ;; AUTHORITY SECTION: techietown.info. 86400 IN NS ns51.domaincontrol.com. techietown.info. 86400 IN NS ns52.domaincontrol.com. ;; Query time: 727 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 10 13:38:57 2017 ;; MSG SIZE rcvd: 104 [root@test.test.com ~]# |
You can see that nginx is returning results from the backend.
Now you can add this to your “/etc/resolver.conf” file
| 1 2 3 4 5 6 | [root@test.test.com ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient–script nameserver 127.0.0.1 [root@test.test.com ~]# |
This will make sure you route all DNS queries originating from this host will get routed through the nginx DNS LoadBalancer.
This feature is very useful while running internal DNS servers in your network. You can have nginx proxy running on all machines to distribute traffic to your DNS servers.