Nginx + dnsmasq = 'could not be resolved (5: Operation refused)'

I’m trying to set up a django site using docker, nginx and uwsgi:
I have a nginx docker container working as a reverse proxy (called ceca-nginx-proxy) where dnsmasq is running and another nginx (ceca-nginx) container that communicates with an uwsgi container (ceca-uwsgi), I can connect using curl (with curl --resolve http://test.ceca.com http://172.17.0.7) to the ceca-nginx container and I get the django site running in the ceca-uwsgi container, the problem is when I want to get the site via ceca-nginx-proxy: I’m getting this error in my ceca-nginx-proxy error log:

ceca-nginx could not be resolved (5: Operation refused), client: 172.17.0.1, server: *.ceca.com, request: “GET / HTTP/1.1”, host: “172.17.0.8”

  • Docker tomcat8-jre8 hacked?
  • Passing arguments to docker swarm containers
  • Mount specific EBS volume to Docker under AWS beanstalk
  • Which approach is better for discovering container readiness?
  • websphere liberty on docker container
  • Docker commit doesn't save the changed state of my container
    • 172.17.0.1 is the docker ip assigned
    • *.ceca.com is the server_name defined in the ceca-nginx-proxy’s nginx config
    • 172.17.0.8 is the ceca-nginx-proxy ip
    • The server block of ceca-nginx-proxy reverse proxy is:

      server {
          listen 80;
          server_name *.ceca.com;
          error_log   /tmp/proxy_error_nginx.log warn;
          access_log  /tmp/proxy_access_nginx.log;
      
          location / {
              set $example ceca-nginx;
              resolver 127.0.0.1;
              proxy_pass http://$example;
          }
      } 
      

      And I’m running dnsmasq in the same machine to resolve hostnames in /etc/hosts (hostnames from docker linked containers) like this:

      dnsmasq -q -8 /tmp/dnsmasq.log --port 53 -R -u root
      

      For what I see in dnsmasq.log, the hostname is resolving ok [1] but nginx is complaining and returning a “502 Bad Gateway” page.
      If anyone can help me with this, I’ll be eternally grateful and buy lots of beer and fernet if we met.

      [1]
      
      Jun  6 21:39:47 dnsmasq[321]: query[A] ceca-nginx from 127.0.0.1
      Jun  6 21:39:48 dnsmasq[321]: /etc/hosts ceca-nginx is 172.17.0.7
      Jun  6 21:39:48 dnsmasq[321]: query[AAAA] ceca-nginx from 127.0.0.1
      

  • maven builds fails inside ubuntu vagrant machine as well as docker instance
  • After deleting container from Azure Container Service agent, its website still available
  • nginx setting up variable upstream per virtual host
  • Docker .Net Core app on Ubuntu not opening in localhost:8000
  • Docker: using container with headless Selenium Chromedriver
  • docker pull centos timeout on windows 8.1
  • One Solution collect form web for “Nginx + dnsmasq = 'could not be resolved (5: Operation refused)'”

    Your problem seems to be related to Nginx resolver directive configuration.
    By default, Nginx will try to resolve both IPv4 and IPV6 addresses. It will pick up first response from DNS server (dnsmasq in your case), cache it and fall down with an exception Operation refused, as it couldn’t resolve DNS name to IPv6 address. The solution is add ipv6=off to your resolver directive, so it should look like this:

    ...
    resolver 127.0.0.1 ipv6=off;
    ...
    

    This will force Nginx to stop resolving DNS records to IPv6.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.