CRE-2024-0043

NGINX Upstream DNS FailureMedium

Impact: 6/10

Mitigation: 5/10

CRE-2024-0043View on GitHub

KafkaKnown ProblemPublic

Description

When a NGINX upstream becomes unreachable or its DNS entry disappears, NGINX requests begin to fail.

Cause

The upstream host or container is removed, invalidating its DNS resolution and causing requests to break.

Mitigation

Provide a stable or redundant upstream configuration so NGINX can gracefully handle DNS resolution failures.

References

• https://stackoverflow.com/questions/32845674/nginx-how-to-not-exit-if-host-not-found-in-upstream