Webflow and nginx DNS caching

I’m pretty sure this isn’t a “supported” setup by Webflow, but I’m looking for advice. I’m seeing a strange behavior with excessive DNS caching in nginx while proxying to proxy-ssl.webflow.com, even though from what I’ve gathered my nginx configuration should be correct.

My configuration is:

nginx: 1.14.1

server {
  ...
  resolver 172.16.0.2 valid=10s; # Amazon AWS resolver

  location /elsewhere {
    other configurations;
  }

  # everything that's not already handled, proxy to webflow
  location / {
    # webflow.mydomain.com proxies to proxy-ssl.webflow.com
    set $webflowUpstream https://webflow.mydomain.com;
    proxy_pass $webflowUpstream;
    proxy_set_header  Host webflow.mydomain.com;
    proxy_ssl_name  webflow.mydomain.com;
    proxy_ssl_server_name  on;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_cache_valid       200     5m;
    proxy_cache_valid       301     5m;
    proxy_cache_valid       302     5m;
    proxy_cache_valid       any     1m;

    proxy_connect_timeout   5s;
    proxy_send_timeout      60s;
    proxy_read_timeout      60s;

    proxy_cache             brochure-cache;
    proxy_cache_use_stale   error timeout invalid_header updating http_500 http_502 http_503 http_504;
    proxy_cache_revalidate  on;

    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass_header       Referer;
    proxy_pass_header       User-Agent;

    client_max_body_size    1024m;

    proxy_redirect          https://webflow.mydomain.com/  https://mydomain.com/;
}

If it’s not obvious from the configuration, we have other paths that proxy to other parts of our site (like our main application), so we can’t just configure our root domain to use Webflow’s DNS IPs – we have to proxy.

This config works great for a day or two, but then when proxy-ssl.webflow.com’s IPs change, nginx hangs on to the old IPs even though every nginx forum I’ve found shows this configuration should work – using a resolver and a variable for the proxy_pass.

I’m curious if anyone here has run into this issue. Any help anyone can offer would be appreciated.

Thanks!