diff --git a/nginx/yuheng.docker.conf.tpl b/nginx/yuheng.docker.conf.tpl
index 9da86e3..10e5f22 100644
--- a/nginx/yuheng.docker.conf.tpl
+++ b/nginx/yuheng.docker.conf.tpl
@@ -8,7 +8,8 @@ server {
     server_name yuheng.yuxindazhineng.com;
     client_max_body_size 800m;
 
-    resolver @@NGINX_RESOLVER@@ valid=10s ipv6=off;
+    # valid 过短会频繁重解析，宿主机 DNS 往往解析不了 compose 服务名 → 502；与 entrypoint 中优先 127.0.0.11 配合
+    resolver @@NGINX_RESOLVER@@ valid=300s ipv6=off;
 
     ssl_certificate     /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
     ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
diff --git a/scripts/nginx-entrypoint-wait-dns.sh b/scripts/nginx-entrypoint-wait-dns.sh
index 9d94b08..ad05f46 100644
--- a/scripts/nginx-entrypoint-wait-dns.sh
+++ b/scripts/nginx-entrypoint-wait-dns.sh
@@ -104,6 +104,12 @@ else
   echo "yh_nginx: resolver from resolv.conf: ${NSLINE}" >&2
 fi
 
+# Docker compose 服务名由网桥内置 DNS（通常 127.0.0.11）解析；仅用宿主机 DNS 会间歇「could not be resolved」→502
+case "$NSLINE" in
+  *127.0.0.11*) ;;
+  *) NSLINE="127.0.0.11 ${NSLINE}"; echo "yh_nginx: prepended 127.0.0.11 for compose DNS: ${NSLINE}" >&2 ;;
+esac
+
 if [ ! -r /yuheng.docker.conf.tpl ]; then
   echo "yh_nginx: error: /yuheng.docker.conf.tpl not mounted" >&2
   exit 1