diff --git a/authserv/app_nginx.py b/authserv/app_nginx.py
index 0286a7a0c9411c243da8659aac69754fe2ea5b56..9661823865211ae4e0d3976fe075473faa37c4cc 100644
--- a/authserv/app_nginx.py
+++ b/authserv/app_nginx.py
@@ -1,3 +1,5 @@
+import socket
+import threading
 from flask import Flask, request, abort, make_response
 from authserv.app_common import do_auth
 
@@ -5,6 +7,16 @@ app = Flask(__name__)
 
 _default_port_map = {'imap': 143, 'pop3': 110}
 
+_dns_cache = {}
+_dns_cache_lock = threading.Lock()
+
+def _shard_to_ip(shard):
+    hostname = '%s-vpn' % shard
+    with _dns_cache_lock:
+        if hostname not in _dns_cache:
+            _dns_cache[hostname] = socket.gethostbyname(hostname)
+        return _dns_cache[hostname]
+
 
 @app.route('/', methods=('GET',))
 def do_nginx_http_auth():
@@ -32,7 +44,7 @@ def do_nginx_http_auth():
     response = make_response('')
     if auth_status == 'OK':
         response.headers['Auth-Status'] = 'OK'
-        response.headers['Auth-Server'] = shard
+        response.headers['Auth-Server'] = _shard_to_ip(shard)
         response.headers['Auth-Port'] = str(
             app.config.get('NGINX_AUTH_PORT_MAP', _default_port_map)[protocol])
     else: