[solved] cluster resolver dns not running on HA-Proxy v.1.5.18

Hi All,

Previously i’m apologize if wrong discuss my issue in here, i’m new on haproxy.

I have issue on my haproxy. I plan make cluster with haproxy for SMTP (postfix/25), Webserver (httpd/80) and Resolver DNS (Bind/53).

I’m running for smtp and web it’s work but have problem in dns resolver.

Could you help me for suggestion problem solving this issue?

Below log on my haproxy

smtp (works)
Apr 4 13:53:47 localhost haproxy[8979]: 50.50.50.5:51186 [04/Apr/2018:13:53:46.685] ft_smtp bk_postfix/smtp007-2 1/0/475 368 – 0/0/0/0/0 0/0
Apr 4 13:55:51 localhost haproxy[8979]: 50.50.50.5:51191 [04/Apr/2018:13:55:50.630] ft_smtp bk_postfix/smtp007-1 1/0/398 367 – 0/0/0/0/0 0/0

httpd (works)
Apr 4 13:51:25 localhost haproxy[8979]: 50.50.50.5:51183 [04/Apr/2018:13:51:25.899] ft_web bk_web/syslog-smtp007 1/4/44 18673 – 0/0/0/0/0 0/0

dns (not works)
Apr 4 13:54:50 localhost haproxy[8979]: 50.50.50.5:51189 [04/Apr/2018:13:54:20.696] ft_dns bk_bind/rdns007-1 1/0/30002 0 – 0/0/0/0/0 0/0
Apr 4 13:55:41 localhost haproxy[8979]: 50.50.50.5:51190 [04/Apr/2018:13:55:11.142] ft_dns bk_bind/rdns007-2 1/0/30013 0 – 0/0/0/0/0 0/0

Below my configuration haproxy.cfg:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
maxconn 3000
stats socket /var/lib/haproxy/stats

frontend ft_smtp
bind 10.10.10.5:25
mode tcp
no option http-server-close
timeout client 1m
log global
option tcplog
maxconn 3000
default_backend bk_postfix
backend bk_postfix
mode tcp
no option http-server-close
log global
option tcplog
timeout server 1m
timeout connect 30s
balance roundrobin
server smtp007-1 20.20.20.5:315 check
server smtp007-2 20.20.20.6:317 check

frontend ft_web
bind 10.10.10.5:80
no option http-server-close
timeout client 1m
log global
option tcplog
maxconn 3000
default_backend bk_web
backend bk_web
no option http-server-close
log global
option tcplog
timeout server 1m
timeout connect 30s
balance roundrobin
server syslog-smtp007 30.30.30.4:80 check

frontend ft_dns
bind 10.10.10.5:53
no option http-server-close
timeout client 1m
log global
option tcplog
maxconn 3000
default_backend bk_bind
backend bk_bind
no option http-server-close
log global
option tcplog
timeout server 1m
timeout connect 30s
balance roundrobin
server rdns007-1 40.40.40.2:53 check
server rdns007-2 40.40.40.3:53 check

Below my test use my dns resolver
haproxy007 ~]# nslookup

server 40.40.40.2
Default server: 40.40.40.2
Address: 40.40.40.2#53
google.com
Server: 40.40.40.2
Address: 40.40.40.2#53

Non-authoritative answer:
Name: google.com
Address: 74.125.68.101
Name: google.com
Address: 74.125.68.102
Name: google.com
Address: 74.125.68.113
Name: google.com
Address: 74.125.68.138
Name: google.com
Address: 74.125.68.100
Name: google.com
Address: 74.125.68.139

server 40.40.40.3
Default server: 40.40.40.3
Address: 40.40.40.3#53
google.com
Server: 40.40.40.3
Address: 40.40.40.3#53

Non-authoritative answer:
Name: google.com
Address: 74.125.24.139
Name: google.com
Address: 74.125.24.100
Name: google.com
Address: 74.125.24.113
Name: google.com
Address: 74.125.24.101
Name: google.com
Address: 74.125.24.102
Name: google.com
Address: 74.125.24.138

server 10.10.10.5
Default server: 10.10.10.5
Address: 10.10.10.5#53
google.com
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

Above if i’m use child my dns resolver it’s work but if i’m use on parrent haproxy problem.

Below I’m test telnet ip parrent haproxy on listen port 53 dns connected:
haproxy007 ~]# telnet 10.10.10.5 53
Trying 10.10.10.5…
Connected to 10.10.10.5.
Escape character is ‘^]’.
quit
Connection closed by foreign host.

And haproxy log :
Apr 5 11:33:07 localhost haproxy[31732]: 10.10.10.5:53274 [05/Apr/2018:11:32:37.234] ft_dns bk_dns/rdns007-2 1/0/30001 0 – 0/0/0/0/0 0/0
Apr 5 11:33:40 localhost haproxy[31732]: 10.10.10.5:53442 [05/Apr/2018:11:33:10.137] ft_dns bk_dns/rdns007-1 1/0/30001 0 – 0/0/0/0/0 0/0

haproxy007 ~]# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau willy@haproxy.org

Please tell me if you need another information or log on my haproxy.

I’m so appreciate for your help and replies for advice my problem.

Regards,

Andrian

You cannot load-balance DNS. DNS is UDP based and haproxy does not support UDP.

Use something like dnsdist to load-balance DNS.

Hi lukastribus,

Thank you for your information.

Maybe i’ll use nginx for load-balance DNS.

I’m appreciate for your replies.

Regards,

Andrian

Yeah, like I said I’d recommend dnsdist, which is purpose build for DNS load-balancing. nginx is not.

Hi lukastribus,

Thank you for your suggestion. Sorry for late respon previously.

I have planned to build cluster for SMTP and DNS in the same cluster.

If use dnsdist for my plan (smtp&dns), it’s still recommend in your think?

I’m so appreciate for your feed back.

Regards,

Andrian

You need dnsdist for DNS and haproxy for SMTP. Can’t use a single software stack here unfortunately.

Hi lukastribus,

If i still use single software stack for my cluster (smtp&dns), it’s not proper on production server?
Please could you explain your reason?

Dnsdist can load-balance DNS only.
haproxy can load-balance TCP only.

Since you need BOTH DNS/UDP and SMTP/TCP loadbalancing, you need both.

if using nginx support on both (udp and tcp), what do you think if running with single software (nginx) for cluster?

Nginx for both may work fine, it certainly supports both. For a big DNS load-balancing setup I would pick dnsdist every day of the week though.

Regarding TCP services I am pretty confident that nginx will load-balance SMTP traffic just fine.

I suggest you take a look at nginx and see if it satisfies your requirements.

Hi lukastribus,

Okay i’ll take a look at nginx.

I’m so appreciate for your suggest and this discuss.

.