Does haproxy 1.8 have edns support?
I’m trying to set haproxy for loadbalancing server group of about 50 hosts. But when SRV record grows to 512 bytes it stop to work. I’m using server-template with SRV record
I’ve found following in the code
as of today, we don’t support yet edns options, that said I already put a
placeholder here for this purpose.
Yes, edns is supported, edns options are not.
Just bump the accepted_payload_size parameter:
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.3.2-accepted_payload_size
@lukastribus Thanks a lot for your help. I’ll post full example for server-template here. But I have one more question.
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-server-template
As we can see we should use FQDN in arguments but when I specify FQDN it doesn’t work.
The problems is in the trailing dot. If i specify hostname with out trailing dot it works. http://www.dns-sd.org/trailingdotsindomainnames.html
In haproxy you only specify absolute domain names, that’s why we talk about FQDN in the documentation, but you don’t specify the trailing dot, because haproxy already does that for you.
That is unless I’m missing something @Baptiste
Little bit messy as for me…
www.example.com. — Absolute domain name
www.example.com — Relative domain name
@lukastribus
You would like haproxy to remove the trailing dot - if any, treating those 2 hostnames the same (I believe nginx does it this way)?
That sounds more messy in my opinion, not less.
@lukastribus Haproxy doesn’t work if I specify FQDN as mentioned in documentation. Here is DNS request from TCP dump
prod-loadbalancer-005..com.54350 > ip-172-30-0-2.ec2.internal.domain: [bad udp cksum 9fbe!] 61263+ [1au] Type0 (Class 8448)? _http._tcp.us-east-1e.kube..com. ar: ^@. (66)
And here is with RELATIVE DOMAIN NAME(FQDN with out trailing dot)
prod-loadbalancer-005..com.57783 > ip-172-30-0-2.ec2.internal.domain: [bad udp cksum 7137!] 33295+ [1au] SRV? _http._tcp.us-east-1e.kube..com. ar: . OPT UDPsize=4096 (65)
As for me you should at least specify in documentation that you shouldn’t use trailing dot. A specially because DNS problems logged too bad even in full verbose mode.
Agreed, we can always improve the documentation. I will write a patch for it.
@lukastribus cool!
Also I think it is nice to mention that “resolvers” parameter is extremely needed for SRV records.
Here is parts from my config which could be useful for somebody:
resolvers adns
nameserver dns 172.20.0.2:53
resolve_retries 3
timeout retry 1s
hold valid 10s
accepted_payload_size 8192backend prod-us-east-1
server-template srv 50 _http._tcp.us-east-1.***.com resolvers adns resolve-prefer ipv4