Haproxy DNS resolvers

ykiran_k · July 30, 2019, 9:43am

Hi,

I was testing DNS resolvers section from changing standard DNS port 53 to consul port 8600. In my haproxy configuration, backend server line has consul DNS to my application. According to my understanding after changing the port number, haproxy would query DNS resolution only to port 8600 however i was still seeing calls made to port 53. Here is the command that i used to monitor those DNS queries.

  stdbuf -oL -eL /usr/sbin/tcpdump -l -i lo dst port 53

To make sure that the calls are from haproxy, i stopped haproxy process & ran the above query. I was not seeing those DNS queries. As soon as i start the haproxy, i am seeing those calls still to port 53

Below is my resolvers section.

resolvers myresolver
nameserver dnsmasq 127.0.0.1:8600
resolve_retries 30
timeout retry 2s
accepted_payload_size 8192
hold other           5m
hold refused         60m
hold nx              60m
hold timeout         60m

My haproxy config backend section snippet…

backend primary-backend
server-template app1 100 app.service.consul:80 check port 80 resolvers myresolver resolve-prefer ipv4

Below is my haproxy version info

/usr/local/sbin/haproxy -vv
HA-Proxy version 1.9.4 2019/02/06 - https://haproxy.org/

Can you please let me know if my validation command & config is correct OR is there any underlying issue with haproxy DNS resolution? Let me know if you need more information.

NOTE:- I noticed a DNS resolvers issue with port 53 in where i am getting inconsistent results (number of App VM’s IPs from the consul DNS) with the haproxy version 1.9.4 & with consul version Consul v1.4.5. Changing that from 53 to 8600 showing consistent results. I still don’t know if that is an issue with haproxy or consul. I don’t want to derail this original Q, but just putting it out there.

lukastribus · July 30, 2019, 12:56pm

Libc is still used while initializing. If you don’t want that, disable it with init-addr:

https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-init-addr

defaults
    # disable libc resolution
    default-server init-addr last

ykiran_k · July 30, 2019, 1:37pm

Thank you for your response. When i add that line under default, haproxy does NOT start. Did you meant to say default-server init-addr none???

Below is the error that i got when i had last…

haproxy[24576]: [ALERT] 210/133344 (24576) : parsing [(null):0] : 'server app1' : no method found 
to resolve address 'app.service.consul'
haproxy[24576]: [ALERT] 210/133344 (24576) : Failed to initialize server(s) addr.
systemd[1]: haproxy.service: control process exited, code=exited status=1

lukastribus · July 30, 2019, 2:31pm

Yes, you can use none or last,none - both would disable libc resolution.

Topic		Replies	Views
DNS wont continue to resolve? Help!	2	1169	April 17, 2020
Can server-template using consul identify port? Help!	1	913	May 14, 2019
Updating server address through admin API when current address is empty Help!	3	562	November 27, 2019
HAProxy fails to start if backend server names don't resolve Help!	27	44820	November 2, 2017
HaProxy 2.2.9: Resolvers setting status to maintenance Help!	12	2077	March 4, 2021

Haproxy DNS resolvers

Related Topics