Hi,
I was testing DNS resolvers section from changing standard DNS port 53 to consul port 8600. In my haproxy configuration, backend server line has consul DNS to my application. According to my understanding after changing the port number, haproxy would query DNS resolution only to port 8600 however i was still seeing calls made to port 53. Here is the command that i used to monitor those DNS queries.
stdbuf -oL -eL /usr/sbin/tcpdump -l -i lo dst port 53
To make sure that the calls are from haproxy, i stopped haproxy process & ran the above query. I was not seeing those DNS queries. As soon as i start the haproxy, i am seeing those calls still to port 53
Below is my resolvers section.
resolvers myresolver
nameserver dnsmasq 127.0.0.1:8600
resolve_retries 30
timeout retry 2s
accepted_payload_size 8192
hold other 5m
hold refused 60m
hold nx 60m
hold timeout 60m
My haproxy config backend section snippet…
backend primary-backend
server-template app1 100 app.service.consul:80 check port 80 resolvers myresolver resolve-prefer ipv4
Below is my haproxy version info
/usr/local/sbin/haproxy -vv
HA-Proxy version 1.9.4 2019/02/06 - https://haproxy.org/
Can you please let me know if my validation command & config is correct OR is there any underlying issue with haproxy DNS resolution? Let me know if you need more information.
NOTE:- I noticed a DNS resolvers issue with port 53 in where i am getting inconsistent results (number of App VM’s IPs from the consul DNS) with the haproxy version 1.9.4 & with consul version Consul v1.4.5. Changing that from 53 to 8600 showing consistent results. I still don’t know if that is an issue with haproxy or consul. I don’t want to derail this original Q, but just putting it out there.