I was testing DNS resolvers section from changing standard DNS port 53 to consul port 8600. In my haproxy configuration, backend server line has consul DNS to my application. According to my understanding after changing the port number, haproxy would query DNS resolution only to port 8600 however i was still seeing calls made to port 53. Here is the command that i used to monitor those DNS queries.
stdbuf -oL -eL /usr/sbin/tcpdump -l -i lo dst port 53
To make sure that the calls are from haproxy, i stopped haproxy process & ran the above query. I was not seeing those DNS queries. As soon as i start the haproxy, i am seeing those calls still to port 53
Below is my resolvers section.
resolvers myresolver nameserver dnsmasq 127.0.0.1:8600 resolve_retries 30 timeout retry 2s accepted_payload_size 8192 hold other 5m hold refused 60m hold nx 60m hold timeout 60m
My haproxy config backend section snippet…
backend primary-backend server-template app1 100 app.service.consul:80 check port 80 resolvers myresolver resolve-prefer ipv4
Below is my haproxy version info
/usr/local/sbin/haproxy -vv HA-Proxy version 1.9.4 2019/02/06 - https://haproxy.org/
Can you please let me know if my validation command & config is correct OR is there any underlying issue with haproxy DNS resolution? Let me know if you need more information.
NOTE:- I noticed a DNS resolvers issue with
port 53 in where i am getting inconsistent results (number of App VM’s IPs from the consul DNS) with the haproxy version
1.9.4 & with consul version
Consul v1.4.5. Changing that from
53 to 8600 showing consistent results. I still don’t know if that is an issue with haproxy or consul. I don’t want to derail this original Q, but just putting it out there.