HAProxy community

Haproxy DNS resolvers

Hi,

I was testing DNS resolvers section from changing standard DNS port 53 to consul port 8600. In my haproxy configuration, backend server line has consul DNS to my application. According to my understanding after changing the port number, haproxy would query DNS resolution only to port 8600 however i was still seeing calls made to port 53. Here is the command that i used to monitor those DNS queries.

  stdbuf -oL -eL /usr/sbin/tcpdump -l -i lo dst port 53

To make sure that the calls are from haproxy, i stopped haproxy process & ran the above query. I was not seeing those DNS queries. As soon as i start the haproxy, i am seeing those calls still to port 53

Below is my resolvers section.

resolvers myresolver
nameserver dnsmasq 127.0.0.1:8600
resolve_retries 30
timeout retry 2s
accepted_payload_size 8192
hold other           5m
hold refused         60m
hold nx              60m
hold timeout         60m

My haproxy config backend section snippet…

backend primary-backend
server-template app1 100 app.service.consul:80 check port 80 resolvers myresolver resolve-prefer ipv4

Below is my haproxy version info

/usr/local/sbin/haproxy -vv
HA-Proxy version 1.9.4 2019/02/06 - https://haproxy.org/

Can you please let me know if my validation command & config is correct OR is there any underlying issue with haproxy DNS resolution? Let me know if you need more information.

NOTE:- I noticed a DNS resolvers issue with port 53 in where i am getting inconsistent results (number of App VM’s IPs from the consul DNS) with the haproxy version 1.9.4 & with consul version Consul v1.4.5. Changing that from 53 to 8600 showing consistent results. I still don’t know if that is an issue with haproxy or consul. I don’t want to derail this original Q, but just putting it out there.

Libc is still used while initializing. If you don’t want that, disable it with init-addr:

https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.2-init-addr

defaults
    # disable libc resolution
    default-server init-addr last

Thank you for your response. When i add that line under default, haproxy does NOT start. Did you meant to say default-server init-addr none???

Below is the error that i got when i had last

haproxy[24576]: [ALERT] 210/133344 (24576) : parsing [(null):0] : 'server app1' : no method found 
to resolve address 'app.service.consul'
haproxy[24576]: [ALERT] 210/133344 (24576) : Failed to initialize server(s) addr.
systemd[1]: haproxy.service: control process exited, code=exited status=1

Yes, you can use none or last,none - both would disable libc resolution.