When does backend do DNS resolution?



I’ve configured a backend server as follows:
server servername www.example.com:443 ca-file /etc/haproxy/GeoTrustSSLCA.crt check-ssl ssl force-tlsv12 verify required verifyhost xyz weight 200 observe layer7 check

When does HAProxy perform the DNS resolution on www.example.com:
startup (obviously)
health checks?
when re-connecting?
each HTTP request?

The reason we’re using the domain name vs. the IP address is that the service to which we’re connecting says they may change the IP from time to time of both their primary and their backup servers.



Only at startup (or reload/restart).

That is in the default configuration you are mentioning. However in haproxy 1.6 you can also use the internal resolver. Please read Server IP address resolution using DNS.


Thanks for that clarification. Definitely looking at the new 1.6 release since SNI just became important to us as well.