On 8 Jul 2017 2:58 am, "Norman Branitsky" <[email protected]> wrote:
I changed the TTL on my application’s DNS entry, to no avail. Try tuning these parameters in jvm, assuming Sun oracle jdk here: -Dsun.net.inetaddr.ttl=value -Dsun.net.inetaddr.negative.ttl=value If security manager is installled System wide, by adding a line containing networkaddress.cache.ttl=value in $JAVA_HOME/jre/lib/security/java.security JDK 1.6, 1.7 & 1.8 default cache setting: 30 secs (When a security manager is not set) -1 (When a security manager is set) * DNS Cache is refreshed every 30 seconds So adjust the value to some low value of 10 sec say. Once the DNS entry updates to point to the 2nd HAProxy server, IE displays it’s dnserror.htm page: “This page can’t be displayed”. Copy/Paste the URL into a new tab and the page renders immediately. The original tab continues to display the dnserror page – probably for 20 minutes. *From:* Norman Branitsky [mailto:[email protected]] *Sent:* June-27-17 10:44 AM *To:* [email protected] *Subject:* HAProxy failover - DNS change cached by IE for a long time This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing <http://aka.ms/LearnAboutSpoofing> Feedback <http://aka.ms/SafetyTipsFeedback> Using the NS1 managed DNS service, I monitor the health of 2 HAProxy 1.7.7 servers defined as peers. NS1 checks the health of the HAProxy servers every 30 seconds. If haproxy1 fails to respond, NS1 changes the DNS response to point to haproxy2. When haproxy1 comes back online, NS1 reverts the DNS response to haproxy1. NS1 checks the health of my Java application server every 60 seconds. NS1 DNS records looks like this: haproxy1 A record haproxy2 A record tm1 CNAME record “Dynamic” – NS1 “filter” returns the first in the list of all health haproxy servers vr CNAME record pointing to tm1 – name of the Java application server If I connect to my Java application with Chrome or Firefox, I often don’t notice the haproxy DNS failover. If I do get a connection error, it almost always reconnects within seconds. I don’t lose my session. If I connect to my Java application with IE (only tested IE10 mode so far), the haproxy DNS failover cause a DNS error. This error won’t clear for at least 20 minutes. If I open a new tab I connect instantly. Since the JSESSIONID cookie is still available, I’m still logged in but obviously not on the same data entry page. What can I do to kick IE in the head and cause it to refresh its DNS cache? It doesn’t seem to respect the TTL value. Norman *Norman Branitsky *Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com Think it > Track it > Done
