On Mon, Sep 7, 2015 at 10:12 PM, PiBa-NL <piba.nl....@gmail.com> wrote: > Hi Remi and Baptiste / haproxy users, > > Thanks for the quick fix for socket issues. > > Haproxy now starts succesfull and sends some DNS requests successfully. > However the google backend server immediately go's down. > Not sure if its more or less the same issue reported by Conrad.?. Tried his > fix but that did not seem to solve the issue. > > See below some tcpdump results with original haproxy code + Remi's patch. > > The googlesite server is marked down almost imidiately after starting.. It > does not seem to understand the 'NXDomain' reply? > The testsite2 does not send DNS query's, should it not send a dns query > every 10 seconds? > > Or maybe i'm misinterpreting the 'hold valid' description? > Perhaps you guy's could take another look? > > Thanks in advance, best regards, > PiBa-NL > > Same environment as before (p.s. if you want to test it yourself, its quite > easy to install the OPNsense iso into a virtualbox machine, thats how im > testing it). > # uname -a > FreeBSD OPNsense.localdomain 10.1-RELEASE-p18 FreeBSD 10.1-RELEASE-p18 #0 > 71275cd(stable/15.7): Sun Aug 23 20:32:26 CEST 2015 > root@sensey64:/usr/obj/usr/src/sys/SMP amd64 > # haproxy -v > [ALERT] 249/200618 (55609) : SSLv3 support requested but unavailable. > HA-Proxy version 1.6-dev4-b7ce424 2015/09/03 > Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org> > > global > maxconn 100 > defaults > mode http > timeout connect 30000 > timeout server 30000 > timeout client 30000 > resolvers globalresolvers > nameserver googleA 8.8.8.8:53 > resolve_retries 3 > timeout retry 1s > hold valid 10s > listen www > bind 0.0.0.0:81 > log global > server googlesite www.google.com:80 check inter 2000 > resolvers globalresolvers > server testsite2 nu.nl:80 check inter 2000 > resolvers globalresolvers > > 19:42:53.843549 IP 192.168.0.112.44128 > 8.8.8.8.53: 46758+ AAAA? > www.google.com. (32) > 19:42:53.859410 IP 8.8.8.8.53 > 192.168.0.112.44128: 46758 1/0/0 AAAA > 2a00:1450:4013:c01::93 (60) > 19:42:53.859929 IP 192.168.0.112.42866 > 8.8.8.8.53: 57888+ A? nu.nl. (23) > 19:42:53.877414 IP 8.8.8.8.53 > 192.168.0.112.42866: 57888 1/0/0 A > 62.69.166.254 (39) > 19:42:53.877693 IP 192.168.0.112.54655 > 8.8.8.8.53: 983+ AAAA? nu.nl. (23) > 19:42:53.894598 IP 8.8.8.8.53 > 192.168.0.112.54655: 983 0/1/0 (89) > 19:42:55.907078 IP 192.168.0.112.53716 > 8.8.8.8.53: 21069+ ANY? > www.google.com:80. (35) > 19:42:55.924236 IP 8.8.8.8.53 > 192.168.0.112.53716: 21069 NXDomain 0/1/0 > (110) > 19:42:59.923338 IP 192.168.0.112.53716 > 8.8.8.8.53: 52649+ ANY? > www.google.com:80. (35) > 19:42:59.940424 IP 8.8.8.8.53 > 192.168.0.112.53716: 52649 NXDomain 0/1/0 > (110) > 19:43:03.937163 IP 192.168.0.112.53716 > 8.8.8.8.53: 5746+ ANY? > www.google.com:80. (35) > 19:43:03.955002 IP 8.8.8.8.53 > 192.168.0.112.53716: 5746 NXDomain 0/1/0 > (110) > 19:43:07.957851 IP 192.168.0.112.53716 > 8.8.8.8.53: 32478+ ANY? > www.google.com:80. (35) > 19:43:07.973450 IP 8.8.8.8.53 > 192.168.0.112.53716: 32478 NXDomain 0/1/0 > (110) > 19:43:11.977145 IP 192.168.0.112.53716 > 8.8.8.8.53: 48547+ ANY? > www.google.com:80. (35) > 19:43:11.994878 IP 8.8.8.8.53 > 192.168.0.112.53716: 48547 NXDomain 0/1/0 > (110) > 19:43:16.013370 IP 192.168.0.112.53716 > 8.8.8.8.53: 24088+ ANY? > www.google.com:80. (35) > 19:43:16.033331 IP 8.8.8.8.53 > 192.168.0.112.53716: 24088 NXDomain 0/1/0 > (110) > 19:43:20.025739 IP 192.168.0.112.53716 > 8.8.8.8.53: 52900+ ANY? > www.google.com:80. (35) > 19:43:20.041989 IP 8.8.8.8.53 > 192.168.0.112.53716: 52900 NXDomain 0/1/0 > (110) > 19:43:24.038682 IP 192.168.0.112.53716 > 8.8.8.8.53: 28729+ ANY? > www.google.com:80. (35) > 19:43:24.055154 IP 8.8.8.8.53 > 192.168.0.112.53716: 28729 NXDomain 0/1/0 > (110) > 19:43:28.060200 IP 192.168.0.112.53716 > 8.8.8.8.53: 27289+ ANY? > www.google.com:80. (35) > 19:43:28.076947 IP 8.8.8.8.53 > 192.168.0.112.53716: 27289 NXDomain 0/1/0 > (110) > 19:43:32.077052 IP 192.168.0.112.53716 > 8.8.8.8.53: 54796+ ANY? > www.google.com:80. (35) > 19:43:32.092108 IP 8.8.8.8.53 > 192.168.0.112.53716: 54796 NXDomain 0/1/0 > (110) > 19:43:36.094322 IP 192.168.0.112.53716 > 8.8.8.8.53: 4256+ ANY? > www.google.com:80. (35) > 19:43:36.111877 IP 8.8.8.8.53 > 192.168.0.112.53716: 4256 NXDomain 0/1/0 > (110) > 19:43:40.117106 IP 192.168.0.112.53716 > 8.8.8.8.53: 7297+ ANY? > www.google.com:80. (35) > 19:43:40.132362 IP 8.8.8.8.53 > 192.168.0.112.53716: 7297 NXDomain 0/1/0 > (110) > 19:43:44.138071 IP 192.168.0.112.53716 > 8.8.8.8.53: 46840+ ANY? > www.google.com:80. (35) > 19:43:44.154351 IP 8.8.8.8.53 > 192.168.0.112.53716: 46840 NXDomain 0/1/0 > (110) > 19:43:48.157131 IP 192.168.0.112.53716 > 8.8.8.8.53: 13717+ ANY? > www.google.com:80. (35) > 19:43:48.173579 IP 8.8.8.8.53 > 192.168.0.112.53716: 13717 NXDomain 0/1/0 > (110) > 19:43:52.175307 IP 192.168.0.112.53716 > 8.8.8.8.53: 65214+ ANY? > www.google.com:80. (35) > 19:43:52.192398 IP 8.8.8.8.53 > 192.168.0.112.53716: 65214 NXDomain 0/1/0 > (110) > > # haproxy -f /var/haproxy.cfg -d > [ALERT] 249/194253 (11160) : SSLv3 support requested but unavailable. > Available polling systems : > kqueue : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use kqueue. > Using kqueue() as the polling mechanism. > [WARNING] 249/194255 (11160) : Server www/googlesite is DOWN, reason: Layer4 > timeout, check duration: 2011ms. 1 active and 0 backup servers left. 0 > sessions active, 0 requeued, 0 remaining in queue. >
Hi, I wonder why the code send the TCP port in the DNS query... I'm currently installing an opnsense and I'll try to reproduce the problem. I've not used FreeBSD since 5.4 version :) Baptiste
