On Tue, Oct 27, 2015 at 11:44 AM, Ben Tisdall <ben.tisd...@photobox.com> wrote: > Hi and thanks for a great load balancer. We're developing a much more > complex proxy ruleset and being able to switch back to haproxy now > that it supports DNS resolution was a huge relief! > > Unfortunately DNS resolution is not doing what I expect given the > configuration. When the downstream ELB to which the server points to > switches IP addresses the backend is failing with a L4 timeout on the > check. DNS queries are being made, see: > https://gist.github.com/btisdall/31b57b57fee19dc79637 > > This is the output of "show stat resolvers": > > Resolvers section aws > nameserver aws_0: > sent: 2892976 > valid: 2887729 > update: 0 > cname: 0 > cname_error: 0 > any_err: 0 > nx: 0 > timeout: 0 > refused: 0 > other: 0 > invalid: 2887729 > too_big: 0 > truncated: 0 > outdated: 0 > > Note that "valid" and "invalid" counts increase in exact step. > Switching to "resolve-prefer ipv4" had no effect on this. > > Config > ===== > > resolvers aws > nameserver aws_0 10.111.0.2:53 > > # ... > > server myserver some-server.example.com:80 check resolvers aws > > Build Options > ========== > > HA-Proxy version 1.6.1 2015/10/20 > Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org> > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 > -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 > OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.8 > Compression algorithms supported : identity("identity"), > deflate("deflate"), raw-deflate("deflate"), gzip("gzip") > Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 > Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.31 2012-07-06 > PCRE library supports JIT : no (USE_PCRE_JIT not set) > Built with Lua version : Lua 5.3.1 > Built with transparent proxy support using: IP_TRANSPARENT > IPV6_TRANSPARENT IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Regards, > > -- > Ben >
Hi Ben, I can't reproduce the problem with git version. I'll try with 1.6.1, but DNS code is supposed to be the same between both versions for now. I've setup the following amazon lab: - 1 instance with HAProxy running poininting to 1 ELB - 1 ELB instance taking traffic from haproxy above above and load-balancing haproxy's stats page from above server - 1 instance to inject traffic on ELB to force it to change its IP address after a few minutes HTTP stream is like: public > haproxy:8080 > elb:80 > haproxy:80 It works like a charm. I triggered a DNS change on ELB by massiveley injecting traffic and here is the output of DNS stats: Resolvers section aws nameserver aws1: sent: 95 valid: 95 update: 1 cname: 0 cname_error: 0 any_err: 0 nx: 0 timeout: 0 refused: 0 other: 0 invalid: 0 too_big: 0 truncated: 0 outdated: 0 Here is my configuration: global daemon log 127.0.0.1:514 local0 info stats socket /tmp/socket level admin stats timeout 10m resolvers aws nameserver aws1 172.31.0.2:53 defaults HTTP mode http timeout client 10s timeout connect 4s timeout server 10s frontend f bind :8080 default_backend b backend b server s ${LBNAME}:80 check resolvers aws resolve-prefer ipv4 frontend s bind :80 stats enable stats uri /stats stats show-legends http-request redirect location /stats if { path / } Please take a real pcap file using tcpdump and send it to me privately. You also seem to use a CNAME which points to your ELB amazon name. Could you let me know how you setup this, so I can try to reproduce the issue in my lab? Maybe the CNAME parsing is broken. Baptiste