haproxy's resolver send queries with "response" flag

Fri, 17 Jun 2016 10:47:04 -0700 

Hello,

I have an issue with haproxy 1.6.5 on debian sid (same issue with backports 
package on debian stable, 1.6.5 too)
When the service start or reload, I get the address with libc resolver 
(according to documentation) without problem.

After, the local resolver of haproxy sends queries but have no answer (tried 
with bind and unbound)


With a stupid test config :
----------
resolvers mydns
        nameserver dns1 127.0.0.1:53

backend plop
        balance roundrobin
        server test turlututu.com:80 check resolvers mydns
----------


I can see it with tcpdump :

# tcpdump -vv -n -A -i lo 'udp port 53'
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
19:33:39.568467 IP (tos 0x0, ttl 64, id 17596, offset 0, flags [DF], proto UDP 
(17), length 59)
    127.0.0.1.45821 > 127.0.0.1.53: [bad udp cksum 0xfe3a -> 0x9a37!] 60186- q: 
A? turlututu.com. 0/0/0 (31)
E..;D.@[email protected].'.:............        turlututu.com.....
19:33:40.569857 IP (tos 0x0, ttl 64, id 17684, offset 0, flags [DF], proto UDP 
(17), length 59)
    127.0.0.1.45821 > 127.0.0.1.53: [bad udp cksum 0xfe3a -> 0x9a37!] 60186- q: 
A? turlututu.com. 0/0/0 (31)
E..;E.@[email protected].'.:............        turlututu.com.....
19:33:42.570333 IP (tos 0x0, ttl 64, id 17976, offset 0, flags [DF], proto UDP 
(17), length 59)
    127.0.0.1.45821 > 127.0.0.1.53: [bad udp cksum 0xfe3a -> 0x4406!] 9804- q: 
AAAA? turlututu.com. 0/0/0 (31)
E..;F8@[email protected].'.:&L..........        turlututu.com.....
19:33:43.571527 IP (tos 0x0, ttl 64, id 18192, offset 0, flags [DF], proto UDP 
(17), length 59)
    127.0.0.1.45821 > 127.0.0.1.53: [bad udp cksum 0xfe3a -> 0x5f06!] 9804- q: 
A? turlututu.com. 0/0/0 (31)
E..;G.@[email protected].'.:&L..........        turlututu.com.....
19:33:44.572820 IP (tos 0x0, ttl 64, id 18321, offset 0, flags [DF], proto UDP 
(17), length 59)
    127.0.0.1.45821 > 127.0.0.1.53: [bad udp cksum 0xfe3a -> 0x5f06!] 9804- q: 
A? turlututu.com. 0/0/0 (31)
E..;G.@[email protected].'.:&L..........        turlututu.com.....
^C
5 packets captured
10 packets received by filter
0 packets dropped by kernel


If I open result of tcpdump (-w dump.pcap) in wireshark, it shows that requests 
are sent with "response" flags (see attachment).
So the DNS server don't treat them like a query.

--
Grégory DURAND

Reply via email to