I just recovered from an outage that was ultimately triggered by HAProxy failing to keep track of the correct IP address for the back-end via periodic DNS queries, despite what appears to have been a correct configuration.
Using HAProxy 1.6.13, the backend server configuration entry looks like this: server backend backend.example.com:443 ssl verify required ca-file /etc/haproxy/example.pem resolvers vpc resolve-prefer ipv4 inter 15000 fastinter 5000 downinter 2500 rise 1 fall 2 That seems pretty standard, right? Oops, where's the check keyword? It should be there, but for some reason it isn't, which means no health checks were occurring on the back-end, and no DNS queries were happening, despite the appearance of inter, downinter, fastinter, rise, fall, and even resolvers... all of which imply health checking. It seems to me that HAProxy should at a minimum emit a warning on startup, because this is almost certainly an unintentional misconfiguration, as it was in this case... and the lack of the check directive causes all of these other options (and presumably some others) to be silently ignored.
