We are running HAProxy in our Docker (18.09.0) swarm and we are relying on
the Docker embedded DNS server for service discovery.

The backend servers are configured to resolve the IP addresses via a
"resolvers" config entry pointing to the Docker embedded DNS running on

Up to HAProxy 1.8.14 this worked like charm, but it stopped working with
version 1.8.15. Also the newly released version 1.9.0 is affected by this

I've looked through the changes between 1.8.14 and 1.8.15 and I could narrow
it down to commit 2e53fe8:
"BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()".
If I revert this commit on haproxy-1.8 it works perfectly, just as before.

DNS resolution does not seem to be generally broken though. If I use a regular
(non-docker-internal) hostname, it can be resolved normally, even using the
Docker embedded DNS server.

I'm not yet sure if it is the Docker DNS server returning an invalid result
or HAProxy having a problem with the validation.

I'm happy to help with debugging. I can provide packet captures of the DNS
resolution and a sample config to reproduce the problem if you are interested.


Leonhard Wimmer
Senior DevOps Engineer
ecosio GmbH

Reply via email to