Hello, We are running HAProxy in our Docker (18.09.0) swarm and we are relying on the Docker embedded DNS server for service discovery.
The backend servers are configured to resolve the IP addresses via a "resolvers" config entry pointing to the Docker embedded DNS running on "127.0.0.11". Up to HAProxy 1.8.14 this worked like charm, but it stopped working with version 1.8.15. Also the newly released version 1.9.0 is affected by this problem. I've looked through the changes between 1.8.14 and 1.8.15 and I could narrow it down to commit 2e53fe8: "BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()". If I revert this commit on haproxy-1.8 it works perfectly, just as before. DNS resolution does not seem to be generally broken though. If I use a regular (non-docker-internal) hostname, it can be resolved normally, even using the Docker embedded DNS server. I'm not yet sure if it is the Docker DNS server returning an invalid result or HAProxy having a problem with the validation. I'm happy to help with debugging. I can provide packet captures of the DNS resolution and a sample config to reproduce the problem if you are interested. Best, Leo -- Leonhard Wimmer Senior DevOps Engineer ecosio GmbH
