Hi!
> If it bothers you (I don't really see why), you can increase the "inter"
> value on your servers to check them less often and as such refresh their
> address less often.
You can configure "hold valid <time>" to configure internal caching
(it should be 10 seconds by default though):
I post here a full configuration that produces the behaviour (sorry, it
is long).
In my tests the DNS is contacted every second even if:
. I set "hold valid 5m"
. I disable the "check" for the servers
As I would expect, the resolution correctly happens only once for each
server name even if the names are repeated in several backends.
This is not a big problem!
Thank you anyway
.marcoc
---
global
nbproc 1
log /var/lib/haproxy/dev/log local0
user haproxy
group haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
spread-checks 4
hard-stop-after 2d
daemon
ssl-server-verify none
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-bind-ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256
ssl-default-bind-ciphersuites
TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options ssl-min-ver TLSv1.2
ssl-default-server-ciphers
ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256
defaults
log global
retries 3
option redispatch
option splice-auto
balance roundrobin
timeout connect 2s
timeout client 2m
timeout server 10m
timeout check 4s
timeout client-fin 20s
timeout tunnel 1h
timeout http-request 5s
compression algo gzip
compression type text/html text/css text/javascript text/xml
text/plain image/bmp image/x-icon image/svg+xml application/rss+xml
application/javascript application/x-javascript application/xml
application/xhtml+xml application/x-font application/x-font-truetype
application/x-font-ttf application/x-font-otf
application/x-font-opentype application/vnd.ms-fontobject
application/x-amf application/x-shockwave-flash font/ttf font/otf
font/opentype
mode http
option httplog
default-server inter 30s fastinter 15s downinter 60s fall 5 rise 3
resolvers systemd resolve-prefer ipv4 init-addr libc,none
resolvers systemd
nameserver local 127.0.0.53:53
hold valid 5m
frontend tesi-http
bind 10.64.44.112:80 name HTTP
bind 10.64.44.112:443 name HTTPS ssl crt
/etc/ssl/private/tesitest.uno.due curves X25519:P-256 alpn h2,http/1.1
timeout client 10m
option forwardfor
stick-table type ip size 1000 expire 10m store
http_req_rate(10s),http_err_rate(10s)
http-request track-sc0 src
http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 }
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 200 }
http-request redirect scheme https code 301 if !{ ssl_fc }
http-response set-header Strict-Transport-Security max-age=16000000;\
includeSubDomains
http-response replace-header Set-Cookie (.*) \1;\ Secure
http-response replace-header Location http://(.+) https://\1
acl tesitest hdr(host) tesitest.uno.due
acl fb path_beg /fb
acl tec path_beg /tec
use_backend prefb-http if tesipre fb
use_backend pretec-http if tesipre tec
use_backend preportal-http if tesipre
backend preportal-http
option httpchk HEAD /
cookie prs insert indirect nocache httponly maxidle 4h secure
server vxws142a-82 vxws142a-tesife.uno.due:82 weight 2 cookie a check
server vxws142b-82 vxws142b-tesife.uno.due:82 weight 2 cookie b check
backend prefb-http
option httpchk HEAD /fb/client/util/checkIstance.cfm
cookie fbrs insert indirect nocache httponly maxidle 4h secure
server vxws142a-80 vxws142a-tesife.uno.due:80 weight 2 cookie a check
server vxws142b-80 vxws142b-tesife.uno.due:80 weight 2 cookie b check
backend pretec-http
option httpchk HEAD /tec/client/util/checkIstance.cfm
cookie tecrs insert indirect nocache httponly maxidle 4h secure
server vxws142a-83 vxws142a-tesife.uno.due:83 weight 2 cookie a check
server vxws142b-83 vxws142b-tesife.uno.due:83 weight 2 cookie b check
listen stats-http
bind 10.64.44.112:8443 name HTTPS ssl crt
/etc/ssl/private/tesitest.uno.due-full.pem curves X25519:P-256 alpn
h2,http/1.1
stats enable
stats show-legends
stats show-node
stats refresh 60s
stats uri /haproxystats
---