Hi

I'd like to have better understanding how server-template and resolvers work together. HAproxy 1.9.14.

Relevant sections from config:

resolvers dns
  accepted_payload_size 1232
  parse-resolv-conf
  hold valid 90s
  resolve_retries 3
  timeout resolve 1s
  timeout retry 1s

server-template srv 4 _foo._tcp.server.name.tld ssl check resolvers dns resolve-prefer ipv4 resolve-opts prevent-dup-ip

After some time, when I check statistics from socket:

echo "show resolvers" |/usr/bin/socat /var/run/haproxy.sock.stats1 stdio

Resolvers section dns
 nameserver 127.0.0.1:
  sent:        33508
  snd_error:   0
  valid:       33502
  update:      2
  cname:       0
  cname_error: 0
  any_err:     0
  nx:          0
  timeout:     0
  refused:     0
  other:       0
  invalid:     0
  too_big:     0
  truncated:   0
  outdated:    6
 nameserver 8.8.8.8:
  sent:        33508
  snd_error:   0
  valid:       0
  update:      0
  cname:       0
  cname_error: 0
  any_err:     0
  nx:          0
  timeout:     0
  refused:     0
  other:       0
  invalid:     0
  too_big:     0
  truncated:   0
  outdated:    33508
 nameserver 8.8.4.4:
  sent:        33508
  snd_error:   0
  valid:       0
  update:      0
  cname:       0
  cname_error: 0
  any_err:     0
  nx:          0
  timeout:     0
  refused:     0
  other:       0
  invalid:     0
  too_big:     0
  truncated:   0
  outdated:    33508
 nameserver 64.6.64.6:
  sent:        33508
  snd_error:   0
  valid:       6
  update:      0
  cname:       0
  cname_error: 0
  any_err:     0
  nx:          0
  timeout:     0
  refused:     0
  other:       0
  invalid:     0
  too_big:     0
  truncated:   0
  outdated:    33502

What I wonder about here is why are all nameservers used instead of only the first one when there are no issues/errors with local caching server 127.0.0.1:53. From the statistics, the 'sent:' value leaves me impression that all DNS servers get all requests. I that true?

/etc/resolv.conf itself:

nameserver 127.0.0.1

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6

options timeout:1 attempts:2

I'd like to achieve situation where other nameservers would be used only when local caching server fails. Don't want to manually configure only local one in resolvers section (no failover) and would very much prefer not to duplicate name server config in resolv.conf and HAproxy config.

--
Veiko


Reply via email to