Hi
I'd like to have better understanding how server-template and resolvers
work together. HAproxy 1.9.14.
Relevant sections from config:
resolvers dns
accepted_payload_size 1232
parse-resolv-conf
hold valid 90s
resolve_retries 3
timeout resolve 1s
timeout retry 1s
server-template srv 4 _foo._tcp.server.name.tld ssl check resolvers dns
resolve-prefer ipv4 resolve-opts prevent-dup-ip
After some time, when I check statistics from socket:
echo "show resolvers" |/usr/bin/socat /var/run/haproxy.sock.stats1 stdio
Resolvers section dns
nameserver 127.0.0.1:
sent: 33508
snd_error: 0
valid: 33502
update: 2
cname: 0
cname_error: 0
any_err: 0
nx: 0
timeout: 0
refused: 0
other: 0
invalid: 0
too_big: 0
truncated: 0
outdated: 6
nameserver 8.8.8.8:
sent: 33508
snd_error: 0
valid: 0
update: 0
cname: 0
cname_error: 0
any_err: 0
nx: 0
timeout: 0
refused: 0
other: 0
invalid: 0
too_big: 0
truncated: 0
outdated: 33508
nameserver 8.8.4.4:
sent: 33508
snd_error: 0
valid: 0
update: 0
cname: 0
cname_error: 0
any_err: 0
nx: 0
timeout: 0
refused: 0
other: 0
invalid: 0
too_big: 0
truncated: 0
outdated: 33508
nameserver 64.6.64.6:
sent: 33508
snd_error: 0
valid: 6
update: 0
cname: 0
cname_error: 0
any_err: 0
nx: 0
timeout: 0
refused: 0
other: 0
invalid: 0
too_big: 0
truncated: 0
outdated: 33502
What I wonder about here is why are all nameservers used instead of only
the first one when there are no issues/errors with local caching server
127.0.0.1:53. From the statistics, the 'sent:' value leaves me
impression that all DNS servers get all requests. I that true?
/etc/resolv.conf itself:
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6
options timeout:1 attempts:2
I'd like to achieve situation where other nameservers would be used only
when local caching server fails. Don't want to manually configure only
local one in resolvers section (no failover) and would very much prefer
not to duplicate name server config in resolv.conf and HAproxy config.
--
Veiko
