On Fri, Mar 20, 2020 at 5:02 PM Veiko Kukk <vk...@xvidservices.com> wrote:

> Hi
>
> I'd like to have better understanding how server-template and resolvers
> work together. HAproxy 1.9.14.
>
> Relevant sections from config:
>
> resolvers dns
>    accepted_payload_size 1232
>    parse-resolv-conf
>    hold valid 90s
>    resolve_retries 3
>    timeout resolve 1s
>    timeout retry 1s
>
> server-template srv 4 _foo._tcp.server.name.tld ssl check resolvers dns
> resolve-prefer ipv4 resolve-opts prevent-dup-ip
>
> After some time, when I check statistics from socket:
>
> echo "show resolvers" |/usr/bin/socat /var/run/haproxy.sock.stats1 stdio
>
> Resolvers section dns
>   nameserver 127.0.0.1:
>    sent:        33508
>    snd_error:   0
>    valid:       33502
>    update:      2
>    cname:       0
>    cname_error: 0
>    any_err:     0
>    nx:          0
>    timeout:     0
>    refused:     0
>    other:       0
>    invalid:     0
>    too_big:     0
>    truncated:   0
>    outdated:    6
>   nameserver 8.8.8.8:
>    sent:        33508
>    snd_error:   0
>    valid:       0
>    update:      0
>    cname:       0
>    cname_error: 0
>    any_err:     0
>    nx:          0
>    timeout:     0
>    refused:     0
>    other:       0
>    invalid:     0
>    too_big:     0
>    truncated:   0
>    outdated:    33508
>   nameserver 8.8.4.4:
>    sent:        33508
>    snd_error:   0
>    valid:       0
>    update:      0
>    cname:       0
>    cname_error: 0
>    any_err:     0
>    nx:          0
>    timeout:     0
>    refused:     0
>    other:       0
>    invalid:     0
>    too_big:     0
>    truncated:   0
>    outdated:    33508
>   nameserver 64.6.64.6:
>    sent:        33508
>    snd_error:   0
>    valid:       6
>    update:      0
>    cname:       0
>    cname_error: 0
>    any_err:     0
>    nx:          0
>    timeout:     0
>    refused:     0
>    other:       0
>    invalid:     0
>    too_big:     0
>    truncated:   0
>    outdated:    33502
>
> What I wonder about here is why are all nameservers used instead of only
> the first one when there are no issues/errors with local caching server
> 127.0.0.1:53. From the statistics, the 'sent:' value leaves me
> impression that all DNS servers get all requests. I that true?
>
> /etc/resolv.conf itself:
>
> nameserver 127.0.0.1
>
> nameserver 8.8.8.8
> nameserver 8.8.4.4
> nameserver 64.6.64.6
>
> options timeout:1 attempts:2
>
> I'd like to achieve situation where other nameservers would be used only
> when local caching server fails. Don't want to manually configure only
> local one in resolvers section (no failover) and would very much prefer
> not to duplicate name server config in resolv.conf and HAproxy config.
>
> --
> Veiko
>
>
>
Hi Veiko

You are correct, all servers are queried at the same time and we pick up
the fastest non-error response. Other responses will be simply ignored.
So if your local cache answers faster than google DNS servers, then you're
already covered.

Baptiste

Reply via email to