On Fri, Mar 20, 2020 at 5:02 PM Veiko Kukk <[email protected]> wrote:
> Hi > > I'd like to have better understanding how server-template and resolvers > work together. HAproxy 1.9.14. > > Relevant sections from config: > > resolvers dns > accepted_payload_size 1232 > parse-resolv-conf > hold valid 90s > resolve_retries 3 > timeout resolve 1s > timeout retry 1s > > server-template srv 4 _foo._tcp.server.name.tld ssl check resolvers dns > resolve-prefer ipv4 resolve-opts prevent-dup-ip > > After some time, when I check statistics from socket: > > echo "show resolvers" |/usr/bin/socat /var/run/haproxy.sock.stats1 stdio > > Resolvers section dns > nameserver 127.0.0.1: > sent: 33508 > snd_error: 0 > valid: 33502 > update: 2 > cname: 0 > cname_error: 0 > any_err: 0 > nx: 0 > timeout: 0 > refused: 0 > other: 0 > invalid: 0 > too_big: 0 > truncated: 0 > outdated: 6 > nameserver 8.8.8.8: > sent: 33508 > snd_error: 0 > valid: 0 > update: 0 > cname: 0 > cname_error: 0 > any_err: 0 > nx: 0 > timeout: 0 > refused: 0 > other: 0 > invalid: 0 > too_big: 0 > truncated: 0 > outdated: 33508 > nameserver 8.8.4.4: > sent: 33508 > snd_error: 0 > valid: 0 > update: 0 > cname: 0 > cname_error: 0 > any_err: 0 > nx: 0 > timeout: 0 > refused: 0 > other: 0 > invalid: 0 > too_big: 0 > truncated: 0 > outdated: 33508 > nameserver 64.6.64.6: > sent: 33508 > snd_error: 0 > valid: 6 > update: 0 > cname: 0 > cname_error: 0 > any_err: 0 > nx: 0 > timeout: 0 > refused: 0 > other: 0 > invalid: 0 > too_big: 0 > truncated: 0 > outdated: 33502 > > What I wonder about here is why are all nameservers used instead of only > the first one when there are no issues/errors with local caching server > 127.0.0.1:53. From the statistics, the 'sent:' value leaves me > impression that all DNS servers get all requests. I that true? > > /etc/resolv.conf itself: > > nameserver 127.0.0.1 > > nameserver 8.8.8.8 > nameserver 8.8.4.4 > nameserver 64.6.64.6 > > options timeout:1 attempts:2 > > I'd like to achieve situation where other nameservers would be used only > when local caching server fails. Don't want to manually configure only > local one in resolvers section (no failover) and would very much prefer > not to duplicate name server config in resolv.conf and HAproxy config. > > -- > Veiko > > > Hi Veiko You are correct, all servers are queried at the same time and we pick up the fastest non-error response. Other responses will be simply ignored. So if your local cache answers faster than google DNS servers, then you're already covered. Baptiste
