On Thu, May 21, 2020 at 11:47 AM Ricardo Fraile <rfra...@rfraile.eu> wrote:

> Hello,
>
>
> I'm fancing an extrange behaviour with DNS resolution and timeout/hold
> times. As testing enviroment, I use Haproxy 1.8.25 and this sample conf:
>
> global
>          master-worker
>          log /dev/log local5 info
>          pidfile /var/run/haproxy.pid
>          nbproc 1
>
> resolvers dns
>          nameserver dns1  1.1.1.1:53
>
>          resolve_retries       3
>          timeout resolve       5s
>          timeout retry        10s
>          hold other           10s
>          hold valid           60s
>          hold obsolete        10s
>          hold refused         10s
>          hold nx              10s
>          hold timeout         10s
>
> listen proxy-tcp
>          mode tcp
>          bind *:80
>         default-server check resolvers dns init-addr none resolve-prefer
> ipv4
>
>          server host1 host1:80
>
>
>
> On the DNS server, the entry for host1 is valid as noted here:
>
> # dig host1 @1.1.1.1
>
> ;; ANSWER SECTION:
> host1. 300 IN A 7.7.7.7
>
>
>
> But getting the network traffic from the DNS server I can see the
> following:
>
> 11:29:31.064136 IP [bal_ip].49967 > dns1: 121+ [1au] A? host1. (62)
> 11:29:36.065749 IP [bal_ip].49967 > dns1: 14393+ [1au] A? host1. (62)
> 11:29:41.067816 IP [bal_ip].49967 > dns1: 35337+ [1au] A? host1. (62)
>
> Each 5 seconds, as defined in "timeout resolve", it receives a query.
> But as it is valid, why Haproxy doesn't hold it with the time defined on
> "hold valid", 60 seconds?
>
>
>
> Thanks,
>
>
Hi Ricardo

Hold valid means that we keep this response for said period if the server
becomes unresponsive or returns NX.
HAProxy carry on performing queries at timeout.resolve period to ensure a
faster convergence in case the response is updated.

Baptiste

Reply via email to