El 2020-05-23 15:48, Baptiste escribió:
On Thu, May 21, 2020 at 11:47 AM Ricardo Fraile <rfra...@rfraile.eu>
wrote:

Hello,

I'm fancing an extrange behaviour with DNS resolution and
timeout/hold
times. As testing enviroment, I use Haproxy 1.8.25 and this sample
conf:

global
master-worker
log /dev/log local5 info
pidfile /var/run/haproxy.pid
nbproc 1

resolvers dns
nameserver dns1  1.1.1.1:53 [1]

resolve_retries       3
timeout resolve       5s
timeout retry        10s
hold other           10s
hold valid           60s
hold obsolete        10s
hold refused         10s
hold nx              10s
hold timeout         10s

listen proxy-tcp
mode tcp
bind *:80
default-server check resolvers dns init-addr none
resolve-prefer ipv4

server host1 host1:80

On the DNS server, the entry for host1 is valid as noted here:

# dig host1 @1.1.1.1 [2]

;; ANSWER SECTION:
host1. 300 IN A 7.7.7.7

But getting the network traffic from the DNS server I can see the
following:

11:29:31.064136 IP [bal_ip].49967 > dns1: 121+ [1au] A? host1. (62)
11:29:36.065749 IP [bal_ip].49967 > dns1: 14393+ [1au] A? host1.
(62)
11:29:41.067816 IP [bal_ip].49967 > dns1: 35337+ [1au] A? host1.
(62)

Each 5 seconds, as defined in "timeout resolve", it receives a
query.
But as it is valid, why Haproxy doesn't hold it with the time
defined on
"hold valid", 60 seconds?

Thanks,

Hi Ricardo

Hold valid means that we keep this response for said period if the
server becomes unresponsive or returns NX.
HAProxy carry on performing queries at timeout.resolve period to
ensure a faster convergence in case the response is updated.

Baptiste

Links:
------
[1] http://1.1.1.1:53
[2] http://1.1.1.1


Thanks Baptiste, I haven't understood clearly the concepts with the documentation. Your comment fits with the behaviour that I see.

Reply via email to