El 2020-05-23 15:48, Baptiste escribió:
On Thu, May 21, 2020 at 11:47 AM Ricardo Fraile <rfra...@rfraile.eu>
I'm fancing an extrange behaviour with DNS resolution and
times. As testing enviroment, I use Haproxy 1.8.25 and this sample
log /dev/log local5 info
nameserver dns1 126.96.36.199:53 
timeout resolve 5s
timeout retry 10s
hold other 10s
hold valid 60s
hold obsolete 10s
hold refused 10s
hold nx 10s
hold timeout 10s
default-server check resolvers dns init-addr none
server host1 host1:80
On the DNS server, the entry for host1 is valid as noted here:
# dig host1 @188.8.131.52 
;; ANSWER SECTION:
host1. 300 IN A 184.108.40.206
But getting the network traffic from the DNS server I can see the
11:29:31.064136 IP [bal_ip].49967 > dns1: 121+ [1au] A? host1. (62)
11:29:36.065749 IP [bal_ip].49967 > dns1: 14393+ [1au] A? host1.
11:29:41.067816 IP [bal_ip].49967 > dns1: 35337+ [1au] A? host1.
Each 5 seconds, as defined in "timeout resolve", it receives a
But as it is valid, why Haproxy doesn't hold it with the time
"hold valid", 60 seconds?
Hold valid means that we keep this response for said period if the
server becomes unresponsive or returns NX.
HAProxy carry on performing queries at timeout.resolve period to
ensure a faster convergence in case the response is updated.
Thanks Baptiste, I haven't understood clearly the concepts with the
documentation. Your comment fits with the behaviour that I see.