Re: [call to comment] HAProxy's DNS resolution default query type

2015-10-20 Thread Baptiste
Hi all, Thanks a lot for your feedbacks. Really valuable. I'll discuss with Willy the best approach for the change. Baptiste On Mon, Oct 19, 2015 at 11:50 PM, Andrew Hayworth wrote: > Hi all - > > Just to chime in, we just got bit by this in production. Our

Re: [call to comment] HAProxy's DNS resolution default query type

2015-10-19 Thread Andrew Hayworth
Hi all - Just to chime in, we just got bit by this in production. Our dns resolver (unbound) does not follow CNAMES -> A records when you send an ANY query type. This is by design, so I can't just configure it differently (and ripping out our DNS resolver is not immediately feasible). I

RE: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Lukas Tribus
Hi folks, > Hey guys, > > by default, HAProxy tries to resolve server IPs using an ANY query > type, then fails over to resolve-prefer type, then to "remaining" > type. > So ANY -> A -> or ANY -> -> A. We can't really rely on ANY queries, no. Also see [1], [2]. > Today, 0yvind

RE: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Lukas Tribus
> Jan, a fellow HAProxy user, already reported me that ANY query types > are less and less fashion (for many reasons I'm not going to develop > here). > > Amongs the many way to fix this issue, the one below has my preference: > A new resolvers section directive (flag in that case) which prevent >

[call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Baptiste
Hey guys, by default, HAProxy tries to resolve server IPs using an ANY query type, then fails over to resolve-prefer type, then to "remaining" type. So ANY -> A -> or ANY -> -> A. In some cases, ANY query type is ignored or response contains no records, which leads HAProxy to try next

Re: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Robin Geuze
Hey Baptiste, Using ANY queries for this kind of stuff is considered by most people to be a bad practice since besides all the things you named it can lead to incomplete responses. Basically a resolver is allowed to just return whatever it has in cache when it receives an ANY query instead of

Re: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Robin Geuze
Actually, I just asked one of the powerdns devs, and their recursor/resolver implementation does actually only return what is in its cache when answering an ANY query. On 10/15/2015 4:46 PM, Robin Geuze wrote: Hey Baptiste, Using ANY queries for this kind of stuff is considered by most

Re: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Jeff Palmer
I second this opinion. Removing ANY altogether would be the best case. In reality, I think it should use the OS's resolver libraries which in turn will honor whatever the admin has configured for preference order at the base OS level. As a sysadmin, one should reasonably expect that

RE: [call to comment] HAProxy's DNS resolution default query type

2015-10-15 Thread Lukas Tribus
> I second this opinion. Removing ANY altogether would be the best case. > > In reality, I think it should use the OS's resolver libraries which > in turn will honor whatever the admin has configured for preference > order at the base OS level. > > > As a sysadmin, one should reasonably expect