Hi Robin, > I don't understand the necessity of the hold valid config option. DNS has > something that takes care of this for you called the TTL. Besides if hold > valid is shorter then the TTL it would be kind of pointless since the > resolvers you are querying won't re-resolve until the TTL expires.
Your server won't wait until end of TTL to fail ;) So you don't want to followup TTLs and prefer force HAProxy to resolve more often. In some cases, you don't choose the TTL (amazon), so 'hold valid' allows you to choose your own TTL. > Tbh I don't really see the point of configuring the resolvers in haproxy > when the OS has perfectly fine working facilities for this? Imagine a big company. Imagine the ops team managing HAProxy and the IT team managing the DNS servers. (It's a real case) When the ops team start up a new server, DNS propagation can be long (several minutes) before the DNS servers managed by the IT team are aware of the update (we speak about worldwide deployment). In order to start up the new service asap, then the ops team want to use the regular DNS servers and their own DNS server... There are many cases like this one, where the ops team doesn't have the hand over the DNS server. Same if you use a service discovery, then HAProxy can point its DNS request to it instead of regular DNS servers. > What is the > benefit besides possibly causing lookups to happen twice, once from the OS > resolving stack and once from haproxies? If you really want exactly the same > behavior as described you could always configure a local resolver that > queries multiple other resolvers instead of recursing itself. you say this because you have the hand over your OS. We have many customers and community users where it's not the case. Once again, HAProxy, is a load-balancer, it needs the most accurate information and as fast as possible. You don't want to tune your local bind or powerdns just for HAProxy and prevent any other service to operate as usual. Baptiste