El 2020-05-23 15:48, Baptiste escribió:
On Thu, May 21, 2020 at 11:47 AM Ricardo Fraile <[email protected]>
wrote:
Hello,
I'm fancing an extrange behaviour with DNS resolution and
timeout/hold
times. As testing enviroment, I use Haproxy 1.8.25 and this sample
conf:
global
master-worker
log /dev/log local5 info
pidfile /var/run/haproxy.pid
nbproc 1
resolvers dns
nameserver dns1 1.1.1.1:53 [1]
resolve_retries 3
timeout resolve 5s
timeout retry 10s
hold other 10s
hold valid 60s
hold obsolete 10s
hold refused 10s
hold nx 10s
hold timeout 10s
listen proxy-tcp
mode tcp
bind *:80
default-server check resolvers dns init-addr none
resolve-prefer ipv4
server host1 host1:80
On the DNS server, the entry for host1 is valid as noted here:
# dig host1 @1.1.1.1 [2]
;; ANSWER SECTION:
host1. 300 IN A 7.7.7.7
But getting the network traffic from the DNS server I can see the
following:
11:29:31.064136 IP [bal_ip].49967 > dns1: 121+ [1au] A? host1. (62)
11:29:36.065749 IP [bal_ip].49967 > dns1: 14393+ [1au] A? host1.
(62)
11:29:41.067816 IP [bal_ip].49967 > dns1: 35337+ [1au] A? host1.
(62)
Each 5 seconds, as defined in "timeout resolve", it receives a
query.
But as it is valid, why Haproxy doesn't hold it with the time
defined on
"hold valid", 60 seconds?
Thanks,
Hi Ricardo
Hold valid means that we keep this response for said period if the
server becomes unresponsive or returns NX.
HAProxy carry on performing queries at timeout.resolve period to
ensure a faster convergence in case the response is updated.
Baptiste
Links:
------
[1] http://1.1.1.1:53
[2] http://1.1.1.1
Thanks Baptiste, I haven't understood clearly the concepts with the
documentation. Your comment fits with the behaviour that I see.
