Haproxy Resolvers Section + Amazon ELB

domain-name-system haproxy

I'm currently using Haproxy-1.6-dev2 in front of an amazon ELB, and I'm running into DNS resolution issues. I'm working with the dev version of haproxy because of the new resolvers feature, but haven't been able to have Haproxy trigger a change in it's internal ip address listing for a server without restarting the haproxy process. Amazon updates the IPs of its ELBs and Haproxy continues using the old IP addresses without updating. A simplified config file is below.

global
    log 127.0.0.1   local0
    stats socket /var/run/haproxy.sock

defaults
    log global
    mode http
    option httpchk GET /
    option log-health-checks
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

resolvers dns
    nameserver public-0  xx.xx.xx.xx:53
    hold valid 1s

frontend http
    bind *:8000
    default_backend site-backend

backend site-backend
    balance leastconn
    server site sub.example.com:80 resolvers dns check inter 1000

I create a temporary A record in AWS Route53, and the health check fails because the A record points to an invalid location.
I then update the A record to point to a valid location and the health check continues to fail. A simple restart of haproxy means the health checks start passing.

I also pinged the stats socket to get a bit more info: 

 nameserver public-0:
  sent: 153
  valid: 0
  update: 0
  cname: 0
  cname_error: 0
  any_err: 0
  nx: 0
  timeout: 0
  refused: 0
  other: 0
  invalid: 0
  too_big: 0
  outdated: 51

The haproxy documentation did not offer much help as to what "outdated" might mean.


Please run HAProxy in debug mode ('debug' statement in global section or '-d' when running haproxy deamon) and report here output of stdout and stderr.

In the mean time, please take a tcpdump of the DNS traffic of the box and send it to the dev who did the DNS work in HAProxy: [email protected].

Baptiste


It seems to be a matter of an 1ms default timeout instead of a 1s default timeout. Setting timeout retry 1s should resolve the issue for anyone else with this problem on Haproxy-1.6-dev2. I imagine this will be resolved in the official 1.6 release.

Related

Changing OpenVPN DHCP pool
How do I set up Postfix *_restrictions configuration parameters safely with whitelists and blacklists?
How to run a command as administrator on Windows7 from a command line?
Running a DNS nameserver in a .local domain
Import SSL Cert into IIS when I have the text of the certificate and private key
Is there a pseudo backup procedure to force Exchange log truncation?
Postfix: content-filter vs. milter
Hard Drive Speed: RPM vs. Cache
How to Get a List of All Root / Main Installed Packages on Debian
Am I using virtio for my KVM guest?
Mac OS X client crashes while mounting and writing to Linux server via NFSv4
Getting stats about deliverability from postfix