Comments (7)
wtarreau
commented on May 19, 2024
1
Konstantin, your version is affected by numerous DNS bugs as well as two important security issues, as reported here : http://www.haproxy.org/bugs/bugs-1.8.12.html
Please first update it to latest 1.8 and check again.
from haproxy.
git001
commented on May 19, 2024
@o0st you can use this repo link for your debian to install the latest 1.8 stable version.
https://haproxy.debian.net/#?distribution=Debian&release=jessie&version=1.8
from haproxy.
oovs
commented on May 19, 2024
Thanks for hints, I've tried to upgrade but behavior is the same.
Output of haproxy -vv
HA-Proxy version 1.8.17-1~bpo8+1 2019/01/17
Copyright 2000-2019 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.2l 25 May 2017
Running on OpenSSL version : OpenSSL 1.0.2l 25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.35 2014-04-04
Running on PCRE version : 8.35 2014-04-04
PCRE library supports JIT : yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
from haproxy.
bedis
commented on May 19, 2024
Hi,
What does a "dig foo-bar-01.domain @127.0.0.1:53" returns?
from haproxy.
bedis
commented on May 19, 2024
About the AAAA tried first, this is expected behavior. HAProxy picks up IPv6 first.
If your network uses only IPv4, then you can add the following parameter on the server line: "resolve-prefer ipv4"
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-resolve-prefer
from haproxy.
bedis
commented on May 19, 2024
Last, if your DNS server returns 1 record, HAProxy will apply it to one server only.
HAProxy, by default, prevent duplication of the records. This is to match the scale out environments such as kubernetes: we do pre-provision servers in a backend but don't give them an IP address at start up.
Now, if your server returns a single IP address, you can enable this configuration option: "resolve-opts allow-dup-ip", and then, HAProxy will allow itself to reuse the same IP address on multiple servers.
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-resolve-opts
Note that later, the resolve-prefer would be deprecated and should move into the resolve-opts, to make it cleaner.
Given 1 record for the hostname used in my configuration:
-
When I start your HAProxy config without the option above, I can see your behavior:
[WARNING] 030/083248 (20646) : test_dns/foo-bar-01-13653 changed its IP from to 10.42.3.1 by localdns/local01.
[WARNING] 030/083248 (20646) : Server test_dns/foo-bar-01-13653 administratively READY thanks to valid DNS answer. -
when I enable the option, I can see the following:
[WARNING] 030/083317 (20719) : test_dns/foo-bar-01-13653 changed its IP from to 10.42.3.1 by localdns/local01.
[WARNING] 030/083317 (20719) : Server test_dns/foo-bar-01-13653 administratively READY thanks to valid DNS answer.
[WARNING] 030/083317 (20719) : test_dns/foo-bar-01-52393 changed its IP from to 10.42.3.1 by DNS cache.
[WARNING] 030/083317 (20719) : Server test_dns/foo-bar-01-52393 administratively READY thanks to valid DNS answer.
from haproxy.
oovs
commented on May 19, 2024
@bedis yes, DNS returns single A record.
resolve-prefer ipv4 removed the any_err errors from resolver status.
resolve-opts allow-dup-ip fixed dns resolution issue.
I'm closing issue since it's not a bug.
Thank you for help.
from haproxy.
Related Issues (20)
- Additional websocket connections cause exponential increase in CPU usage HOT 3
- cannot build on MacOS-14 Silicon HOT 13
- Lua ACL does not work HOT 3
- x86 build failed
- 3.0-dev8 runtime API "clear map" not clearing the whole map HOT 5
- quic http/3 limited-quic version 2.9.7 HOT 2
- Optimised code in h1.c doesn't do what it says it does HOT 15
- add `cap_sys_admin` to setcap supported caps HOT 7
- couple of Y2K38_SAFETY issues suspected by coverity HOT 1
- Stream state processing errors caused by special characters HOT 3
- QUIC: stalled connection rejection causing stalled connection reopening HOT 3
- 3 null pointer suspects from coverity HOT 3
- netbsd compile warnings: "warning: array subscript has type βcharβ"
- At least since 3.0-dev7 peers/stick table related crashes HOT 17
- I am using haproxy service port 3108. How should I use it to send to a different IP band? HOT 2
- src/log.c: null pointer dereference suspected by coverity HOT 2
- Allow to rewrite http-request value after server selection HOT 7
- 3.0-dev* sometimes logs two spaces between captures and http_request HOT 9
- src/clock.c: build failed on solaris HOT 5
- Haproxy crashing on OpenBSD HOT 18
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy.