Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy internal DNS resolution issue on backend servers

    Cache/Proxy
    2
    3
    2557
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JeFizz
      last edited by JeFizz

      Greetings and Salutations,

      I'm a bit baffled as to why this is not working for me. For some reason HAProxy is unable to resolve DNS hosts using the internal DNS server. OK, a little tangent here... before I go on, would using an internal only domain of blahblahblah.lo be an issue? Just thinking out loud mid sentence, sorry. All of it works great if I use the IP addresses of the backend server, so that's why I am not going to go into extreme detail unless necessary about what is actually configured for the frontend and backend stuff. It must have something to do with DNS resolution on the local network (LAN) interface and how HAProxy resolved things.

      My local DNS server is defined in HAProxy \ Settings \ Global DNS resolvers, which I would assume should do the trick. pfSense DNS servers are pointing to external DNS resolvers, my local DNS server is not listed. (local DNS server forwards to pfSense) I also tried the setting in pfSense under System \ General Setup \ Disable DNS Forwarder, but that also didn't resolve the resolution issues for the backend servers.

      Versions and things:

      2.4.5-DEVELOPMENT (amd64)
      built on Sun Nov 11 18:59:27 EST 2018
      FreeBSD 11.2-RELEASE-p4

      haproxy 0.59_14

      My HAProxy setup contains the following:

      Frontends:

      • Listen: WAN (IPv4 and IPv6) http (80)

        • http redirect to https (443)

      • Listen: WAN https (443)

        • SSL Offload
        • host header match yada.blahblahblah.com
          • use backend yada.blahblahblah.lo
        • host header match mmhmm.blahblahblah.com
          • use backend mmhmm.blahblahblah.lo
        • so on and so forth

      Backends:

      • Server address+port yada.blahblahblah.lo 80
      • Server address+port mmhmm.blahblahblah.lo 80
      • etc.

      Error(s):

      Errors found while starting haproxy
[ALERT] 339/105432 (78471) : parsing [/var/etc/haproxy_test/haproxy.cfg:86] : 'yada.blahblahblah.lo' : could not resolve address 'yada.blahblahblah.lo'.

      Like I said before, using the IP addresses for these backend servers works great. Using the internal DNS host name does not.

      Help!

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @JeFizz
        last edited by

        @jefizz
        Try adding on HAProxy \ Settings \ Global Advanced pass thru:

        defaults
  default-server init-addr last,libc,none

        Or perhaps:

        defaults
  default-server init-addr last,none

        That should 'fix' the error. The issue happens as the dns-resolvers configured in HAProxy itself aren't used at its startup.. It might still cause a little hiccup when HAProxy is starting and servers still need to be resolved. But should fix itself after the first health-check.

        1 Reply Last reply Reply Quote 1
        • J
          JeFizz
          last edited by

          @PiBa Once I made that setting change and turned the HTTP monitoring back on it started working.

          Thanks!!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post