HAProxy internal DNS resolution issue on backend servers
Greetings and Salutations,
I'm a bit baffled as to why this is not working for me. For some reason HAProxy is unable to resolve DNS hosts using the internal DNS server. OK, a little tangent here... before I go on, would using an internal only domain of blahblahblah.lo be an issue? Just thinking out loud mid sentence, sorry. All of it works great if I use the IP addresses of the backend server, so that's why I am not going to go into extreme detail unless necessary about what is actually configured for the frontend and backend stuff. It must have something to do with DNS resolution on the local network (LAN) interface and how HAProxy resolved things.
My local DNS server is defined in HAProxy \ Settings \ Global DNS resolvers, which I would assume should do the trick. pfSense DNS servers are pointing to external DNS resolvers, my local DNS server is not listed. (local DNS server forwards to pfSense) I also tried the setting in pfSense under System \ General Setup \ Disable DNS Forwarder, but that also didn't resolve the resolution issues for the backend servers.
Versions and things:
built on Sun Nov 11 18:59:27 EST 2018
My HAProxy setup contains the following:
Listen: WAN (IPv4 and IPv6) http (80)
- http redirect to https (443)
Listen: WAN https (443)
- SSL Offload
- host header match yada.blahblahblah.com
- use backend yada.blahblahblah.lo
- host header match mmhmm.blahblahblah.com
- use backend mmhmm.blahblahblah.lo
- so on and so forth
- Server address+port yada.blahblahblah.lo 80
- Server address+port mmhmm.blahblahblah.lo 80
Errors found while starting haproxy [ALERT] 339/105432 (78471) : parsing [/var/etc/haproxy_test/haproxy.cfg:86] : 'yada.blahblahblah.lo' : could not resolve address 'yada.blahblahblah.lo'.
Like I said before, using the IP addresses for these backend servers works great. Using the internal DNS host name does not.
Try adding on HAProxy \ Settings \ Global Advanced pass thru:
defaults default-server init-addr last,libc,none
defaults default-server init-addr last,none
That should 'fix' the error. The issue happens as the dns-resolvers configured in HAProxy itself aren't used at its startup.. It might still cause a little hiccup when HAProxy is starting and servers still need to be resolved. But should fix itself after the first health-check.
@PiBa Once I made that setting change and turned the HTTP monitoring back on it started working.