BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
Timeouts for dynamic resolutions are not handled at the stream level but by
the resolvers themself. It means there is no connect, client and server
timeouts defined on the internal proxy used by a resolver.
While it is not an issue for DNS resolution over UDP, it can be a problem
for resolution over TCP. New sessions are automatically created when
required, and killed on excess. But only established connections are
considered. Connecting ones are never killed. Because there is no conncet
timeout, we rely on the kernel to report a connection error. And this may be
quite long.
Because resolutions are periodically triggered, this may lead to an excess
of unusable sessions in connecting state. This also prevents HAProxy to
quickly exit on soft-stop. It is annoying, especially because there is no
reason to not set a connect timeout.
So to mitigate the issue, we now use the "resolve" timeout as connect
timeout for the internal proxy attached to a resolver.
This patch should be backported as far as 2.4.
(cherry picked from commit 5220a8c5c453b780caea6aaefa30734019785d69)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 748111de201fd6d489749c86fc85df33b2dd4e94)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 020bd97f2d0821ec296ce2ba0d01b09f6c4be6c2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 2ccdcfa3dc70c5f5894431e483aa90635a9d97c4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed