0

I have consul, on ip 192.168.0.15, and I have installed haproxy via docker on same node with http port 8081(not that it matters). but I also have 1 of CoreDNS server running on same ip but port number is 5335 .

other 2 dns server are on same network but different nodes.

So what I am confused about is the haproxy config:

global
    maxconn 4096

defaults
    mode http
    timeout connect 5s
    timeout client 50s
    timeout server 50s

listen http-in
    bind *:53
    server dns1 192.168.0.15:5335
    server dns2 192.168.0.22:5335
    server dns3 192.168.0.23:5335

so if I serve my this haproxy node as loadbalancer for 3 above listed server How will I detect if I give loadbalancer ip to workstation in PRIMARY DNS that it is using the DNS server via haproxy or directly the 192.168.0.15:5335

Ciasto piekarz
  • 111
  • 1
  • 10
  • If workstations are configured with the IP address of your load balancer, then they will by default issue DNS queries to destination port 53 (UDP and TCP). Your workstations would not send queries to port 5353 so they would not be communicating directly with the backend instances. I'm not sure this configuration will work however. I do not believe HAProxy has the ability to proxy UDP traffic, and the configuration you're showing is not proxying pure TCP. You may want to look at a load balancer like NGINX, or a purpose built DNS load balancer like [dnsdist](https://www.dnsdist.org/). – Blake Covarrubias Sep 15 '20 at 05:44
  • Thank you @BlakeCovarrubias . I recently came to learn haproxy does not support udp. And was suggested to use nginx plus or dnsdist. However on a dndist docs i spotted how to use dnsdist with dnscrypt proxy. So i am wondering dnscrypt ptoxy a dns server like CoreDNS is? – Ciasto piekarz Sep 15 '20 at 07:46
  • 1
    dnsdist supports both [DNSCrypt](https://www.dnsdist.org/guides/dnscrypt.html) and [DNS-over-HTTPS](https://dnsdist.org/guides/dns-over-https.html). The should then be forwarded to [downstream servers](https://dnsdist.org/guides/downstreams.html) you may have configured such as CoreDNS. I recommend reading the docs to confirm whether dnsdist will satisfy your requirements. – Blake Covarrubias Sep 15 '20 at 23:03
  • https://dnscrypt.info/faq/ says DNSCrypt and DoH can share same port. – Ciasto piekarz Sep 15 '20 at 23:14

0 Answers0