Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
My guess is it only does dns.lookup() function, on a restart/reload...
Hopefully I'm wrong but if i'm right it would not automagically look up the address and notice changes. Aaron West
Loadbalancer.org Ltd. www.loadbalancer.org https://www.loadbalancer.org/?gclid=ES2017
https://plus.google.com/+LoadbalancerOrg https://twitter.com/loadbalancerorg http://www.linkedin.com/company/3191352?trk=prof-exp-company-name https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017 https://www.loadbalancer.org/?gclid=ES2017 +1 888 867 9504 / +44 (0)330 380 1064 aaron@loadbalancer.org
LEAVE A REVIEW http://collector.reviews.io/loadbalancer-org-inc-/new-review | DEPLOYMENT GUIDES https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017 | BLOG https://www.loadbalancer.org/blog/?gclid=ES2017
On Fri, 21 Aug 2020 at 22:30, Peter Zhao pzhao@paymentus.com wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Failover= re option would help you
On Fri, Aug 21, 2020, 22:30 Peter Zhao pzhao@paymentus.com wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
And maybe:
*delay* = yes | no
delay DNS lookup for the *connect* option
This option is useful for dynamic DNS, or when DNS is not available during *stunnel* startup (road warrior VPN, dial-up configurations).
Delayed resolver mode is automatically engaged when stunnel fails to resolve on startup any of the *connect* targets for a service.
Delayed resolver inflicts *failover = prio*. default: no
So it looks up each connect and notices the change. Actually a very nice feature! Aaron West
Loadbalancer.org Ltd. www.loadbalancer.org https://www.loadbalancer.org/?gclid=ES2017
https://plus.google.com/+LoadbalancerOrg https://twitter.com/loadbalancerorg http://www.linkedin.com/company/3191352?trk=prof-exp-company-name https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017 https://www.loadbalancer.org/?gclid=ES2017 +1 888 867 9504 / +44 (0)330 380 1064 aaron@loadbalancer.org
LEAVE A REVIEW http://collector.reviews.io/loadbalancer-org-inc-/new-review | DEPLOYMENT GUIDES https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017 | BLOG https://www.loadbalancer.org/blog/?gclid=ES2017
On Sat, 22 Aug 2020 at 11:35, tayyib ahmed tayyib76@gmail.com wrote:
Failover= re option would help you
On Fri, Aug 21, 2020, 22:30 Peter Zhao pzhao@paymentus.com wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Aaron West -
Peter Zhao -
tayyib ahmed