Hi, We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache? Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log [service-client] client = yes accept = localhost:4680 connect = service.example.com:4680 [service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80 Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
My guess is it only does dns.lookup() function, on a restart/reload... Hopefully I'm wrong but if i'm right it would not automagically look up the address and notice changes. Aaron West Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 [email protected] LEAVE A REVIEW <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT GUIDES <https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017> | BLOG <https://www.loadbalancer.org/blog/?gclid=ES2017> On Fri, 21 Aug 2020 at 22:30, Peter Zhao <[email protected]> wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Failover= re option would help you On Fri, Aug 21, 2020, 22:30 Peter Zhao <[email protected]> wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
And maybe: *delay* = yes | no delay DNS lookup for the *connect* option This option is useful for dynamic DNS, or when DNS is not available during *stunnel* startup (road warrior VPN, dial-up configurations). Delayed resolver mode is automatically engaged when stunnel fails to resolve on startup any of the *connect* targets for a service. Delayed resolver inflicts *failover = prio*. default: no So it looks up each connect and notices the change. Actually a very nice feature! Aaron West Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 [email protected] LEAVE A REVIEW <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT GUIDES <https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017> | BLOG <https://www.loadbalancer.org/blog/?gclid=ES2017> On Sat, 22 Aug 2020 at 11:35, tayyib ahmed <[email protected]> wrote:
Failover= re option would help you
On Fri, Aug 21, 2020, 22:30 Peter Zhao <[email protected]> wrote:
Hi,
We are trying to use DNS load balance in a stunnel client with round-robin algorithm. service.example.com is mapping to two ips. But when we update DNS to remove one of ips for service.example.com stunnel client still forward requests to both ips. How to make stunnel client to resolve domain name and refresh its cache?
Here is stunnel configuration. sslVersion=TLSv1.2 cert = /etc/stunnel/stunnel.pem output=/var/log/stunnel.log
[service-client] client = yes accept = localhost:4680 connect = service.example.com:4680
[service-server] client = no accept = 10.10.0.16:4680 connect = loclhost:80
Here is the resolving result for service.example.com. ;; ANSWER SECTION: service.example.com. 5 IN A 10.10.0.16 service.example.com. 5 IN A 10.10.0.8
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
participants (3)
-
Aaron West -
Peter Zhao -
tayyib ahmed