Looking at the code, and testing it for TCP servers it does seem to be supported. To confirm I tried to use a "bad" source address, and it fails as expected:
> [ALERT] (104635) : Cannot bind to source address before connect() for > backend mybaddns. Aborting. Using a correct address I see haproxy connecting using the proper address (at least on the initial attempt) (dns over tcp properly leverages stream applet so server options relevant to tcp should work) So if it doesn't work consistently we're more likely hitting a bug indeed :/ Aurelien On 3/7/25 16:47, Willy Tarreau wrote: > Hi Luke, > > On Fri, Mar 07, 2025 at 02:28:04PM +0700, Luke Seelenbinder wrote: >> Hi list, >> >> We had a quick question. Does `nameserver` support the `source` parameter? >> It appears to in the documentation and the config validates, but it seems >> HAProxy may ignore it. >> >> Our relevant config: >> >> resolvers default >> # Note: we prefer using AWS, but we can't due to: >> https://github.com/haproxy/haproxy/issues/1845 >> #nameserver aws1 tcp6@[2600:9000:5300:f500::1]:53 source [{{ public_ipv6 >> }}] >> #nameserver aws2 tcp6@[2600:9000:5302:cc00::1]:53 source [{{ public_ipv6 >> }}] >> nameserver g1 tcp6@[2001:4860:4860::8888]:53 source [{{ >> public_ipv6 }}] >> nameserver g2 tcp6@[2001:4860:4860::8844]:53 source [{{ >> public_ipv6 }}] >> nameserver opendns tcp6@[2620:0:ccc::2]:53 source [{{ >> public_ipv6 }}] >> accepted_payload_size 8192 >> resolve_retries 4 >> >> hold valid 60s >> hold obsolete 30s >> hold timeout 300s >> >> timeout resolve 20s >> timeout retry 1s >> >> In practice, we've found it may use another IPv6 (e.g., one bound for >> failover), which results in resolution failures. > > I must confess I have no idea :-/ Normally it should work if it's > accepted by the config, but maybe you've hit a big. I'm CCing Emeric. > > Thanks, > Willy > > >
