[Pdns-users] Strange behavior with LUA records

[Riccardo Brunetti]

Hello everybody.

We are having a strange issue with a LUA A record.



We have two servers: A (IP-A) and B (IP-B) running a service in TLS on port 8443 with a X509 certificate with CN=service-name.



We would like to load balance those two servers using LUA A records, so we defined the following entry:



service-name LUA "ifportup(8443, {'IP-A', 'IP-B'})"



The name resolution seems to work: if we stop the service on one of the two servers, nslookup will return the IP of the working one.



Unfortunately we start having continuous errors on the service log:



> ....
> TLS handshake error from xx.xx.xx.xx:34711: EOF
> 
> ....

where xx.xx.xx.xx are the IPs of the powerdns servers. It seems that the port check doesn't handle the TLS handshake correctly.

Moreover, even if we completely delete the LUA record, those errors continue until we restart pdns.



We are running PowerDNS Authoritative Server 4.7.4



Have you ever experienced this issue?

Do you have some hints on it?



Thanks a lot. Kind regards

Riccardo 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20240411/4b8885d6/attachment.htm>