I'm using stunnel in client mode to proxy between my Haproxy and a HTTPS backend server. I've read that Haproxy caches the resolved IPs on each config load, which isn't a problem in my current setup. However, it got me thinking whether or not stunnel caches the DNS results as well. I find that there's a delay = yes
option which sounds like it should alleviate my concern. From the manual:
delay = yes | no
delay DNS lookup for connect option
This option is useful for dynamic DNS, or when DNS is not available during stunnel startup (road warrior VPN, dial-up configurations).
Delayed resolver mode is automatically engaged when stunnel fails to resolve on startup any of the connect targets for a service.
Delayed resolver inflicts failover = prio.
default: no
If I set delay = yes
, will the DNS be resolved at every single connection, or does it use the OS's DNS cache (which would invalidate)?