-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recreated container, stopped working #104
Comments
Hey @zilexa, could you run Also, does your test work if you remove the |
I am not sure if OP is still having this issue, but I am. All my dig requests to unbound return either a SERVFAIL or NOERROR. I am using docker-compose and the section specific to unbound looks like this:
My unbound.conf looks like this (essentially the template provided except with changes to include logging and ipv6):
The output of running
And finally, the output of running
|
Update: I've manually created ubuntu docker container and installed unbound and its required dependency and DNSSEC validation seems to work fine. I'm thinking this is image related but I could be wrong. |
I've been using this docker container for quite a while without problems, so your assumption it must be this container seems off. Have you tried commenting out the line that refers to root.hints in your conf file? Seems the first potential culprit as this container comes with one and I've seen another case where a user defined filed caused issues. Furthermore, to make life easier (and this is not necessarily related to the issue at hand), I would suggest to review your conf file and minimize the specific items to those you know are useful and impact full for your specific situation. Makes debugging easier as well 😊 |
I just checked again, and you are right! I think my issue was related to DNS Cache and my router forwarding DNS requests to its own servers if a DNS server doesn't exist. Side Note: I also discovered that Lima isn't able to port forward UDP ports and that was the reason for why my dig commands would fail when trying to query unbound. Adding |
Hi I'm the OP. Strangely, it only seems to be an issue the first 24hrs after recreating the container. |
I still have this issue. When i simply change the DNS server from my Unbound container (127.0.0.1:5335) to for example 1.1.1.1, all works fine immediately. Quite annoying when you reboot your server. |
That is odd, and it could be linked to a number of things it seems. Did you try a simple dig command in the CLI to test Unbound individually? FYI, I run Pi-Hole and Unbound in Docker, using Docker Compose and have never faced something along the lines of what you describe. How do you create the containers? (besides that, as mentioned, there could be multiple things at play here such as DNSSEC issues linked to bad time setting etc) |
I still have this issue. I changed the temp solution 1.1.1.1 back to 192.168.88.2:5335 and it worked. So I thought I start fresh:
When testing on the host:
More info:
Running Manjaro Gnome on an Intel based system, wired connected to my Mikrotik RouterOS router (with a Netgear switch in between). I'm pretty sure if I test tomorrow, all is fine again.. |
I did not even have to wait that long. It already works now, couple hours later, without changing anything. I even switched back to my "own" config, in which I set the port to 5335 and loglevel "2". This way, I can run Unbound in "network_mode: host". This way I can simply use 192.168.88.2:5335 in AdGuard Home (my server IP address). If I do not run Unbound in host network mode, I am forced to use the IP address of the docker container in AdGuard Home (172.19.0.2:53, because 192.168.88.2:5335 doesn't work, it makes no sense, but it doesn't work). Something I do not want, because theoretically a different IP could get assigned when I stop the container or recreate the container. I still do not understand why I have to wait several hours before Unbound works again. |
I've struggled with docker for a while when trying to combine pi-hole and unbound as well (pi-hole and adguard home serve the same purpose). For me, things also only seem to work using the host network driver. And even stranger, despite setting the 5335 port as you do, it uses 53... |
@churchofnoise I think you are confusing things? When you use hostmode, you cannot set ports in docker. The port in unbound.conf will be listened to, in my case that is definitely 5335 (see my config in the prev post). So for me the issue is not that this image doesn't work, or only works in host mode. It works in both modes and listens to the expected port... It just does not work after a reboot, for a couple of hours... which makes absolutely no sense to me. |
Apologies, you are right... I have it in bridge mode BTW... |
Maybe it has something to do with timestamps? Try mounting Also I should note the latest releases of |
I believe this is the test to confirm it isn't working:
I never configure anything for unbound, I just dump 127.0.0.1:5335 in Adguard Home as my only DNS server.
I did not modify my Docker Compose.
Log, obtained through Portainer:
Why did it stop working?
The text was updated successfully, but these errors were encountered: