Running 2.0.0-rc3 with network_mode: host - issues that are persistent in all images
Kampe opened this issue · 1 comments
hello! attempting to update to the latest versions as I'm having issues when my network loses connectivity, this container never is able to reconnect and continue serving requests. However my issue at the moment seems to be that I run this container with host networking for a plethora of reasons on my raspi, I also give it the requested permissions set below:
cloudflared:
container_name: cloudflared
image: qmcgaw/dns:v2.0.0-rc3
environment:
- VERBOSITY=0
- VERBOSITY_DETAILS=0
- BLOCK_MALICIOUS=off
- BLOCK_SURVEILLANCE=off
- BLOCK_ADS=off
- CHECK_UNBOUND=off
- DOT_RESOLVERS=cloudflare,google
- DOH_RESOLVERS=cloudflare,google
- LISTENINGPORT=5054
- UPDATE_PERIOD=24h
restart: always
cap_add:
- NET_ADMIN
- NET_RAW
ports:
- 5054:5054/tcp
- 5054:5054/udp
network_mode: host
In the logs I see a lot of these:
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: ssl handshake failed crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: ssl handshake failed crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
2022/05/08 20:27:04 INFO [24739200603521024] unbound[16:1] error: and additionally crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2022/05/08 20:27:09 INFO unbound loop exited
2022/05/08 20:27:09 WARN healthcheck server: shutting down (context canceled)
2022/05/08 20:27:09 ERROR DNS is not working: after 10 tries: lookup github.com on 192.168.1.1:53: server misbehaving
2022/05/08 20:27:09 INFO Shutdown successful
What needs to be done here to allow this container to perform its duties as it was with the latest version? I'm running rasbian, so I gave updating libseccomp-dev on the host a shot. #77
This had no effect unfortunately.
Please use image qmcgaw/dns:v2.0.0-beta
, it's rather stable, documentation is available on the v2.0.0-beta branch of the repo. It will most likely work. It does implement DoT and DoH, and also uses less resources as far as I've seen (there is also Prometheus metrics etc.). It's in beta since the Go programming API is not fully finished for stable usage.
The older image (still :latest
) using Unbound will soon be deprecated, and I won't really fix it anymore.
Thanks for your understanding!