qdm12/dns

ssl handshake failed

ThalusA opened this issue · 3 comments

ThalusA commented

I keep having this kind of error at startup :

dns    | 2021/04/09 22:04:01 INFO [22768875766546432] unbound[15:0] error: ssl handshake failed crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
dns    | 2021/04/09 22:04:01 INFO [22768875766546432] unbound[15:0] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
dns    | 2021/04/09 22:04:01 INFO [22768875766546432] unbound[15:0] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
dns    | 2021/04/09 22:04:01 INFO [22768875766546432] unbound[15:0] error: and additionally crypto error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
dns    | 2021/04/09 22:04:01 INFO [22768875766546432] unbound[15:0] error: and additionally crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

My docker-compose.yml file :

version: "3"
services:
  dns:
    image: qmcgaw/dns
    container_name: dns
    volumes:
      - /home/pi/config/dns/include.conf:/unbound/include.conf:ro
    environment:
      - BLOCK_MALICIOUS=off
      - PROVIDERS=cloudflare,google
      - IPV6=on
    ports:
      - 53:53/udp
    dns: 127.0.0.1
    network_mode: bridge
    restart: always

My include.conf file :

server:
  local-data: "*.local A 192.168.1.32"

Event without the include.conf file, any environment parameter and setting dns to localhost it doesn't work either.
What is the problem ?

qdm12 commented

Oh oh that's because of Alpine 3.13 and you're running a 32 bit OS (the time representation changed and many programs (👀 unbound/openssl) didn't change their code for it). I'll revert back to Alpine 3.12.

For the time being you can use a previous image tag (I think v1.5.1) or a soon to be newer image qmcgaw/dns:v2.0.0-beta. Documentation is a bit different, you can find it on the v2.0.0-beta branch.

qdm12 commented

Can you try that first? Does this solve it perhaps?

  • 👍2
darrencloutier commented

@qdm12 - I was having this exact problem for the last week or so and the instructions in your link fixed it for me. Thank you!