sdr-enthusiasts/docker-readsb-protobuf

Docker is trying to connect every 5 and 15 seconds to GitHub

BeginnerOfLife opened this issue · 10 comments

Hi,
In pi-hole I have alternating entries of DNS queries for github.com for IPv4 and IPv6 at 5 and 15 second intervals. Likewise for github.com on the local network, which of course does not exist. Is there any way to turn this off with Docker Compose? The docker file is the latest.
Thank you very much for the support :-)
Many greetings Christian

Hi @BeginnerOfLife, 5 and 15 second intervals seems odd. Some of the containers (eg: tar1090) update their aircraft database on start up and every ~24 hours - not 5 and 15 seconds...

Are you running watchtower? This may be checking for updated images far too frequently...

Hello Mikenye,
yes I am running watchtower but at this time it was not enabled... I started one docker container after the other and the github.com fun started after readsb...
Here a short query log:

2022-05-30 10:15:27	A	github.com
2022-05-30 10:15:27	AAAA	github.com
2022-05-30 10:15:22	A	github.com
2022-05-30 10:15:22	AAAA	github.com
2022-05-30 10:15:06	AAAA	github.com
2022-05-30 10:15:06	A	github.com
2022-05-30 10:15:01	A	github.com
2022-05-30 10:15:01	AAAA	github.com
2022-05-30 10:14:46	AAAA	github.com
2022-05-30 10:14:46	A	github.com

I am using docker-compose and these are the entries for readsb and fr24feed:

readsb:
    image: mikenye/readsb-protobuf:latest
    container_name: readsb
    hostname: readsb
    restart: always
    networks:
      adsb_net:
        ipv4_address: "172.30.0.2"
    ports:
      - "8280:8080"
    expose:
      - "30005"
    devices:
      - "/dev/bus/usb"
    environment:
      TZ: 'Europe/Berlin'
      READSB_DCFILTER: 'true'
      READSB_DEVICE_TYPE: 'rtlsdr'
      READSB_RTLSDR_DEVICE: '1090'
      READSB_FIX: 'true'
      READSB_GAIN: 'autogain'
      READSB_LAT: 'some number'
      READSB_LON: 'some number'
      READSB_MODEAC: 'true'
      READSB_RX_LOCATION_ACCURACY: '2'
      READSB_STATS_RANGE: 'true'
      READSB_NET_ENABLE: 'true'
      READSB_NET_CONNECTOR: 172.30.0.2,30005,beast_out
    volumes:
      - "readsbpb_rrd:/run/collectd"
      - "readsbpb_autogain:/run/autogain"

  fr24feed:
    image: mikenye/fr24feed:latest
    container_name: fr24feed
    hostname: fr24feed
    restart: always
    depends_on:
      - pihole
      - readsb
    networks:
      adsb_net:
        ipv4_address: "172.30.0.3"
      dns:
    dns:
      - 172.18.0.2
    ports:
      - "8754:8754"
    environment:
      TZ: 'Europe/Berlin'
      BEASTHOST: '172.30.0.2'
      FR24KEY: 'some number'
      MLAT: 'yes'

I think I have everything fine in the compose file as it runs fine except the github.com entries. And also I have entries looking for github.com.arpa.home... something more confusing because this is my local domain instead of .local. I check the container too but did not found anything with github.com... Next weekend I will shutdown the containers again and wait one hour between the next start up of the next container.

Best regards,
Christian

Now I stopped the readsb container and github.com stopped showing up in the query log in pi-hole.

netstat -veepc shows

Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
udp        0      0 readsb:44391            192.168.1.3:53          ESTABLISHED root       7254861    -                   
udp        0      0 localhost:54475         127.0.0.11:53           ESTABLISHED root       7258274    10576/curl          
udp        0      0 readsb:41452            192.168.1.3:53          ESTABLISHED root       7260709    -                   
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  3      [ ]         STREAM     CONNECTED     7254812  10576/curl           
unix  3      [ ]         STREAM     CONNECTED     7254810  10576/curl           
unix  3      [ ]         STREAM     CONNECTED     7254811  10576/curl           
unix  3      [ ]         STREAM     CONNECTED     7254813  10576/curl           

and grep -r curl * shows

etc/services.d/readsb-db-update/run:curl \

and in this file the target of curl is github.com

As you've found, there's a service readsb-db-update. This file runs every 24 hours. It checks the version of readsb's database and if a newer one exists, it will download it.

If you don't want this behaviour, I can implement an option to disable it.

Thanks for updating my text. Looks better now and again something learned.

Running netstat -veepc in the container shows that readsb is connecting to DNS twice and curl once.

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 readsb:30005            fr24feed.adsb_net:36764 ESTABLISHED root       7663922    441/readsb          
tcp        0      0 readsb:44636            readsb:30005            ESTABLISHED root       7663627    441/readsb          
tcp        0      0 readsb:30005            readsb:44636            ESTABLISHED root       7663629    441/readsb          
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
udp        0      0 readsb:45709            192.168.1.3:53          ESTABLISHED root       7669864    -                   
udp        0      0 localhost:58624         127.0.0.11:53           ESTABLISHED root       7669204    2127/curl           
udp        0      0 readsb:43751            192.168.1.3:53          ESTABLISHED root       7671817    -                   
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  3      [ ]         STREAM     CONNECTED     7666274  2127/curl            
unix  3      [ ]         STREAM     CONNECTED     7666273  2127/curl            
unix  3      [ ]         STREAM     CONNECTED     7666276  2127/curl            
unix  3      [ ]         STREAM     CONNECTED     7666275  2127/curl            
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
netstat: no support for `AF ROSE' on this system.

And ps -e is showing short after starting a new container.

    PID TTY          TIME CMD
      1 ?        00:00:00 s6-svscan
     35 ?        00:00:00 s6-supervise
    373 ?        00:00:00 s6-supervise
    374 ?        00:00:00 s6-supervise
    376 ?        00:00:00 s6-supervise
    377 ?        00:00:00 s6-supervise
    379 ?        00:00:00 s6-supervise
    380 ?        00:00:00 s6-supervise
    381 ?        00:00:00 s6-supervise
    382 ?        00:00:00 bash
    383 ?        00:00:00 s6-supervise
    384 ?        00:00:00 s6-supervise
    385 ?        00:00:00 bash
    386 ?        00:00:00 s6-supervise
    389 ?        00:00:00 bash
    390 ?        00:00:00 bash
    391 ?        00:00:00 bash
    393 ?        00:00:00 bash
    394 ?        00:00:00 bash
    404 ?        00:00:00 bash
    410 ?        00:00:00 sleep
    413 ?        00:00:00 readsbrrd
    414 ?        00:00:00 awk
    416 ?        00:00:00 grep
    419 ?        00:00:00 grep
    423 ?        00:00:00 sleep
    427 ?        00:00:00 sleep
    429 ?        00:00:00 collectd
    430 ?        00:00:00 awk
    441 ?        00:00:51 readsb
    442 ?        00:00:00 sed
    443 ?        00:00:00 awk
    457 ?        00:00:00 sleep
    478 ?        00:00:00 lighttpd
    479 ?        00:00:00 awk
    486 pts/0    00:00:00 bash
   2790 ?        00:00:00 bash
   2792 ?        00:00:00 sleep
   2808 ?        00:00:00 bash
   2812 ?        00:00:00 curl
   2814 pts/0    00:00:00 ps

The 24h behavior is fine and being up to date is good :-) but I have around 16504 DNS requests for github.com and the same number for github.com.local in one day.

My knowledge is not the best with Linux and Docker but it seems that curl is asking the Docker internal DNS 127.0.0.11 and never stops and so the four Unix streams will also never stop.

Okay, looks like this entry

udp        0      0 localhost:58624         127.0.0.11:53           ESTABLISHED root       7669204    2127/curl

was the problem.
I added in docker-compose.yml my DNS network to the readsb container and set the DNS to my pi-hole. Now the entries are gone. Maybe life is easier when everything runs as host :-).

  readsb:
    image: mikenye/readsb-protobuf:latest
    container_name: readsb
    hostname: readsb
    restart: always
    networks:
      adsb_net:
        ipv4_address: "172.30.0.2"
      dns:
    dns:
      - 172.18.0.2
    ports:
      - "8280:8080"
    expose:
      - "30005"
    devices:
      - "/dev/bus/usb"
    environment:
      TZ: 'Europe/Berlin'
      READSB_DCFILTER: 'true'
      READSB_DEVICE_TYPE: 'rtlsdr'
      READSB_RTLSDR_DEVICE: '1090'
      READSB_FIX: 'true'
      READSB_GAIN: 'autogain'
      READSB_LAT: 'some number'
      READSB_LON: 'some number'
      READSB_MODEAC: 'true'
      READSB_RX_LOCATION_ACCURACY: '2'
      READSB_STATS_RANGE: 'true'
      READSB_NET_ENABLE: 'true'
      READSB_NET_CONNECTOR: 172.30.0.2,30005,beast_out
      READSB_RTLSDR_PPM: 37
    volumes:
      - "readsbpb_rrd:/run/collectd"
      - "readsbpb_autogain:/run/autogain"

Glad to hear you've sorted it out. Can this issue be closed?

Sure and thank you very much for your support :-)

You're very welcome :-)