-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: unbound container failing to resolve mailcow.email and other domains #5884
Comments
There seems to be a number of hosts unbound is not resolving. I found Logs for the dovecot container showed that mail:~#docker exec -it mailcowdockerized-unbound-mailcow-1 bash
18b739925f75:/# host www.spamassassin.heinlein-support.de 127.0.0.1
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: timed out
;; no servers could be reached
18b739925f75:/# host www.spamassassin.heinlein-support.de 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:
www.spamassassin.heinlein-support.de has address 185.97.174.62
18b739925f75:/# host www.spamassassin.heinlein-support.de 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
www.spamassassin.heinlein-support.de has address 185.97.174.62 |
SOLVED! Our upstream provider was blocking IPS from www.ipdeny.com. This was causing unbound to not be able to hit root dns servers and for dovecot to not be able to connect to www.spamassassin.heinlein-support.de which causes it to not start properly. This caused mailcow to reset the 993 connection attempt, which is what lead me down this road originally. Long story short, if you are getting dovecot container reseting connection attempts to its ports (993,995,110,143) and/or unbound is not resolving random hostnames, check that your ip connections are not being blocked up stream. They removed the blocks and evrything is working perfectly now. |
Contribution guidelines
I've found a bug and checked that ...
Description
After running update on a previously working installation, unbound failed to start. It stated that it was unhealthy. This resulted in the message:
Which also cause postfix not to start.
After finding the health checks and setting
SKIP_UNBOUND_HEALTHCHECK=y
in the.env
file, I was able to get my installation back up and running.Exec'ing a bash shell in the unbound container and running the checks found in
data/Dockerfiles/unbound/healthcheck.sh
, I was able to find thatmailcow.email
was not resolving inside the shell, thus failing the health check.DNS working outside of container and other DNS
I have confirmed that my host OS can lookup
mailcow.email
. Also, inside the container can lookupmailcow.email
when using another server like 1.1.1.1.This seems like an unbound issue as I don't think I can find anything that has changed.
I am trying to see if something has changed with the mailcow.email domain that the root servers would not respond, but everything works for me outside of the docker container.
Git Commit
Firewall
I have confirmed no external firewall is blocking packets, and I confirmed the hosts's firewall was not blocking any packets.
Workaround
Edit
.env
config file and turn off unbound checksLogs:
Logs from host syslog
Steps to reproduce:
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Ubuntu 22.04 LTS amd64
Server/VM specifications:
8GB, 8 cores
Is Apparmor, SELinux or similar active?
no
Virtualization technology:
Proxmox/KVM
Docker version:
25.0.3
docker-compose version or docker compose version:
2.11.1
mailcow version:
2024-04
Reverse proxy:
nginx
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check:
The text was updated successfully, but these errors were encountered: