[GH-ISSUE #166] Possible running condition with resolvconf package ? #69

New issue

Closed

opened 2026-02-26 04:33:57 +03:00 by kerem · 5 comments

kerem commented 2026-02-26 04:33:57 +03:00

Owner

Copy link

Originally created by @rgudwin on GitHub (Oct 19, 2019).
Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/166

What is Happening

I installed dns-proxy-server using:

docker run --rm \
-d \
--hostname dns.mageddo \
--name dns.mageddo \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf \
defreitas/dns-proxy-server

I use the -d to detach docker and run in background.
It works pretty well, but stops working in an intermittent way, returning later.

I have a container called sim.manager and at some times, if I try to ping it, it works:

$ ping sim.manager
PING sim.manager (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=1 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=2 ttl=64 time=0.064 ms
64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=3 ttl=64 time=0.062 ms

But from time to time it doesn't work:

$ ping sim.manager
ping: sim.manager: Name or service not known

later on, it starts working again ! Without doing anything !

What is expected

I would expect it to work consistently all the time.

Steps to Reproduce

It is really difficult to reproduce, because at some times it works, and later on it doesn't. Then it starts working again, without anything special. I am wondering if it is in a running condition with the resolvconf package, which is installed in my machine, because if I look at the /etc/resolv.conf, I have the following warning:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

# nameserver 127.0.0.53 # dps-comment
nameserver 172.17.0.3 # dps-entry

I suspect that resolvconf is overwriting the file and from time to time it competes with dns-proxy-server and makes it stop working, until dns-proxy-server re-writes the /etc/resolv.conf and starts working again. At least this is my guess ! Any hint, besides just uninstalling resolvconf ?

Specs:

• OS: [Kubuntu 18.04]
• Docker Version: 18.09.7
• DPS Version: 2.18.1

Originally created by @rgudwin on GitHub (Oct 19, 2019). Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/166 ### What is Happening I installed dns-proxy-server using: ``` docker run --rm \ -d \ --hostname dns.mageddo \ --name dns.mageddo \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /etc/resolv.conf:/etc/resolv.conf \ defreitas/dns-proxy-server ``` I use the -d to detach docker and run in background. It works pretty well, but stops working in an intermittent way, returning later. I have a container called sim.manager and at some times, if I try to ping it, it works: ``` $ ping sim.manager PING sim.manager (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=1 ttl=64 time=0.050 ms 64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=2 ttl=64 time=0.064 ms 64 bytes from 172.17.0.2 (172.17.0.2): icmp_seq=3 ttl=64 time=0.062 ms ``` But from time to time it doesn't work: ``` $ ping sim.manager ping: sim.manager: Name or service not known ``` later on, it starts working again ! Without doing anything ! ### What is expected I would expect it to work consistently all the time. ### Steps to Reproduce It is really difficult to reproduce, because at some times it works, and later on it doesn't. Then it starts working again, without anything special. I am wondering if it is in a running condition with the resolvconf package, which is installed in my machine, because if I look at the /etc/resolv.conf, I have the following warning: ``` # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. # nameserver 127.0.0.53 # dps-comment nameserver 172.17.0.3 # dps-entry ``` I suspect that resolvconf is overwriting the file and from time to time it competes with dns-proxy-server and makes it stop working, until dns-proxy-server re-writes the /etc/resolv.conf and starts working again. At least this is my guess ! Any hint, besides just uninstalling resolvconf ? **Specs:** - OS: [Kubuntu 18.04] - Docker Version: 18.09.7 - DPS Version: 2.18.1

kerem closed this issue 2026-02-26 04:33:57 +03:00

kerem commented 2026-02-26 04:33:57 +03:00

Author

Owner

Copy link

@RomanHargrave commented on GitHub (Oct 22, 2019):

resolvconf has pre- and post-hooks that allow applications to insert entries in the file when it is updated. Perhaps DPS should write those instead?

<!-- gh-comment-id:544991825 --> @RomanHargrave commented on GitHub (Oct 22, 2019): resolvconf has pre- and post-hooks that allow applications to insert entries in the file when it is updated. Perhaps DPS should write those instead?

kerem commented 2026-02-26 04:33:57 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Nov 3, 2019):

@rgudwin

/etc/resolv.conf can be replaced anytime by the network manager, or whatever software who think it is necessary, commonly it happens when you suspend your machine, restart the wifi, renew the DHCP address, something related to the network or network card change.

To bypass it, DPS has a cron which time to time reconfigures /etc/resolv.conf, actually it is running every 20 seconds, no way to parameterize at this time.

For now what you can try is to

• Change DPS MG_RESOLVCONF env to /etc/resolvconf/resolv.conf.d/base
  or /etc/resolvconf/resolv.conf.d/head (if one of their exists)
• Lock /etc/resolv.conf file for edition after you start DPS by running sudo chattr +i /etc/resolv.conf

<!-- gh-comment-id:549135512 --> @mageddo commented on GitHub (Nov 3, 2019): @rgudwin `/etc/resolv.conf` can be replaced anytime by the network manager, or whatever software who think it is necessary, commonly it happens when you suspend your machine, restart the wifi, renew the DHCP address, something related to the network or network card change. To bypass it, DPS has a cron which time to time reconfigures `/etc/resolv.conf`, actually it is running [every 20 seconds](https://github.com/mageddo/dns-proxy-server/blob/7f1c1dc/dns.go#L151), no way to parameterize at this time. For now what you can try is to * Change DPS `MG_RESOLVCONF` env to `/etc/resolvconf/resolv.conf.d/base` or `/etc/resolvconf/resolv.conf.d/head` (if one of their exists) * Lock `/etc/resolv.conf` [file for edition](https://askubuntu.com/a/56747/258912) after you start DPS by running `sudo chattr +i /etc/resolv.conf`

kerem commented 2026-02-26 04:33:57 +03:00

Author

Owner

Copy link

@mrubli commented on GitHub (Dec 8, 2019):

This is likely caused by whatever process normally updates your /etc/resolv.conf using the "safe" editing method of creating the new file under a different name first, then renaming the old file, and finally renaming the new file to the final name. This doesn't work well with Docker's file bind mounts as you can see here: https://github.com/moby/moby/issues/15793#issuecomment-135411504

In my case that's what dhclient was doing and it rendered DPS's 20-second "watchdog" useless.

The solution is pretty simple: Use a directory bind mount instead and point MG_RESOLVCONF to the right path. For example, instead of bind-mounting the host's /etc/resolv.conf to /etc/resolv.conf in the container I bind-mount the host's /etc directory to /host/etc in the container and set MG_RESOLVCONF=/host/etc/resolv.conf.

@mageddo It would be great if you could update the documentation to warn about this scenario and add a note on workarounds.

(For everyone trying to debug this kind of scenario, Linux auditing is of great help here. This answer on Server Fault summarizes it well.)

<!-- gh-comment-id:562955643 --> @mrubli commented on GitHub (Dec 8, 2019): This is likely caused by whatever process normally updates your `/etc/resolv.conf` using the "safe" editing method of creating the new file under a different name first, then renaming the old file, and finally renaming the new file to the final name. This doesn't work well with Docker's _file_ bind mounts as you can see here: https://github.com/moby/moby/issues/15793#issuecomment-135411504 In my case that's what `dhclient` was doing and it rendered DPS's 20-second "watchdog" useless. The solution is pretty simple: Use a directory bind mount instead and point `MG_RESOLVCONF` to the right path. For example, instead of bind-mounting the host's `/etc/resolv.conf` to `/etc/resolv.conf` in the container I bind-mount the host's `/etc` directory to `/host/etc` in the container and set `MG_RESOLVCONF=/host/etc/resolv.conf`. @mageddo It would be great if you could update the documentation to warn about this scenario and add a note on workarounds. (For everyone trying to debug this kind of scenario, Linux auditing is of great help here. [This answer on Server Fault](https://serverfault.com/a/320718) summarizes it well.)

kerem commented 2026-02-26 04:33:57 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Jan 3, 2020):

@mrubli awesome explanation. I think it is a good workaround, maybe better than the actual main solution. If you have time left to make this contribution about the resolv.conf on the docs please.

I'll do that not sure when, btw :-/

<!-- gh-comment-id:570653392 --> @mageddo commented on GitHub (Jan 3, 2020): @mrubli awesome explanation. I think it is a good workaround, maybe better than the actual main solution. If you have time left to make this contribution about the resolv.conf on the docs please. I'll do that not sure when, btw :-/

kerem commented 2026-02-26 04:33:57 +03:00

Author

Owner

Copy link

@mageddo commented on GitHub (Jul 9, 2020):

To make it easier to find in the future, the docs are here

<!-- gh-comment-id:656402091 --> @mageddo commented on GitHub (Jul 9, 2020): To make it easier to find in the future, the [docs are here](http://mageddo.github.io/dns-proxy-server/2.18/en/1-getting-started/running-it/#on-docker)

kerem referenced this issue 2026-02-26 04:34:38 +03:00

[PR #69] [MERGED] Bugfix/68 #253

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

gh-pages

develop

feat/138_2

feat/629

feat/594

5.9.0

5.9.0-snapshot

5.8.4

5.8.4-snapshot

5.8.3-snapshot

5.8.2-snapshot

5.8.1-snapshot

5.8.0-snapshot

5.7.0-snapshot

5.6.2-snapshot

5.6.1-snapshot

5.6.0-snapshot

5.5.1-snapshot

5.5.0-snapshot

5.4.0-snapshot

5.3.0-snapshot

5.2.0-snapshot

5.1.3-snapshot

5.1.2-snapshot

5.1.0-snapshot

5.0.5-snapshot

5.0.3-snapshot

5.0.2-snapshot

5.0.1-snapshot

5.0.0-snapshot

4.3.0-snapshot

4.2.0-snapshot

4.0.0

4.0.0-snapshot

3.32.7

3.32.7-snapshot

3.32.6

3.32.6-snapshot

3.32.5-snapshot

3.32.4

3.32.4-snapshot

3.32.3

3.32.3-snapshot

3.32.2-snapshot

3.32.1-snapshot

3.32.0-snapshot

3.31.1-snapshot

3.31.0-snapshot

3.30.5-snapshot

3.30.4

3.30.4-snapshot

3.30.3-snapshot

3.30.2-snapshot

3.30.1

3.30.1-snapshot

3.30.0-snapshot

3.29.0-snapshot

3.27.0

3.27.0-snapshot

3.26.0-snapshot

3.25.14

3.25.14-snapshot

3.25.13-snapshot

3.25.12-snapshot

3.25.11

3.25.11-snapshot

3.25.10

3.25.10-snapshot

3.25.9-snapshot

3.25.8-snapshot

3.25.7-snapshot

3.25.6-snapshot

3.25.4-snapshot

3.25.3-snapshot

3.25.2-snapshot

3.25.1-snapshot

3.25.0-snapshot

3.24.2

3.24.2-snapshot

3.24.1

3.24.1-snapshot

3.24.0-snapshot

3.23.0-snapshot

3.22.2-snapshot

3.22.3-snapshot

3.22.1-snapshot

3.21.3-snapshot

3.22.0-snapshot

3.21.2-snapshot

3.21.1-snapshot

3.20.0-snapshot

3.21.0-snapshot

3.19.7-snapshot

3.19.6-snapshot

3.19.5-snapshot

3.19.4-snapshot

3.19.3-snapshot

3.19.2-snapshot

3.19.1

3.19.1-snapshot

3.19.0

3.18.5-snapshot

3.18.4-snapshot

3.18.3-snapshot

3.18.2

3.18.2-snapshot

3.18.1-snapshot

3.18.0-snapshot

3.17.3-snapshot

3.17.2-snapshot

3.17.1-snapshot

3.17.0-snapshot

3.16.3-snapshot

3.16.2-snapshot

3.16.1-snapshot

3.16.0-snapshot

3.15.13-snapshot

3.15.12-snapshot

3.15.11-snapshot

3.15.10-snapshot

3.15.9-snapshot

3.15.8-snapshot

3.15.7-snapshot

3.15.6-snapshot

3.15.5-snapshot

3.15.4-snapshot

3.15.3-snapshot

3.15.2-snapshot

3.15.1-snapshot

3.15.0-snapshot

3.14.5

3.14.4

3.14.3

3.14.3-snapshot

3.14.2-snapshot

3.14.1-snapshot

3.14.0-snapshot

3.13.1

3.13.1-snapshot

3.13.0-snapshot

3.12.1

3.12.0

3.11.0

3.10.2-snapshot

3.10.3-snapshot

3.10.4-snapshot

3.10.5-snapshot

3.10.1-snapshot

3.9.2

3.9.1

3.9.0

3.8.1-last-version-with-quarkus

3.8.1

3.8.0

3.7.0

3.6.0

3.5.3

3.5.2

3.5.0

3.4.0-beta

3.3.0-beta

3.2.5-beta

3.2.4-beta

3.2.3-beta

3.2.2-beta

3.2.1-beta

3.2.0-beta

3.1.7-beta

3.1.6-beta

3.1.5-beta

3.1.4-beta

3.1.3-beta

3.1.2-beta

b-jre-8

3.1.1-beta

3.1.0-beta

3.0.4-beta

3.0.3-beta

3.0.2-beta

3.0.1-beta

v2-golang

2.19.5

2.19.4

2.19.3

2.19.2

2.19.1

2.19.0

2.18.7

2.18.6

2.18.5

2.18.4

2.18.3

2.18.2

2.18.1

2.18.0

2.17.4

2.17.3

2.17.2

2.17.1

2.17.0

2.16.0

2.15.0

2.14.6

2.14.5

2.14.4

2.14.2

2.14.1

2.14.0

2.13.2

2.13.1

2.13.0

2.12.0

2.11.0

2.10.4

2.10.3

2.10.2

2.10.1

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.1

2.6.0

2.5.4

2.5.3

2.5.2

2.5.1

2.5.0

2.4.1

2.4.0

2.3.3

2.2.3

2.2.2

2.2.1

2.2.0

2.1.8

2.1.7

2.1.6

2.1.5

2.1.2

2.1.1

2.1.0

2.0.21

2.0.20

2.0.19

2.0.18

2.0.17

2.0.16

2.0.9

2.0.5

2.0.4

v1-nodejs

1.8.1

1.8.0

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.0

1.4.0

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

peteris-version

1.1.4-peteris-version

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

Labels

Clear labels   

bug

  

confirmed

  

discussion

  

duplicate

  

enhancement

  

feature

  

feature-request

  

not-planned

  

pull-request

Mirrored from GitHub Pull Request

  

secondary-feature

  

stale

  

triage

  

waiting-feedback

No labels

bug

confirmed

discussion

duplicate

enhancement

feature

feature-request

not-planned

pull-request

secondary-feature

stale

triage

waiting-feedback

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/dns-proxy-server-mageddo#69

No description provided.