starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 09:46:00 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1032] DNS client on container not working #729

New issue
Closed
opened 2026-03-03 02:02:37 +03:00 by kerem · 2 comments
kerem commented 2026-03-03 02:02:37 +03:00
Owner
Copy link

Originally created by @sbach89 on GitHub (Jun 12, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1032

Subject of the issue

DNS client on container not working, container unable to resolve hostnames to send email, connect to Yubico validations servers and pull in Website Icons,

Your environment

  • Bitwarden_rs version: 1.14.2-08077833
  • Install method: Docker/Podman
  • Other relevant information:

Steps to reproduce

CentOS 8 host.
SELinux is disabled on host.
FirewallD is disabled on host.
Container has correct internal DNS servers in /etc/resolv.conf

podman create --name bitwarden -e ROCKET_PORT=8080 -e DOMAIN=https://vault.DOMAIN/ -e ADMIN_TOKEN= -e LOG_FILE=/data/bitwarden.log -e LOG_LEVEL=debug -v /bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest

I then generate a systemd file with podman and enable and run it.

Attempting to see if there was some type of issue with Podman, I installed Docker and ran the following:

docker run -d --name bitwarden -e ROCKET_PORT=8080 -e DOMAIN=https://vault.DOMAIN/ -e ADMIN_TOKEN= -e LOG_FILE=/data/bitwarden.log -e LOG_LEVEL=debug -v /bw-data/:/data/ --restart always -p 8080:8080 bitwardenrs/server:latest

Same results, not able to resolve hostnames. The host is able to ping and resolve via hostnames.

Expected behaviour

Be able to resolve hostnames.

Actual behaviour

Not resolving hostnames effectively no longer allowing users with 2FA able to login

Relevant logs

Here is a snippet from trying to pull website icons, this is happening for my entire vault.


[2020-06-12 12:55:20][reqwest::connect][DEBUG] starting new connection: http://www.pcs401k.com/
[2020-06-12 12:55:20][hyper::client::connect::dns][DEBUG] resolving host="www.pcs401k.com"
[2020-06-12 12:55:30][bitwarden_rs::api::icons][INFO] Download failed for http://www.pcs401k.com/favicon.ico
[2020-06-12 12:55:30][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response

Here is log trying to contact Yubico

[2020-06-12 13:22:50][request][INFO] POST /api/two-factor/get-yubikey
[2020-06-12 13:22:50][response][INFO] POST /api/two-factor/get-yubikey (generate_yubikey) => 200 OK
[2020-06-12 13:22:56][request][INFO] PUT /api/two-factor/yubikey
[2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api.yubico.com/
[2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api2.yubico.com/
[2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api.yubico.com"
[2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api3.yubico.com/
[2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api2.yubico.com"
[2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api4.yubico.com/
[2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api5.yubico.com/
[2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api3.yubico.com"
[2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api4.yubico.com"
[2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api5.yubico.com"
[2020-06-12 13:23:25][request][INFO] GET /alive
[2020-06-12 13:23:25][response][INFO] GET /alive (alive) => 200 OK
[2020-06-12 13:23:26][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] Network(
    reqwest::Error {
        kind: Request,
        url: "https://api5.yubico.com/wsapi/2.0/verify?id=55569&nonce=RBsytofVfGnzdskykujlkVvwtEeEhjD9FakkhIUH&otp=xxxxxxxxxxxxxxx&sl=100&h%3D3STMwGULYKi5DWG22bcGljVAf0o%3D",
        source: TimedOut,
    },
)
[2020-06-12 13:23:26][response][INFO] PUT /api/two-factor/yubikey (activate_yubikey_put) => 400 Bad Request

And here is log for SMTP failure.

[2020-06-12 12:52:22][error][ERROR] SmtpError.
[CAUSE] Client(
    "Could not connect",
)
[2020-06-12 12:52:22][response][INFO] POST /api/two-factor/send-email (send_email) => 400 Bad Request
Originally created by @sbach89 on GitHub (Jun 12, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1032 <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS adresses and especially passwords, if neccessary. --> ### Subject of the issue DNS client on container not working, container unable to resolve hostnames to send email, connect to Yubico validations servers and pull in Website Icons, ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: 1.14.2-08077833 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker/Podman * Other relevant information: ### Steps to reproduce CentOS 8 host. SELinux is disabled on host. FirewallD is disabled on host. Container has correct internal DNS servers in /etc/resolv.conf ```` podman create --name bitwarden -e ROCKET_PORT=8080 -e DOMAIN=https://vault.DOMAIN/ -e ADMIN_TOKEN= -e LOG_FILE=/data/bitwarden.log -e LOG_LEVEL=debug -v /bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest ```` I then generate a systemd file with podman and enable and run it. Attempting to see if there was some type of issue with Podman, I installed Docker and ran the following: ```` docker run -d --name bitwarden -e ROCKET_PORT=8080 -e DOMAIN=https://vault.DOMAIN/ -e ADMIN_TOKEN= -e LOG_FILE=/data/bitwarden.log -e LOG_LEVEL=debug -v /bw-data/:/data/ --restart always -p 8080:8080 bitwardenrs/server:latest ```` Same results, not able to resolve hostnames. The host is able to ping and resolve via hostnames. ### Expected behaviour Be able to resolve hostnames. ### Actual behaviour Not resolving hostnames effectively no longer allowing users with 2FA able to login ### Relevant logs Here is a snippet from trying to pull website icons, this is happening for my entire vault. ``` [2020-06-12 12:55:20][reqwest::connect][DEBUG] starting new connection: http://www.pcs401k.com/ [2020-06-12 12:55:20][hyper::client::connect::dns][DEBUG] resolving host="www.pcs401k.com" [2020-06-12 12:55:30][bitwarden_rs::api::icons][INFO] Download failed for http://www.pcs401k.com/favicon.ico [2020-06-12 12:55:30][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response ``` Here is log trying to contact Yubico ```` [2020-06-12 13:22:50][request][INFO] POST /api/two-factor/get-yubikey [2020-06-12 13:22:50][response][INFO] POST /api/two-factor/get-yubikey (generate_yubikey) => 200 OK [2020-06-12 13:22:56][request][INFO] PUT /api/two-factor/yubikey [2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api.yubico.com/ [2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api2.yubico.com/ [2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api.yubico.com" [2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api3.yubico.com/ [2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api2.yubico.com" [2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api4.yubico.com/ [2020-06-12 13:22:56][reqwest::connect][DEBUG] starting new connection: https://api5.yubico.com/ [2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api3.yubico.com" [2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api4.yubico.com" [2020-06-12 13:22:56][hyper::client::connect::dns][DEBUG] resolving host="api5.yubico.com" [2020-06-12 13:23:25][request][INFO] GET /alive [2020-06-12 13:23:25][response][INFO] GET /alive (alive) => 200 OK [2020-06-12 13:23:26][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] Network( reqwest::Error { kind: Request, url: "https://api5.yubico.com/wsapi/2.0/verify?id=55569&nonce=RBsytofVfGnzdskykujlkVvwtEeEhjD9FakkhIUH&otp=xxxxxxxxxxxxxxx&sl=100&h%3D3STMwGULYKi5DWG22bcGljVAf0o%3D", source: TimedOut, }, ) [2020-06-12 13:23:26][response][INFO] PUT /api/two-factor/yubikey (activate_yubikey_put) => 400 Bad Request ```` And here is log for SMTP failure. ```` [2020-06-12 12:52:22][error][ERROR] SmtpError. [CAUSE] Client( "Could not connect", ) [2020-06-12 12:52:22][response][INFO] POST /api/two-factor/send-email (send_email) => 400 Bad Request ````
kerem closed this issue 2026-03-03 02:02:37 +03:00
kerem commented 2026-03-03 02:02:38 +03:00
Author
Owner
Copy link

@sbach89 commented on GitHub (Jun 12, 2020):

I just realized I was running an old version, I'm now on 1.15.0-52ed8e4d, and under Diagnostics > DNS check,

DNS (github.com) ERROR Could not resolve domain name.
<!-- gh-comment-id:643443323 --> @sbach89 commented on GitHub (Jun 12, 2020): I just realized I was running an old version, I'm now on 1.15.0-52ed8e4d, and under Diagnostics > DNS check, ```` DNS (github.com) ERROR Could not resolve domain name. ````
kerem commented 2026-03-03 02:02:38 +03:00
Author
Owner
Copy link

@sbach89 commented on GitHub (Jun 12, 2020):

Ok this is resolved now. I updated Podman to 1.9.3 and everything is working now, so it was not related to Bitwarden_rs.

<!-- gh-comment-id:643452747 --> @sbach89 commented on GitHub (Jun 12, 2020): Ok this is resolved now. I updated Podman to 1.9.3 and everything is working now, so it was not related to Bitwarden_rs.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#729
No description provided.