Closed daryll-swer closed 1 year ago
@MatthewVance am I doing something wrong or did I encounter a bug?
IPv6 isn’t supported. It may be possible to reconfigure the Unbound settings to permit this, but the defaults do not. This is due to some complexity with how Docker does IPv6 and underlying host requirements (you need to enable IPv6 support in the Docker daemon). On Nov 11, 2022, at 11:25 AM, Daryll Swer @.***> wrote: @MatthewVance am I doing something wrong or did I encounter a bug?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
@MatthewVance
Docker IPv6 is already enabled on the host and I have a PIA IPv6 block, and a bunch of containers already working fine with IPv6 such as this.
If you checked the unbound config file I shared, IPv6 is enabled and IPv6 is working correctly from client towards the container as well. There's no doubt about IPv6 working correctly in this issue.
The issue is with the health checks/port numbers/wanting to remove IPv4 from unbound config/docker compose config.
If you don’t want IPv4, this shouldn’t be in your config: interface: 0.0.0.0
For the health check, you’re going to need to override the default one in the Dockerfile by providing an alternative in the compose file.
@MatthewVance
If you don’t want IPv4, this shouldn’t be in your config: interface: 0.0.0.0
As stated before, if I remove IPv4 config on unbound.conf, unbound itself stops working and no longer replies to clients. So that method does not work so far.
For the health check, you’re going to need to override the default one in the Dockerfile by providing an alternative in the compose file.
Can you share some compose config samples to fix the health checks?
I’m trying to give you pointers, but IPv6 isn’t supported.
https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck
One other tip, consider providing an expose value in your Compose file to match your port assignments and override the default in the Dockefilre.
https://docs.docker.com/compose/compose-file/compose-file-v3/#expose
https://github.com/MatthewVance/unbound-docker-rpi/blob/master/1.17.0/Dockerfile#L130
I will share the config first and my findings on what I think is responsible for the failing health check
Docker/Compose config
unbound.conf
Docker PS output
What I want to do is simple. I want unbound container to listen only on IPv6 port 5335 inside and outside, but that does not seem to work correctly as we can see ports 53 are still opened somehow and if I disable IPv4 listening in the unbound config, then I'm not able to reach the recursor from a forwarder. The above config works fine except for two issues: