unraid error after update last night: Error creating socket

[Qballjos]

Container wont start getting this error in log: Error: error sending query: Error creating socket

seems to be the same issue as https://github.com/binhex/arch-delugevpn/issues/406

[Qballjos]

Can be temporarly fixed by downgrading to: binhex/arch-qbittorrentvpn:4.6.5-1-05

[HerbCSO]

Can confirm, works for me.

[ikryten]

Enabling DEBUG shows:

2024-07-05 05:00:28.583412 [info] NAME_SERVERS defined as '1.1.1.1,9.9.9.9,84.200.69.80,37.235.1.174,137.235.1.177,84.200.70.40,1.0.0.1'
2024-07-05 05:00:28.597081 [debug] iptables default policies available, setting policy to drop...
2024-07-05 05:00:28.612273 [debug] ip6tables default policies available, setting policy to drop...
Error: error sending query: Error creating socket
2024-07-05 05:00:28.635288 [debug] Having issues resolving name 'xxxxx.privacy.network', sleeping before retry...

Contents of /etc/resolv.conf at this point:

nameserver 127.0.0.11
options ndots:0

Adding an external server, such as 1.1.1.1 triggers the rest of the startup to continue:

2024-07-05 05:12:57.325494 [debug] DNS operational, we can resolve name 'xxxxxxx.privacy.network' to address 'x.x.x.x'
2024-07-05 05:12:57.349377 [debug] DNS operational, we can resolve name 'www.xxxxxx.com' to address 'x.x.x.x'
2024-07-05 05:12:57.374766 [debug] DNS operational, we can resolve name 'x.net' to address 'x.x.x.x'
2024-07-05 05:12:57.391893 [debug] Showing name servers in '/etc/resolv.conf' before overwrite from NAME_SERVERS...
2024-07-05 05:12:57.403688 [debug] nameserver 127.0.0.11
2024-07-05 05:12:57.403713 [debug] options ndots:0
2024-07-05 05:12:57.403717 [debug] nameserver 1.1.1.1
2024-07-05 05:12:57.427791 [debug] Showing name servers in '/etc/resolv.conf' after overwrite from NAME_SERVERS...
2024-07-05 05:12:57.439458 [debug] nameserver 1.1.1.1
2024-07-05 05:12:57.439487 [debug] nameserver 9.9.9.9
2024-07-05 05:12:57.439491 [debug] nameserver 84.200.69.80
2024-07-05 05:12:57.439493 [debug] nameserver 37.235.1.174
2024-07-05 05:12:57.439495 [debug] nameserver 137.235.1.177
2024-07-05 05:12:57.439497 [debug] nameserver 84.200.70.40
2024-07-05 05:12:57.439499 [debug] nameserver 1.0.0.1
...

It seems there's a problem in the order of operations here.

[ikryten]

It seems the initial iptables rules are preventing the docker resolver from working. The initial rules:

# Generated by iptables-save v1.8.10 on Fri Jul  5 06:03:18 2024
*filter
:INPUT DROP [9:421]
:FORWARD DROP [0:0]
:OUTPUT DROP [13:949]
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Fri Jul  5 06:03:18 2024
# Generated by iptables-save v1.8.10 on Fri Jul  5 06:03:18 2024
*nat
:PREROUTING ACCEPT [16:3276]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER_OUTPUT - [0:0]
:DOCKER_POSTROUTING - [0:0]
-A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT
-A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.11:34763
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.11:57555
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -m tcp --sport 34763 -j SNAT --to-source :53
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -m udp --sport 57555 -j SNAT --to-source :53
COMMIT
# Completed on Fri Jul  5 06:03:18 2024

These rules are too restrictive. Since the host is talking to itself you need input and output rules for the NAT'd ports as well. The simple thing to do would be to add rules that accept all traffic over the loopback interface.

[Qballjos]

It seems to be an issue with alternate network selection this makes the dns 127.0.0.1 @binhex is aware of this and working on an update. He will probably push it on this container to.

[binhex]

duplicate of https://github.com/binhex/arch-qbittorrentvpn/issues/248 closing.