search

docker / compose

Define and run multi-container applications with Docker
https://docs.docker.com/compose/
Apache License 2.0
33.72k stars 5.19k forks source link

docker compose pull fails with adguard home dns server #9264

Closed Pingumania closed 2 years ago

Pingumania commented 2 years ago

Description Doing docker compose pull with AdGuardHome as dns server results in the following error

Error response from daemon: Head "https://registry-1.docker.io/v2/deluan/navidrome/manifests/latest": Get "https://auth.docker.io/token?scope=repository%3Adeluan%2Fnavidrome%3Apull&service=registry.docker.io": dial tcp: lookup auth.docker.io on 10.1.86.2:53: read udp 10.0.86.23:49885->10.1.86.2:53: i/o timeout

This happens for all services in the compose file. Doing docker compose pull [service] works fine

mb@nuc:~$ docker compose pull navidrome
[+] Running 1/1
 ⠿ navidrome Pulled

According to adguard the lookups are processed and not blocked. Switching to dnsmasq on the same machine that runs adguard resolves the issue.

Steps to reproduce the issue:

  1. Install AdGuardHome (https://github.com/AdguardTeam/AdGuardHome#getting-started)
  2. Point DNS to AdGuardHome
  3. Run docker compose pull

Output of dig registry-1.docker.io

mb@nuc:~$ dig registry-1.docker.io

; <<>> DiG 9.16.15-Ubuntu <<>> registry-1.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62772
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;registry-1.docker.io.          IN      A

;; ANSWER SECTION:
registry-1.docker.io.   44      IN      A       54.174.228.110
registry-1.docker.io.   44      IN      A       54.85.133.123
registry-1.docker.io.   44      IN      A       54.197.112.205
registry-1.docker.io.   44      IN      A       174.129.220.74
registry-1.docker.io.   44      IN      A       52.55.124.246
registry-1.docker.io.   44      IN      A       52.72.186.182
registry-1.docker.io.   44      IN      A       34.200.175.181
registry-1.docker.io.   44      IN      A       44.196.236.180

;; Query time: 7 msec
;; SERVER: 10.1.86.2#53(10.1.86.2)
;; WHEN: Thu Mar 10 15:34:00 CET 2022
;; MSG SIZE  rcvd: 177

Output of dig auth.docker.io

mb@nuc:~$ dig auth.docker.io

; <<>> DiG 9.16.15-Ubuntu <<>> auth.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18419
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;auth.docker.io.                        IN      A

;; ANSWER SECTION:
auth.docker.io.         25      IN      A       54.197.112.205
auth.docker.io.         25      IN      A       52.203.238.92
auth.docker.io.         25      IN      A       52.200.78.26
auth.docker.io.         25      IN      A       54.86.228.181
auth.docker.io.         25      IN      A       54.156.13.77
auth.docker.io.         25      IN      A       54.85.133.123
auth.docker.io.         25      IN      A       34.203.135.183
auth.docker.io.         25      IN      A       174.129.220.74

;; Query time: 0 msec
;; SERVER: 10.1.86.2#53(10.1.86.2)
;; WHEN: Thu Mar 10 16:09:01 CET 2022
;; MSG SIZE  rcvd: 171

Output of docker compose version:

mb@nuc:~$ docker compose version
Docker Compose version v2.3.3

Output of docker info:

mb@nuc:~$ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
  compose: Docker Compose (Docker Inc., v2.3.3)
  scan: Docker Scan (Docker Inc., v0.12.0)

Server:
 Containers: 25
  Running: 22
  Paused: 0
  Stopped: 3
 Images: 87
 Server Version: 20.10.12
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 9cc61520f4cd876b86e77edfeb88fbcd536d1f9d
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.13.0-35-generic
 Operating System: Ubuntu 21.10
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.26GiB
 Name: nuc
 ID: EJJJ:GWYL:B7NB:EYQW:M5PZ:J5M6:C4M7:344A:DLYZ:2R2P:MI6H:FFEH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
cliffordwhansen commented 2 years ago

I am expetiencing the same issues When I add 1.1.1.1 to /etc/resolv.conf things work

Pingumania commented 2 years ago

By default adguard home has a rate limit of 20 requests per second. Setting this to a higher value or 0 resolves this issue.

cliffordwhansen commented 2 years ago

Thanks @pngmn this solved it for me

Just leaving this here for others, I know it's not really the place: Settings > DNS settings > DNS Server Configuration > Rate Limit