Update 2024 - mailcowdockerized-unbound-mailcow-1 is unhealthy

Contribution guidelines

[X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

[X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
[X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
[X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

After updating to 2024-01 (same is for 2024-01a) unbound becomes unhealthy:
dependency failed to start: container mailcowdockerized-unbound-mailcow-1 is unhealthy

As I didn't make snapshot/backup prior to update - I restored mailcow by manually editing docker.compose (quick workaround) and changed/downgraded version tags of updated containers.

Logs:

Starting mailcow...
[+] Running 19/19
 ✔ Network mailcowdockerized_mailcow-network        Created                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-solr-mailcow-1       Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-olefy-mailcow-1      Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-redis-mailcow-1      Started                                                                                                                                                       0.1s 
 ✘ Container mailcowdockerized-unbound-mailcow-1    Error                                                                                                                                                         0.1s 
 ✔ Container mailcowdockerized-memcached-mailcow-1  Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-dockerapi-mailcow-1  Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-sogo-mailcow-1       Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-clamd-mailcow-1      Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-mysql-mailcow-1      Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-php-fpm-mailcow-1    Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-nginx-mailcow-1      Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-postfix-mailcow-1    Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-dovecot-mailcow-1    Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-acme-mailcow-1       Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-netfilter-mailcow-1  Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-rspamd-mailcow-1     Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-ofelia-mailcow-1     Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-watchdog-mailcow-1   Created                                                                                                                                                       0.0s 
dependency failed to start: container mailcowdockerized-unbound-mailcow-1 is unhealthy

docker compose logs --tail=200 unbound-mailcow
mailcowdockerized-unbound-mailcow-1  | Setting console permissions...
mailcowdockerized-unbound-mailcow-1  | Receiving anchor key...
mailcowdockerized-unbound-mailcow-1  | Receiving root hints...
######################################################################## 100.0%                                       
mailcowdockerized-unbound-mailcow-1  | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1  | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1  | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1  | removing artifacts
mailcowdockerized-unbound-mailcow-1  | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] info: start of service (unbound 1.19.0).
mailcowdockerized-unbound-mailcow-1  | [1705513768] unbound[1:0] info: generate keytag query _ta-4f66. NULL IN

Steps to reproduce:

1/ Run update.sh

Which branch are you using?

master

Operating System:

22.04.3 LTS

Server/VM specifications:

20 GB, 6 cores

Is Apparmor, SELinux or similar active?

Virtualization technology:

KVM

Docker version:

24.0.7

docker-compose version or docker compose version:

v2.21.0

mailcow version:

2024-01

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/docker-compose.yml b/docker-compose.yml
index 26a0cfe1..f45120c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:

     unbound-mailcow:
-      image: mailcow/unbound:1.19
+      image: mailcow/unbound:1.18
       environment:
         - TZ=${TZ}
       volumes:
@@ -58,7 +58,7 @@ services:
             - redis

     clamd-mailcow:
-      image: mailcow/clamd:1.64
+      image: mailcow/clamd:1.63
       restart: always
       depends_on:
         unbound-mailcow:
@@ -77,7 +77,7 @@ services:
             - clamd

     rspamd-mailcow:
-      image: mailcow/rspamd:1.95
+      image: mailcow/rspamd:1.94
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -107,7 +107,7 @@ services:
             - rspamd

     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.86
+      image: mailcow/phpfpm:1.85
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -171,7 +171,7 @@ services:
             - phpfpm

     sogo-mailcow:
-      image: mailcow/sogo:1.121
+      image: mailcow/sogo:1.120
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -218,7 +218,7 @@ services:
             - sogo

     dovecot-mailcow:
-      image: mailcow/dovecot:1.27
+      image: mailcow/dovecot:1.26
       depends_on:
         - mysql-mailcow
       dns:
@@ -298,7 +298,7 @@ services:
             - dovecot

     postfix-mailcow:
-      image: mailcow/postfix:1.74
+      image: mailcow/postfix:1.73
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -398,7 +398,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.86
+      image: mailcow/acme:1.85
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -434,7 +434,7 @@ services:
             - acme

     netfilter-mailcow:
-      image: mailcow/netfilter:1.55
+      image: mailcow/netfilter:1.54
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -457,7 +457,7 @@ services:
         - /lib/modules:/lib/modules:ro

     watchdog-mailcow:
-      image: mailcow/watchdog:2.01
+      image: mailcow/watchdog:2.00
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -529,7 +529,7 @@ services:
             - watchdog

     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.07
+      image: mailcow/dockerapi:2.06
       security_opt:
         - label=disable
       restart: always
@@ -550,7 +550,7 @@ services:

     ##### Will be removed soon #####
     solr-mailcow:
-      image: mailcow/solr:1.8.2
+      image: mailcow/solr:1.8.1
       restart: always
       volumes:
         - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
@@ -567,7 +567,7 @@ services:
     ################################

     olefy-mailcow:
-      image: mailcow/olefy:1.12
+      image: mailcow/olefy:1.11
       restart: always
       environment:
         - TZ=${TZ}
@@ -604,36 +604,6 @@ services:
           aliases:
             - ofelia

Logs of iptables -L -vn:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  24M   43G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  24M   43G DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  24M   43G DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 105K   49M ACCEPT     all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  364 22248 DOCKER     all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
 5372 9715K ACCEPT     all  --  br-08bd5adc9082 !br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
  262 15720 ACCEPT     all  --  br-08bd5adc9082 br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
1432K  472M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 136K 8469K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 161K   33M ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 133K 8280K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  81M  146G ACCEPT     all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   74 10824 DOCKER     all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
 718K   75M ACCEPT     all  --  br-e06b97a5bfb7 !br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
   74 10824 ACCEPT     all  --  br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
5988K 2504M ACCEPT     all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 166K 9931K DOCKER     all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
 243K  864M ACCEPT     all  --  br-b86109ccaa67 !br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
 148K 8882K ACCEPT     all  --  br-b86109ccaa67 br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.2           tcp dpt:8081
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.2           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.3           tcp dpt:8083
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.5           tcp dpt:5432
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.6           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.7           tcp dpt:8080
17479 1049K ACCEPT     tcp  --  !br-b86109ccaa67 br-b86109ccaa67  0.0.0.0/0            172.24.0.8           tcp dpt:11000
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.9           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.2           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.7           tcp dpt:3306
 1276 81781 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.8           tcp dpt:443
  226 11752 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.8           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:995
 1064 72755 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:993
    1    64 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:110
   98  6000 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:587
   64  3684 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:465
  239 12936 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:25
   18  1152 ACCEPT     tcp  --  !br-08bd5adc9082 br-08bd5adc9082  0.0.0.0/0            172.19.0.6           tcp dpt:8000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5372 9715K DOCKER-ISOLATION-STAGE-2  all  --  br-08bd5adc9082 !br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
 161K   33M DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 718K   75M DOCKER-ISOLATION-STAGE-2  all  --  br-e06b97a5bfb7 !br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
 243K  864M DOCKER-ISOLATION-STAGE-2  all  --  br-b86109ccaa67 !br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
  90M  150G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
1143K  985M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  90M  150G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       212.70.149.68        0.0.0.0/0           
    0     0 DROP       all  --  *      *       212.70.149.67        0.0.0.0/0

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
80332   85M MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
80332   85M DOCKER-USER  all      *      *       ::/0                 ::/0                
 298K  327M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
 242K  323M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
45066 3186K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
10550 1046K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
45064 3186K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:110
    1    80 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:587
    1    80 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-08bd5adc9082 !br-08bd5adc9082  ::/0                 ::/0                
10550 1046K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-e06b97a5bfb7 !br-e06b97a5bfb7  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-b86109ccaa67 !br-b86109ccaa67  ::/0                 ::/0                
 316K  329M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-08bd5adc9082  ::/0                 ::/0                
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
    0     0 DROP       all      *      br-e06b97a5bfb7  ::/0                 ::/0                
    0     0 DROP       all      *      br-b86109ccaa67  ::/0                 ::/0                
11448 1139K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 316K  329M RETURN     all      *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
23947 1454K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   360 MASQUERADE  all  --  *      !br-08bd5adc9082  172.19.0.0/16        0.0.0.0/0           
59439 4445K MASQUERADE  all  --  *      !br-mailcow  10.10.10.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
50962 2473K MASQUERADE  all  --  *      !br-e06b97a5bfb7  172.21.0.0/16        0.0.0.0/0           
 2728  164K MASQUERADE  all  --  *      !br-b86109ccaa67  172.24.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.2           172.21.0.2           tcp dpt:8081
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.2           172.21.0.2           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.3           172.21.0.3           tcp dpt:8083
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.5           172.21.0.5           tcp dpt:5432
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.6           172.21.0.6           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.7           172.21.0.7           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.24.0.8           172.24.0.8           tcp dpt:11000
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.9           172.21.0.9           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.249         10.10.10.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.2           10.10.10.2           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.7           10.10.10.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.8           10.10.10.8           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.8           10.10.10.8           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.19.0.6           172.19.0.6           tcp dpt:8000

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  br-08bd5adc9082 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0           
  126  7560 RETURN     all  --  br-b86109ccaa67 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:172.21.0.2:8081
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8082 to:172.21.0.2:8080
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8083 to:172.21.0.3:8083
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5432 to:172.21.0.5:5432
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            172.16.1.20          tcp dpt:8080 to:172.21.0.6:80
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8084 to:172.21.0.7:8080
17513 1051K DNAT       tcp  --  !br-b86109ccaa67 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:11000 to:172.24.0.8:11000
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1080 to:172.21.0.9:8080
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:10.10.10.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:10.10.10.2:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:10.10.10.7:3306
 1276 81781 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            172.16.1.20          tcp dpt:443 to:10.10.10.8:443
  226 11752 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            172.16.1.20          tcp dpt:80 to:10.10.10.8:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:10.10.10.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:10.10.10.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:10.10.10.250:995
 1064 72755 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:10.10.10.250:993
    1    64 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:10.10.10.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:10.10.10.250:110
   98  6000 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:10.10.10.253:587
 2650  159K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:10.10.10.253:465
  239 12936 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:10.10.10.253:25
   18  1152 DNAT       tcp  --  !br-08bd5adc9082 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 to:172.19.0.6:8000

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   508 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 9752  932K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     all      docker0 *       ::/0                 ::/0                
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::c]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::c]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::c]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::c]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::c]:110
    1    80 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::10]:587
    1    80 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::10]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::10]:25

DNS check:

104.18.32.7
172.64.155.249

mailcow / mailcow-dockerized

Update 2024 - mailcowdockerized-unbound-mailcow-1 is unhealthy #5651

Contribution guidelines

I've found a bug and checked that ...

Description

Logs:

Steps to reproduce:

Which branch are you using?

Operating System:

Server/VM specifications:

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker version:

docker-compose version or docker compose version:

mailcow version:

Reverse proxy:

Logs of git diff:

Logs of iptables -L -vn:

Logs of ip6tables -L -vn:

Logs of iptables -L -vn -t nat:

Logs of ip6tables -L -vn -t nat:

DNS check: