Incorrect Ipv6 interface in unbound /etc/resolv.conf leads to parse error in healthcheck

[StefanH-AT]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Unbound's healthcheck fails because dig fails to parse resolv.conf.

`/etc/resolv.conf` specifically requires an ip interface `ens192` but this interface doesn't exist for me. It's called `eth0`.

If I remove the `%ens192` suffix, the healthcheck succeeds.

Logs:

[root@cube1_web mailcow-dockerized]# docker compose up -d
[+] Running 20/20
 ✔ Network mailcowdockerized_mailcow-network        Created                                                                                                                                                                            0.2s 
 ✘ Container mailcowdockerized-unbound-mailcow-1    Error                                                                                                                                                                              0.0s 
 ✔ Container mailcowdockerized-dockerapi-mailcow-1  Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-redis-mailcow-1      Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-sogo-mailcow-1       Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-memcached-mailcow-1  Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-solr-mailcow-1       Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-olefy-mailcow-1      Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-php-fpm-mailcow-1    Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-mysql-mailcow-1      Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-clamd-mailcow-1      Created                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-nginx-mailcow-1      Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-dovecot-mailcow-1    Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-postfix-mailcow-1    Created                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-acme-mailcow-1       Created                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-rspamd-mailcow-1     Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-ofelia-mailcow-1     Started                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-netfilter-mailcow-1  Created                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-watchdog-mailcow-1   Created                                                                                                                                                                            0.0s 
 ✔ Container mailcowdockerized-ipv6nat-mailcow-1    Created                                                                                                                                                                            0.0s 
dependency failed to start: container mailcowdockerized-unbound-mailcow-1 is unhealthy
[root@cube1_web mailcow-dockerized]# docker compose exec unbound-mailcow /healthcheck.sh
PING 1.1.1.1 (1.1.1.1): 56 data bytes

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 9.887/9.984/10.098 ms
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 11.053/12.461/13.178 ms
PING 9.9.9.9 (9.9.9.9): 56 data bytes

--- 9.9.9.9 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 8.952/9.006/9.066 ms
dig: parse of /etc/resolv.conf failed
dig: parse of /etc/resolv.conf failed
dig: parse of /etc/resolv.conf failed
[root@cube1_web mailcow-dockerized]# docker compose exec unbound-mailcow cat /etc/resolv.conf
nameserver 127.0.0.11
nameserver fe80::1%ens192
options ndots:0
[root@cube1_web mailcow-dockerized]# docker compose exec unbound-mailcow ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
420: eth0@if421: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:16:01:fe brd ff:ff:ff:ff:ff:ff

### Steps to reproduce:

```plain text
1. Follow installation guide
2. Container is misconfigured

I doubt this is something that's reproducible on all systems. No idea why that interface is misconfigured for me. Why does resolv.conf even specify a hard-coded interface id?

Which branch are you using?

master

Operating System:

Rocky Linux release 8.8

Server/VM specifications:

Intel i5-7500 (4) @ 3.408GHz, 3664MiB

Is Apparmor, SELinux or similar active?

Default Rocky setup

Virtualization technology:

VMWare

Docker version:

Docker version 24.0.6, build ed223bc

docker-compose version or docker compose version:

Docker Compose version v2.21.0

mailcow version:

2024-01a

Reverse proxy:

Nginx

Logs of git diff:

Only certs which I obviously won't share

Logs of iptables -L -vn:

Not applicable as the server doesn't start

Logs of ip6tables -L -vn:

I don't use ipv6 in my lan

Logs of iptables -L -vn -t nat:

No

Logs of ip6tables -L -vn -t nat:

No

DNS check:

Come on

[DerLinkman]

Hi Stefan!

Ehm actually this phenomenon is new. I've never seen this before :)

However you said you followed the guides. Did you do anything different apart that?

Can you take a look in your hosts resolv.conf please to show me what you've entered there?

Where did you removed the eth Interface exactly? Inside the container? If so it won't be persistent and will be recreated upon next boot.

[StefanH-AT]

I created a volume in the docker-compose.yml to override the resolv.conf file in the container. The VM itself does have the ens192 interface, but in the container it's eth0. I'm just puzzled why the container's resolv.conf even binds itself to a specific interface which doesn't exist.

[DerLinkman]

Ok yeah that is not a normal behaviour but i think it is more a Docker Bug as the Network Interfaces are created from Docker. mailcow only defines the IPs for the internal Network.

Something set in docker's daemon.json (located at /etc/docker/daemon.json if existing).

[StefanH-AT]

That daemon.json file doesn't exist on my host. I understand that a lot of software is interacting with each other here so I don't know if mailcow can or should do anything here. I figured it out eventually but this took me a few days to find.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.