github.com resolving issue in the current go-based build

[wiserain]

1. If root privilege is not given, container throws following log and then crashes.

cfdns      | =========================================
cfdns      | ========= DNS over TLS container ========
cfdns      | =========================================
cfdns      | =========================================
cfdns      | === Made with ❤  by github.com/qdm12 ====
cfdns      | =========================================
cfdns      |
cfdns      | Running version latest built on 2020-02-09T13:47:39Z (commit 3ad21be)
cfdns      |
cfdns      | 📣  Total rewrite in Go with many new features
cfdns      |
cfdns      | 🔧  Need help? https://github.com/qdm12/cloudflare-dns-server/issues/new
cfdns      | 💻  Email? quentin.mcgaw@gmail.com
cfdns      | ☕  Slack? Join from the Slack button on Github
cfdns      | 💸  Help me? https://github.com/sponsors/qdm12
cfdns      | 2020-02-11T14:21:48.380Z   INFO    Unbound version: 1.9.6
cfdns      | 2020-02-11T14:21:48.380Z   INFO    Settings summary:
cfdns      | DNS over TLS provider:
cfdns      | |--cloudflare
cfdns      | |--quad9
cfdns      | Listening port: 8053
cfdns      | Caching: disabed
cfdns      | Verbosity level: 1/5
cfdns      | Verbosity details level: 0/4
cfdns      | Validation log level: 0/2
cfdns      | Block malicious: disabed
cfdns      | Block surveillance: disabed
cfdns      | Block ads: disabed
cfdns      | Blocked hostnames:
cfdns      | Blocked IP addresses:
cfdns      | Allowed hostnames:
cfdns      | Private addresses:
cfdns      |  |--127.0.0.1/8
cfdns      |  |--10.0.0.0/8
cfdns      |  |--172.16.0.0/12
cfdns      |  |--192.168.0.0/16
cfdns      |  |--169.254.0.0/16
cfdns      |  |--::1/128
cfdns      |  |--fc00::/7
cfdns      |  |--fe80::/10
cfdns      |  |--::ffff:0:0/96
cfdns      | 2020-02-11T14:21:48.380Z   INFO    using DNS address 1.1.1.1 internally
cfdns      | 2020-02-11T14:21:48.380Z   INFO    downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
cfdns      | 2020-02-11T14:21:48.680Z   ERROR   cannot write to file "/unbound/root.hints": open /unbound/root.hints: permission denied

2. If root privilege is given, container crashes and keep restarting after 10 tries resolving github.com

cfdns      | =========================================
cfdns      | ========= DNS over TLS container ========
cfdns      | =========================================
cfdns      | =========================================
cfdns      | === Made with ❤  by github.com/qdm12 ====
cfdns      | =========================================
cfdns      |
cfdns      | Running version latest built on 2020-02-09T13:47:39Z (commit 3ad21be)
cfdns      |
cfdns      | 📣  Total rewrite in Go with many new features
cfdns      |
cfdns      | 🔧  Need help? https://github.com/qdm12/cloudflare-dns-server/issues/new
cfdns      | 💻  Email? quentin.mcgaw@gmail.com
cfdns      | ☕  Slack? Join from the Slack button on Github
cfdns      | 💸  Help me? https://github.com/sponsors/qdm12
cfdns      | 2020-02-11T14:25:44.910Z   INFO    Unbound version: 1.9.6
cfdns      | 2020-02-11T14:25:44.911Z   INFO    Settings summary:
cfdns      | DNS over TLS provider:
cfdns      | |--cloudflare
cfdns      | |--quad9
cfdns      | Listening port: 8053
cfdns      | Caching: disabed
cfdns      | Verbosity level: 1/5
cfdns      | Verbosity details level: 0/4
cfdns      | Validation log level: 0/2
cfdns      | Block malicious: disabed
cfdns      | Block surveillance: disabed
cfdns      | Block ads: disabed
cfdns      | Blocked hostnames:
cfdns      | Blocked IP addresses:
cfdns      | Allowed hostnames:
cfdns      | Private addresses:
cfdns      |  |--127.0.0.1/8
cfdns      |  |--10.0.0.0/8
cfdns      |  |--172.16.0.0/12
cfdns      |  |--192.168.0.0/16
cfdns      |  |--169.254.0.0/16
cfdns      |  |--::1/128
cfdns      |  |--fc00::/7
cfdns      |  |--fe80::/10
cfdns      |  |--::ffff:0:0/96
cfdns      | 2020-02-11T14:25:44.911Z   INFO    using DNS address 1.1.1.1 internally
cfdns      | 2020-02-11T14:25:44.911Z   INFO    downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
cfdns      | 2020-02-11T14:25:45.284Z   INFO    downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
cfdns      | 2020-02-11T14:25:45.317Z   INFO    generating Unbound configuration
cfdns      | 2020-02-11T14:25:45.317Z   INFO    0 hostnames blocked overall
cfdns      | 2020-02-11T14:25:45.317Z   INFO    9 IP addresses blocked overall
cfdns      | 2020-02-11T14:25:45.317Z   INFO    starting unbound
cfdns      | 2020-02-11T14:25:45.318Z   INFO    using DNS address 127.0.0.1 internally
cfdns      | 2020-02-11T14:25:45.319Z   WARN    could not resolve github.com (try 1 of 10)
cfdns      | 2020-02-11T14:25:45.352Z   INFO    unbound: [1581431145] unbound[14:0] notice: init module 0: validator
cfdns      | 2020-02-11T14:25:45.352Z   INFO    unbound: [1581431145] unbound[14:0] notice: init module 1: iterator
cfdns      | 2020-02-11T14:25:45.385Z   INFO    unbound: [1581431145] unbound[14:0] info: start of service (unbound 1.9.6).
cfdns      | 2020-02-11T14:25:45.820Z   WARN    could not resolve github.com (try 2 of 10)
cfdns      | 2020-02-11T14:25:46.320Z   WARN    could not resolve github.com (try 3 of 10)
cfdns      | 2020-02-11T14:25:46.821Z   WARN    could not resolve github.com (try 4 of 10)
cfdns      | 2020-02-11T14:25:47.322Z   WARN    could not resolve github.com (try 5 of 10)
cfdns      | 2020-02-11T14:25:47.822Z   WARN    could not resolve github.com (try 6 of 10)
cfdns      | 2020-02-11T14:25:48.333Z   WARN    could not resolve github.com (try 7 of 10)
cfdns      | 2020-02-11T14:25:48.842Z   WARN    could not resolve github.com (try 8 of 10)
cfdns      | 2020-02-11T14:25:49.343Z   WARN    could not resolve github.com (try 9 of 10)
cfdns      | 2020-02-11T14:25:49.847Z   WARN    could not resolve github.com (try 10 of 10)
cfdns      | 2020-02-11T14:25:50.348Z   ERROR   Unbound does not seem to be working after 10 tries

Once I change to the latest shell-based image (tag: shell), everything seems okay.

cfdns      |  =========================================
cfdns      |  =========================================
cfdns      |  === CLOUDFLARE DNS OVER TLS CONTAINER ===
cfdns      |  =========================================
cfdns      |  =========================================
cfdns      |  == by github.com/qdm12 - Quentin McGaw ==
cfdns      |
cfdns      | Running as nonrootuser
cfdns      | Unbound version: 1.9.6
cfdns      | Unbound DNS server: cloudflare,quad9
cfdns      | Unbound listening UDP port: 8053
cfdns      | Caching is off
cfdns      | Verbosity level set to 1 on 5
cfdns      | Verbosity details level set to 0 on 4
cfdns      | Malicious hostnames and ips blocking is off
cfdns      | NSA hostnames blocking is off
cfdns      | Unbound private addresses: 127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96
cfdns      | [1581431328] unbound[36:0] notice: init module 0: validator
cfdns      | [1581431328] unbound[36:0] notice: init module 1: iterator
cfdns      | [1581431328] unbound[36:0] info: start of service (unbound 1.9.6).

Hope this helpful for development. Always thanks for your work.

[qdm12]

Thanks for sharing! I'll fix it this evening, sorry for the issue. (although it seemed to work on my machines with a local build, maybe it's Travis building it differently, I already had the case before)

[qdm12]

So (after some headaches 😄 ), it seems it was the root hints file that was outdated (changed 30 January 2020) and my fancy program building it to github.com/qdm12/files forgot to mention it was failing since then. Anyway it's fixed now.

On the other hand, I can't reproduce the permission error, on a Arch Linux host and Windows host. Are you bind mounting anything? In case, I added this line to make sure the /unbound directory is owned by the non root user.

Please let me know if it works for you. You can track once the build is finished: travis-ci.org/qdm12/cloudflare-dns-server