`:v2.0.0-beta` bugs and `:latest` check dns failing

[woncheol-kim]

ERROR DNS is not working: after 10 tries: lookup github.com site:github.com/qdm12/dns

Hi, please look into the logs below. This happened on

• Alpine Linux v3.14 i686 / Kernel: 5.10.61-0-lts
• Ubuntu 20.04.3 LTS x86_64 / Kernel: 5.11.0-1017-oracle

And I've tried qmcgaw/dns:v1.11.0 and v.latest. Same problem.

The logs:

Running version latest built on 2021-08-01T14:30:47Z (commit d64d0d9)

🔧  Need help? https://github.com/qdm12/dns/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/09/15 12:28:12 INFO Unbound version: 1.13.1
2021/09/15 12:28:12 INFO Settings summary:
 |--Unbound settings:
    |--DNS over TLS providers:
        |--Cloudflare
    |--Listening port: 53
    |--Access control:
        |--Allowed:
            |--0.0.0.0/0
            |--::/0
    |--Caching: enabled
    |--IPv4 resolution: enabled
    |--IPv6 resolution: disabled
    |--Verbosity level: 1/5
    |--Verbosity details level: 0/4
    |--Validation log level: 0/2
    |--Username: 
 |--Blacklisting settings:
    |--Blocked categories: malicious, surveillance, ads
    |--Hostnames unblocked: 3
    |--Additional IP networks blocked: 13
 |--Check DNS: enabled
 |--Update: every 24h0m0s
2021/09/15 12:28:12 INFO using DNS address 127.0.0.1 internally
2021/09/15 12:28:12 INFO healthcheck server: listening on 127.0.0.1:9999
2021/09/15 12:28:12 INFO generating Unbound configuration
2021/09/15 12:28:12 INFO starting unbound
2021/09/15 12:28:12 INFO [1631708892] unbound[13:0] notice: init module 0: validator
2021/09/15 12:28:12 INFO [1631708892] unbound[13:0] notice: init module 1: iterator
2021/09/15 12:28:12 INFO [1631708892] unbound[13:0] info: start of service (unbound 1.13.1).
2021/09/15 12:28:12 INFO [1631708892] unbound[13:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2021/09/15 12:28:12 INFO [1631708892] unbound[13:1] info: generate keytag query _ta-4a5c-4f66. NULL IN
2021/09/15 12:28:13 INFO restarting Unbound the first time to get updated files
2021/09/15 12:28:13 INFO downloading DNSSEC root hints and named root
2021/09/15 12:28:16 INFO downloading and building DNS block lists
2021/09/15 12:28:24 INFO 1204078 hostnames blocked overall
2021/09/15 12:28:24 INFO 26666 IP addresses blocked overall
2021/09/15 12:28:24 INFO 2494 IP networks blocked overall
2021/09/15 12:28:24 INFO generating Unbound configuration
2021/09/15 12:28:30 INFO starting unbound
2021/09/15 12:28:36 INFO unbound loop exited
2021/09/15 12:28:36 WARN healthcheck server: shutting down (context canceled)
2021/09/15 12:28:36 ERROR DNS is not working: after 10 tries: lookup github.com on 127.0.0.11:53: read udp 127.0.0.1:39145->127.0.0.1:53: read: connection refused
2021/09/15 12:28:36 INFO Shutdown successful

And I've also tried qmcgaw/dns:v2.0.0-beta

2021/09/15 12:43:11 WARN Environment variable UNBLOCK is deprecated, use the following instead: ALLOWED_HOSTNAMES
2021/09/15 12:43:11 ERROR environment variable LISTENING_ADDRESS: invalid port: listening port cannot be in the reserved system ports range (1 to 1023) when running without root: port 53
2021/09/15 12:43:11 INFO Shutdown successful

So I've tried the option --user="0" and...

Running version v2.0.0-beta built on 2021-09-08T18:40:26Z (commit 889621f)

🔧  Need help? https://github.com/qdm12/dns/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/09/15 12:47:52 WARN Environment variable UNBLOCK is deprecated, use the following instead: ALLOWED_HOSTNAMES
2021/09/15 12:47:52 INFO Settings summary:
 |--Upstream type: DoT
 |--DoT settings:
    |--Resolver:
       |--DNS over TLS providers:
          |--Cloudflare
          |--Google
       |--Fallback plaintext DNS providers:
       |--Query timeout: 3s
       |--Connecting over: IPv4
    |--Listening address: :53
 |--Cache settings:
    |--Cache type: lru
    |--Max entries: 10000
 |--Log settings:
    |--Level: INFO
 |--Metrics settings:
    |--Type: noop
 |--Filter settings:
    |--Blocked categories: malicious, surveillance, ads
    |--IP networks unblocked: 0
    |--Additional IP networks blocked: 13
 |--Check DNS: enabled
 |--Update: every 24h0m0s
2021/09/15 12:47:52 INFO healthcheck server: listening on 127.0.0.1:9999
2021/09/15 12:47:52 INFO using DNS address 127.0.0.1 internally
2021/09/15 12:47:52 INFO starting DNS server
2021/09/15 12:47:52 INFO DNS server listening on :53
2021/09/15 12:47:52 INFO restarting DNS server the first time to get updated files
2021/09/15 12:47:52 INFO downloading and building DNS block lists
fatal error: concurrent map writes
fatal error: concurrent map writes

goroutine 52 [running]:
runtime.throw({0x8577476, 0x15})
    runtime/panic.go:1198 +0x6a fp=0x949fe08 sp=0x949fdf4 pc=0x807b5fa
runtime.mapassign(0x84f4700, 0x9478480, 0x9456640)
    runtime/map.go:676 +0x499 fp=0x949fe5c sp=0x949fe08 pc=0x8054f99
github.com/qdm12/dns/pkg/middlewares/log/format/console.(*Formatter).Request(0x964ac10, 0x9456640)
    github.com/qdm12/dns/pkg/middlewares/log/format/console/request.go:30 +0x1f8 fp=0x949fecc sp=0x949fe5c pc=0x8422678
github.com/qdm12/dns/pkg/middlewares/log.(*handler).ServeDNS(0x962e480, {0x87cc3e0, 0x9454f60}, 0x9456640)
    github.com/qdm12/dns/pkg/middlewares/log/log.go:31 +0x32 fp=0x949fef0 sp=0x949fecc pc=0x8423122
github.com/qdm12/dns/pkg/middlewares/metrics.(*handler).ServeDNS(0x95b7fb0, {0x87cc380, 0x966c940}, 0x9456640)
    github.com/qdm12/dns/pkg/middlewares/metrics/middleware.go:41 +0xe7 fp=0x949ff50 sp=0x949fef0 pc=0x8420ea7
github.com/miekg/dns.(*Server).serveDNS(0x95dcbe0, {0x97a2400, 0x2b, 0x200}, 0x966c940)
    github.com/miekg/dns@v1.1.43/server.go:651 +0x442 fp=0x949ffac sp=0x949ff50 pc=0x82eece2
github.com/miekg/dns.(*Server).serveUDPPacket(0x95dcbe0, 0x95fbe90, {0x97a2400, 0x2b, 0x200}, {0x87cb460, 0x964ac28}, 0x95b7690, {0x0, 0x0})
    github.com/miekg/dns@v1.1.43/server.go:591 +0x146 fp=0x949ffc8 sp=0x949ffac pc=0x82ee876
runtime.goexit()
    runtime/asm_386.s:1319 +0x1 fp=0x949ffcc sp=0x949ffc8 pc=0x80a8b21
created by github.com/miekg/dns.(*Server).serveUDP
    github.com/miekg/dns@v1.1.43/server.go:521 +0x3b5

goroutine 1 [select]:
main.main()
    ./main.go:57 +0x3d2

goroutine 19 [syscall]:
os/signal.signal_recv()
    runtime/sigqueue.go:169 +0xf1
os/signal.loop()
    os/signal/signal_unix.go:24 +0x1a
created by os/signal.Notify.func1.1
    os/signal/signal.go:151 +0x2f

goroutine 20 [select]:
os/signal.NotifyContext.func1(0x96c43a0)
    os/signal/signal.go:288 +0x92
created by os/signal.NotifyContext
    os/signal/signal.go:287 +0x160

...

[qdm12]

Hi there! Oouf plenty of bugs, thanks for taking the time to report it!

v2.0.0-beta

• That LISTENING_ADDRESS is fixed in c32d975d9fee638547636221273db2520c11c682. I run the program as root without Docker so I didn't notice it didn't work in Docker running without root, sorry!
• The big panic is fixed in b1c4145b11f2d22512bc815d34e9c5e956cc1351. I tried to be clever with some caching for logging out requests/responses, but that turned out to be a complexity hole so I removed it 😄

latest

I try to run it with:

docker pull qmcgaw/dns
docker run -it --rm -e CHECK_DNS=on -e BLOCK_MALICIOUS=on -e BLOCK_ADS=on -e BLOCK_SURVEILLANCE=on qmcgaw/dns

And it seems to work 🤔 Maybe can you share your config to see why it wouldn't work?

[woncheol-kim]

Thank you. CHECK_DNS=off solved the problem on my Alpine Linux server.

BTW, running qmcgaw/dns on my Ubuntu server (Oracle Cloud) started to freeze the sshd and I had to stop using the container.

My config:

docker run --rm --network bridge0 --ip 172.19.0.2 -p 53:53/udp --name cloudflare0 -e CHECK_DNS=off -e UNBLOCK=t1.daumcdn.net,daumcdn.net,daum.net -e BLOCK_ADS=on -e BLOCK_SURVEILLANCE=on qmcgaw/dns:v1.11.0

[qdm12]

CHECK_DNS=off solved the problem on my Alpine Linux server.

And it still works? If that check fails usually dns doesn't work... What kernel version are you running?

BTW, running qmcgaw/dns on my Ubuntu server (Oracle Cloud) started to freeze the sshd and I had to stop using the container.

Are you sure? Docker containers shouldn't affect host things like sshd. Especially the v1 program is just unbound running, nothing fancy really. Was it a memory/cpu problem perhaps?

My config

Your config looks fine.

[woncheol-kim]

The kernel of my Alpine Linux server is 5.10.61-0-lts.

As for the Ubuntu problem, I suspect firewall because it looks fine when I look into the server from Web UI of Oracle Cloud, while I can not connect to it via SSH. But I don't know much about network and firewall...

[qdm12]

Alright, I'll close the issue for now since the remaining things are most likely config issues unrelated to the container. Anyway, thanks for reporting all this!