search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.77k stars 333 forks source link

Bug: Make block list building use two different ports for DNS #155

Closed qdm12 closed 4 years ago

qdm12 commented 4 years ago

TLDR: Unbound seems to refuse two simultaneous calls from the same port from the Go program to resolve raw.githubusercontent.com for block lists

  1. Is this urgent?

    • [x] Yes
    • [ ] No

  2. What VPN service provider are you using?

    • [x] PIA
    • [ ] Mullvad
    • [ ] Windscribe

  3. What's the version of the program? latest

  4. What are you using to run the container?

    • [ ] Docker run
    • [x] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  5. Extra information

Logs:

2020-05-05T17:58:44.900Z   INFO    openvpn: Tue May  5 17:58:44 2020 Initialization Sequence Completed
2020-05-05T17:58:44.900Z   INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-05-05T17:58:44.900Z   INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-05-05T17:58:44.900Z   INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/file
s/master/named.root.updated
2020-05-05T17:58:44.901Z   INFO    Tunnel IP is 86.105.25.68, see more information at https://ipinfo.io/86.105.25.68
2020-05-05T17:58:45.866Z   INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/
master/root.key.updated
2020-05-05T17:58:46.180Z   INFO    dns configurator: generating Unbound configuration
# This works without Unbound
2020-05-05T17:58:47.763Z   INFO    dns configurator: 66056 hostnames blocked overall
2020-05-05T17:58:47.763Z   INFO    dns configurator: 2631 IP addresses blocked overall
2020-05-05T17:58:47.790Z   INFO    dns configurator: starting unbound
2020-05-05T17:58:47.791Z   INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-05-05T17:58:47.791Z   INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-05-05T17:58:47.934Z   INFO    unbound: [1588701527] unbound[71:0] notice: init module 0: validator
2020-05-05T17:58:47.935Z   INFO    unbound: [1588701527] unbound[71:0] notice: init module 1: iterator
2020-05-05T17:58:47.945Z   INFO    unbound: [1588701527] unbound[71:0] info: start of service (unbound 1.9.6).
2020-05-05T17:58:48.572Z   INFO    unbound: [1588701528] unbound[71:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-05-05T17:58:50.500Z   INFO    http server: listening on 0.0.0.0:8000
2020-05-05T17:59:07.790Z   ERROR   unbound: stream error: read |0: file already closed
2020-05-05T17:59:07.792Z   INFO    unbound dns over tls setup: attempting restart
# This works with Unbound because it's synchronous on the same port
2020-05-05T17:59:07.792Z   INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-05-05T17:59:07.949Z   INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-05-05T17:59:08.107Z   INFO    dns configurator: generating Unbound configuration
2020-05-05T17:59:08.443Z   INFO    dns configurator: 8199 hostnames blocked overall
2020-05-05T17:59:08.443Z   INFO    dns configurator: 2631 IP addresses blocked overall
# Does not work because it calls Unbound at the same time on the same port
2020-05-05T17:59:08.446Z   WARN    dns configurator: cannot GET content of URL https://raw.githubusercontent.com/qdm12/files/
master/surveillance-ips.updated: Get "https://raw.githubusercontent.com/qdm12/files/master/surveillance-ips.updated": dial tcp: lookup raw
.githubusercontent.com on 127.0.0.1:53: read udp 127.0.0.1:34540->127.0.0.1:53: read: connection refused
2020-05-05T17:59:08.446Z   WARN    dns configurator: cannot GET content of URL https://raw.githubusercontent.com/qdm12/files/
master/malicious-hostnames.updated: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: look
up raw.githubusercontent.com on 127.0.0.1:53: read udp 127.0.0.1:34540->127.0.0.1:53: read: connection refused
2020-05-05T17:59:08.447Z   INFO    dns configurator: starting unbound
2020-05-05T17:59:08.447Z   INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-05-05T17:59:08.447Z   INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-05-05T17:59:08.472Z   INFO    unbound: [1588701548] unbound[72:0] notice: init module 0: validator
2020-05-05T17:59:08.472Z   INFO    unbound: [1588701548] unbound[72:0] notice: init module 1: iterator
2020-05-05T17:59:08.486Z   INFO    unbound: [1588701548] unbound[72:0] info: start of service (unbound 1.9.6).
2020-05-05T17:59:09.229Z   INFO    unbound: [1588701549] unbound[72:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
qdm12 commented 4 years ago

Issue was that Unbound was killed before finishing to download some setup files for it, hence no DNS was there to query at 127.0.0.1.