robbertkl / docker-ipv6nat

Extend Docker with IPv6 NAT, similar to IPv4
MIT License
661 stars 48 forks source link

Reproducable "Name does not resolve" DNS problems when using docker-ipv6nat #74

Open DonRichie opened 2 years ago

DonRichie commented 2 years ago

Hello,

I noticed my phpmyadmin annoyingly loses the session after some clicks. I tracked the problem down to errors in the docker DNS resolution which only happen after I started docker-ipv6nat.

A ping gives the following message if it occurs: "ping: contb: Name does not resolve" The dns resolution failure occurs each ~3 seconds, but usually works fine.

The problem only occurs on my limited performance online-server using kernel "5.15.5-arch1-1", docker 20.10.11 and being fully patched. It doesn't occur on my normal PC and my NAS.


Can somebody confirm this? Please use the following steps:

1. create network

docker network create --ipv6 --subnet "fd00:dead:beef:123::/64" thenet

2. Open new terminal and execute

docker run --rm -it --net thenet --name conta nicolaka/netshoot bash

3. Open another new terminal and execute

docker run --rm -it --net thenet --name contb nicolaka/netshoot bash

4. In the first terminal now execute:

while true; do ping -6 -c 1 contb || echo -e "OUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\nOUCHOUCHOUCHOUCHOUCHOUCH\n"; sleep 0.1; done

5. Start ipv6nat

docker run --rm --name ipv6nat --privileged --network host -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro robbertkl/ipv6nat

6. Result: Most pings succeed but every few seconds the terminal in conta says OUCHOUCH... as soon as ipv6nat finished starting

--- contb ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms
PING contb(contb.thenet (fd00:dead:beef:123::3)) 56 data bytes
64 bytes from contb.thenet (fd00:dead:beef:123::3): icmp_seq=1 ttl=64 time=0.041 ms

--- contb ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms
ping: contb: Name does not resolve
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH
OUCHOUCHOUCHOUCHOUCHOUCH

You see I am using a completly isolated network. I am sure the subnet isn't in use in another network. This is really weird, but in fact reproducible. As soon as I start the ipv6nat container it gives the DNS errors.