Dnsmasq stopping abruptly

[kmskrishna]

Hello

I am running subspace in a docker and dnsmasq is also running in the docker. It was uninstalled in the host machine as mentioned in the docs.

I also added some internal domains to /etc/hosts. And the DNS resolution is working well when connected to the VPN.

Everything works as expected but randomly the DNS resolution stops. On restarting the docker container everything works normally again.

I got access to the docker shell using docker exec and inside the container, DNS is working fine. it is just that in the wireguard clients and the host, DNS resolution is stopping randomly.

dnsmasq is running when checked with ps aux | grep dnsmasq on the host system.

Expected behaviour

DNS should resolve normally every time.

Additional context I am facing this issue right now with 2 different machines which are on AWS.

[kmskrishna]

Is there a way to run dnsmasq on the host machine and disable it in the docker?

[gchamon]

hey @kmskrishna, currently there is only the option to disable dnsmasq along with DNS tunneling altogether. We haven't split that config into two. Maybe we could implement an override and you could configure DNS to be your server IP

[kmskrishna]

Apart from that, I am encountering this issue a lot regularly, Any idea how to debug this. DNS works in docker but not on the host system. What might be the issue?

[gchamon]

do you think this is related to https://github.com/subspacecommunity/subspace/issues/141 ? Try https://github.com/subspacecommunity/subspace/issues/144#issuecomment-823313714

[kmskrishna]

hey @kmskrishna, currently there is only the option to disable dnsmasq along with DNS tunneling altogether. We haven't split that config into two. Maybe we could implement an override and you could configure DNS to be your server IP

Do you think doing this would solve the issue? I am running a wireguard/dnsmasq together without subspace and didn't face any issue. This makes me believe that this is a docker related issue. Not able to come up with a good way to debug it though. One way to do is to run dnsmasq outside the docker and test but that is not supported in subspace as of now.

[kmskrishna]

do you think this is related to #141 ? Try #144 (comment)

It definitely sounds like #141 and I tried the solution mentioned in #144 will update you on how it works.

Can we concretely say if the issue is because of docker and dnsmasq? What test can we do to prove/disprove this?

[gchamon]

I am really in the dark here. I have little knowledge of dnsmasq and personally I use VPN across different countries so I have to disable dnsmasq. I don't have, therefore, real world experience with dnsmasq. @agonbar can you think of a way to test this?

[syphernl]

Could this be related to #194? Do you see anything in the docker logs for the subspace container?

[kmskrishna]

@syphernl Docker logs show only this that mention dnsmasq

dnsmasq: started, version 2.80 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 1.1.1.1#53
dnsmasq: read /etc/hosts - 10 addresses
run: dnsmasq: (pid 54) 5s; run: log: (pid 52) 5s

[kmskrishna]

do you think this is related to #141 ? Try #144 (comment)

It definitely sounds like #141 and I tried the solution mentioned in #144 will update you on how it works.

Can we concretely say if the issue is because of docker and dnsmasq? What test can we do to prove/disprove this?

I tried the fix mentioned in #144, it didn't work.

[gchamon]

One sanity check question. How are you launching subspace? Post here the compose config or docker command

[kmskrishna]

One sanity check question. How are you launching subspace? Post here the compose config or docker command

Using the docker command line

 sudo docker create \
                    --name subspace \
                    --restart always \
                    --network host \
                    --cap-add NET_ADMIN \
                    --volume /data:/data \
                    --volume /etc/dnsmasq.d:/etc/dnsmasq.d \
                    --env SUBSPACE_HTTP_HOST="domain.com" \
                    --env SUBSPACE_DISABLE_DNS=true \
                    --env SUBSPACE_LISTENPORT="51820" \
                    --env SUBSPACE_ALLOWED_IPS="110.99.97.0/24" \
                    subspacecommunity/subspace:latest

Then

sudo docker start subspace

[gchamon]

We have an issue tracked in https://github.com/subspacecommunity/subspace/issues/193 . These shorthand tags are not working. Please use the long tags, for example amd64-v1.5.0