Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github.com not reachable from alpine image #155

Open
marcofranssen opened this issue Mar 8, 2021 · 26 comments
Open

github.com not reachable from alpine image #155

marcofranssen opened this issue Mar 8, 2021 · 26 comments

Comments

@marcofranssen
Copy link

marcofranssen commented Mar 8, 2021

Using the latest alpine 3.13 I'm unable to reach github.

Have tried this on Docker for Mac and a ubuntu 20.04 with rootless docker.

See here some things I tried to reach that succeeded.

docker run --rm -it alpine:3.13
/ # nslookup google.com
Server:		192.168.65.1
Address:	192.168.65.1:53

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:4001:801::200e

Non-authoritative answer:
Name:	google.com
Address: 142.250.185.110

/ # nslookup go.uber.org
Server:		192.168.65.1
Address:	192.168.65.1:53

Non-authoritative answer:
go.uber.org	canonical name = ghs.googlehosted.com
Name:	ghs.googlehosted.com
Address: 142.250.185.243

Non-authoritative answer:
go.uber.org	canonical name = ghs.googlehosted.com
Name:	ghs.googlehosted.com
Address: 2a00:1450:4013:c03::79

See here github.com which fails.

docker run --rm -it alpine:3.13
/ # nslookup github.com
Server:		192.168.65.1
Address:	192.168.65.1:53

Non-authoritative answer:
*** Can't find github.com: No answer

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4

For completeness I also checked with debian:buster-slim which succeeds.

docker run --rm -it debian:buster-slim
root@ed738f47333e:/# apt update && apt install -y dnsutils
root@ed738f47333e:/# nslookup github.com
Server:		192.168.65.1
Address:	192.168.65.1#53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4
@ghost
Copy link

ghost commented Mar 10, 2021

Duplicate of #151 but given the significance maybe makes sense to report twice 🤣

@Logiqx
Copy link

Logiqx commented Mar 10, 2021

I've got a similar problem with alpine:3.13 which doesn't exist in alpine:3.12

/ # mike@MIKE-ENVY:~/projects/work/wca-db$ docker run -it --rm alpine:3.13

/ # ping www.worldcubeassociation.org
ping: bad address 'www.worldcubeassociation.org'

/ # nslookup www.worldcubeassociation.org
Server:         192.168.65.4
Address:        192.168.65.4:53

Non-authoritative answer:
Name:   www.worldcubeassociation.org
Address: 34.208.140.116

*** Can't find www.worldcubeassociation.org: No answer

The above snippet is the most basic illustration of my issue.

In reality this is causing problems within a Python script that can be illustrated as follows:

mike@MIKE-ENVY:~/projects/work/wca-db$ docker run -it --rm python:3.9-alpine3.13
Python 3.9.2 (default, Feb 19 2021, 17:33:48)
[GCC 10.2.1 20201203] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib.request
>>> zip_url = "https://www.worldcubeassociation.org/results/misc/WCA_export.sql.zip"
>>> req = urllib.request.Request(zip_url, headers={'User-Agent': 'Mozilla'})
>>> infile = urllib.request.urlopen(req, timeout = 900)

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/urllib/request.py", line 1346, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/local/lib/python3.9/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.9/http/client.py", line 950, in send
    self.connect()
  File "/usr/local/lib/python3.9/http/client.py", line 1417, in connect
    super().connect()
  File "/usr/local/lib/python3.9/http/client.py", line 921, in connect
    self.sock = self._create_connection(
  File "/usr/local/lib/python3.9/socket.py", line 822, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
  File "/usr/local/lib/python3.9/socket.py", line 953, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Try again

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/urllib/request.py", line 214, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.9/urllib/request.py", line 517, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.9/urllib/request.py", line 534, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/local/lib/python3.9/urllib/request.py", line 494, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.9/urllib/request.py", line 1389, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/usr/local/lib/python3.9/urllib/request.py", line 1349, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno -3] Try again>
>>> req = urllib.request.Request(zip_url)
>>> infile = urllib.request.urlopen(req, timeout = 900)
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/urllib/request.py", line 1346, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/local/lib/python3.9/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.9/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.9/http/client.py", line 950, in send
    self.connect()
  File "/usr/local/lib/python3.9/http/client.py", line 1417, in connect
    super().connect()
  File "/usr/local/lib/python3.9/http/client.py", line 921, in connect
    self.sock = self._create_connection(
  File "/usr/local/lib/python3.9/socket.py", line 822, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
  File "/usr/local/lib/python3.9/socket.py", line 953, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Try again

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/urllib/request.py", line 214, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.9/urllib/request.py", line 517, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.9/urllib/request.py", line 534, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/local/lib/python3.9/urllib/request.py", line 494, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.9/urllib/request.py", line 1389, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/usr/local/lib/python3.9/urllib/request.py", line 1349, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno -3] Try again>
>>>

Both ping, nslookup and my Python code work fine in alpine:3.12 but not alpine:3.13

I'm using Docker Desktop 3.2.1 on Windows 10 with WSL2.

@gaby
Copy link

gaby commented Mar 17, 2021

I'm having the same issue. DNS is broken on Alpine 3.13

CC. @ncopa @sourcecode-glitch @CosmicToast

@jokay
Copy link

jokay commented Mar 18, 2021

May this be a problem only for Docker rootless setups?

As I can confirm the problem on a Docker rootless setup but it works on a default Docker setup.

Docker rootless (20.10.5)

user@host:~$ docker run --rm alpine:3.13 wget https://api.nuget.org/v3/index.json
wget: bad address 'api.nuget.org'

Docker default (19.03.11)

user@host:~$ docker run --rm alpine:3.13 wget https://api.nuget.org/v3/index.json
Connecting to api.nuget.org (152.199.23.209:443)
saving to 'index.json'
index.json           100% |********************************|  8543  0:00:00 ETA
'index.json' saved

@golgotow
Copy link

golgotow commented May 3, 2021

Hello,

is any fix in plan for this ?

Best regards

@ncopa
Copy link
Contributor

ncopa commented May 4, 2021

I'd be happy to fix it if someone could tell what the problem is.

To my understanding the problem is busybox nslookup? There are a bunch of "me-too" comments that mentions ping and stub resolver from python. (which to my understanding is slightly different thing)

Now for the original problem, with busybox nslookup:

ncopa-desktop:~$ docker run --rm -it alpine:3.13
/ # nslookup google.com
Server:		172.21.1.1
Address:	172.21.1.1:53

Non-authoritative answer:
Name:	google.com
Address: 142.250.74.142

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:400f:804::200e

/ # nslookup github.com
Server:		172.21.1.1
Address:	172.21.1.1:53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.3

Non-authoritative answer:
*** Can't find github.com: No answer

/ # echo $?
0

nslookup actually returns 0 which means success and it does give the answer Address: 140.82.121.3.

Would be good to know:

  • kernel version
  • docker version
  • libseccomp version

Also, busybox nslookup is a slimmed down, or limited version of nslookup. If it is not broken, just not good enough, then you can install bind-tools for a full featured nslookup.

@ncopa
Copy link
Contributor

ncopa commented May 4, 2021

does it work with nslookup from bind-tools?

@rochacon
Copy link

rochacon commented May 6, 2021

I'm was having similar problems running Alpine 3.13 containers inside Kubernetes. While using an external DNS (e.g. 1.1.1.1) everything worked fine, but when using the internal DNS, CoreDNS, aplications would crash with resolution errors. I noticed that CoreDNS was responding for AAAA records with NXDOMAIN error. With this, even nslookup would fail (apk, PHP, Python etc. all errored too).

After double checking my CoreDNS settings and versions, and making sure it would respond correctly for both A and AAAA records, the problem was no longer present.

It seems to me the issue happens when DNS servers responds with NXDOMAIN for AAAA records, then musl (?) will return the query as "not resolved", resulting in the failures we're experiencing (even tho an A record was returned). When AAAA queries respond with No answer I do not see the same issues.

@gsmethells
Copy link

gsmethells commented May 6, 2021

-FROM python:3.7-alpine3.11
+FROM python:3.7-alpine3.13

and now it cannot wget www

#5 12.40 (79/80) Installing imagemagick-dev (7.0.10.57-r0)
#5 12.48 (80/80) Installing .build-deps (20210506.184850)
#5 12.48 Executing busybox-1.32.1-r6.trigger
#5 12.49 Executing glib-2.66.8-r0.trigger
#5 12.50 No schema files found: doing nothing.
#5 12.51 OK: 305 MiB in 115 packages
#5 12.61 wget: bad address 'www.medstrat.com'
#5 12.61 tar: invalid magic
#5 12.61 tar: short read
------
failed to solve with frontend dockerfile.v0: failed to build LLB: executor failed running [/bin/sh -c apk add --no-cache --virtual .build-deps g++ make glib-dev expat-dev jpeg-dev zlib-dev tiff-dev imagemagick-dev     && wget -O- https://www.medstrat.com/3rdparty/vips-${VIPS_VERSION}.tar.gz | tar xzC /tmp     && cd /tmp/vips-${VIPS_VERSION}     && ./configure     && make install     && cd /tmp     && rm -rf /tmp/vips-${VIPS_VERSION}     && apk del --no-cache .build-deps]: runc did not terminate sucessfully

@lrascao
Copy link

lrascao commented May 10, 2021

@rochacon

After double checking my CoreDNS settings and versions, and making sure it would respond correctly for both A and AAAA records, the problem was no longer present.

can you please elaborate? what changes did you make to CoreDNS settings?

@5nafu
Copy link

5nafu commented May 20, 2021

After double checking my CoreDNS settings and versions, and making sure it would respond correctly for both A and AAAA records, the problem was no longer present.

I am not quite sure that this is really related to CoreDNS (or I did not understand it correctly), as the busybox nslookup will give both IPv6 and IPv4 adresses on some other hosts:

alpine:3.13

/ # nslookup github.com
Server:	192.168.65.1
Address:	192.168.65.1:53

** server can't find github.com: NXDOMAIN

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4
Name:	github.com
Address: 140.82.121.4

/ # nslookup google.com
Server:	192.168.65.1
Address:	192.168.65.1:53

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:4005:802::200e
Name:	google.com
Address: 2a00:1450:4005:802::200e

Non-authoritative answer:
Name:	google.com
Address: 142.250.181.206
Name:	google.com
Address: 142.250.181.206

/ # wget https://github.com
wget: bad address 'github.com'
/ # wget https://google.com
Connecting to google.com (216.58.213.206:443)
Connecting to www.google.com (172.217.19.68:443)
saving to 'index.html'
index.html           100% |***********************************************************************************************************************************************| 14400  0:00:00 ETA
'index.html' saved

alpine:3.12

/ # nslookup github.com
Server:	192.168.65.1
Address:	192.168.65.1:53

** server can't find github.com: NXDOMAIN

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4
Name:	github.com
Address: 140.82.121.4

/ # nslookup google.com
Server:	192.168.65.1
Address:	192.168.65.1:53

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:4005:803::200e
Name:	google.com
Address: 2a00:1450:4005:803::200e

Non-authoritative answer:
Name:	google.com
Address: 142.250.181.206
Name:	google.com
Address: 142.250.181.206

/ # wget https://github.com
Connecting to github.com (140.82.121.4:443)
saving to 'index.html'
index.html           100% |***********************************************************************************************************************************************|  208k  0:00:00 ETA
'index.html' saved
/ # rm index.html
/ # wget https://google.com
Connecting to google.com (216.58.213.206:443)
Connecting to www.google.com (216.58.213.228:443)
saving to 'index.html'
index.html           100% |***********************************************************************************************************************************************| 13609  0:00:00 ETA
'index.html' saved

@ncopa, to answer your question, The use case is any download while building container images based on alpine might fails when downloading additional parts. The list of domains I came across contains for example github.com and dl-3.alpinelinux.org.

In our case we are using the dind:rootless container in a kubernetes setup:

$ uname -a
Linux 096ee58fe6f6 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 Linux
$ docker --version
Docker version 19.03.12, build 48a66213fe
$  dpkg -l libseccomp2
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name              Version                Architecture Description
+++-=================-======================-============-============================================
ii  libseccomp2:amd64 2.5.1-1ubuntu1~20.04.1 amd64        high level interface to Linux seccomp filter

@marcofranssen
Copy link
Author

I'm pretty sure it is not related to CoreDNS.

I'm facing the issue in Docker-for-Mac, Barebone rootless docker on ubuntu as well when running in a k8s cluster. These do not all use a CoreDNS setup.

Any other image is not facing this issue. e.g. Ubuntu, debian, busybox.

@rochacon
Copy link

It is not related to CoreDNS specifically, but to the DNS server returning the incorrect error code for a non existing record, e.g. NXDOMAIN errors instead of NODATA. In my case it was related to CoreDNS since this is the DNS server I'm using, I believe Docker-for-Mac has its own DNS server too, although I'm not sure and don't have a mac to test this.

Could you post the output for the following commands?

nslookup -type=A google.com
nslookup -type=AAAA google.com
nslookup -type=A google.com 8.8.8.8
nslookup -type=AAAA google.com 8.8.8.8

These should test DNS resolutions against both DNS providers: default (nameserver entry in /etc/resolv.conf) and Google's public one. I believe at least one of the records on the default DNS server will return NXDOMAIN.

@lrascao I missed the notification for your message, sorry. CoreDNS versions prior to 1.7 had some issues with autopath + cache plugins, a workaround was to "disable" IPv6 resolution by returning a fixed response for every AAAA request, I still had this setting on my CoreDNS Corefile since I do not have IPv6 enabled on my environment. Removing the workaround and making sure CoreDNS is up-to-date was the change I made that solved the resolution issues with Alpine 3.13 for me.

@marcofranssen
Copy link
Author

Google works fine, Github is having issues on AAAA (ipv6). Or when the type is not provided.

$ docker run --rm -it alpine sh
/ # nslookup -type=A google.com
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
Name:	google.com
Address: 216.58.214.14

/ # nslookup -type=AAAA google.com
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:400e:802::200e

/ # nslookup -type=AAAA google.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8:53

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:400e:802::200e

/ # nslookup -type=A google.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8:53

Non-authoritative answer:
Name:	google.com
Address: 216.58.214.14

/ # nslookup -type=A github.com
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4

/ # nslookup -type=AAAA github.com
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
*** Can't find github.com: No answer

/ # nslookup -type=AAAA github.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8:53

Non-authoritative answer:
*** Can't find github.com: No answer

/ # nslookup github.com
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4

Non-authoritative answer:
*** Can't find github.com: No answer

@rochacon
Copy link

rochacon commented May 21, 2021

Sorry @marcofranssen I forgot to add the exit code to the commands, I believe all those returned 0 (success), right? nslookup github.com ; echo $?

Adding to the history here, I believe this is related to https://gitlab.alpinelinux.org/alpine/aports/-/issues/11879 which should be fixed on https://git.musl-libc.org/cgit/musl/commit/?id=5cf1ac2443ad0dba263559a3fe043d929e0e5c4c (released on musl-1.2.1).

Could it be possible that the affected images are still using an older version of musl? apk list | grep musl-

@marcofranssen
Copy link
Author

marcofranssen commented May 21, 2021

Indeed responds with a 0 exitcode. However musl is already at 1.2.2 in latest alpine.

$ docker run --rm -it alpine sh
/ # nslookup github.com ; echo $?
Server:		192.168.65.5
Address:	192.168.65.5:53

Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4

Non-authoritative answer:
*** Can't find github.com: No answer

0
/ # apk list | grep musl-
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: No such file or directory
musl-1.2.2-r0 x86_64 {musl} (MIT) [installed]
musl-utils-1.2.2-r0 x86_64 {musl} (MIT BSD GPL2+) [installed]

@weyou
Copy link

weyou commented Jun 30, 2021

Got the same problem on 3.13.

weyou@omv:~$ docker run -ti --rm alpine:3.13 sh
/ # nslookup -type=A github.com
Server:         172.16.20.1
Address:        172.16.20.1:53

Non-authoritative answer:
Name:   github.com
Address: 192.30.255.113

/ # nslookup -type=AAAA github.com
Server:         172.16.20.1
Address:        172.16.20.1:53

** server can't find github.com: REFUSED

/ # ping github.com
ping: bad address 'github.com'
/ # ping -4 github.com
PING github.com (192.30.255.112): 56 data bytes
64 bytes from 192.30.255.112: seq=1 ttl=46 time=302.787 ms
64 bytes from 192.30.255.112: seq=2 ttl=46 time=302.894 ms
64 bytes from 192.30.255.112: seq=3 ttl=46 time=302.345 ms
64 bytes from 192.30.255.112: seq=4 ttl=46 time=304.398 ms
^C
--- github.com ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 302.345/303.106/304.398 ms
/ # ping -6 github.com
ping: bad address 'github.com'

/ # nc github.com 80
nc: bad address 'github.com'

/ # traceroute github.com
traceroute: bad address 'github.com'
/ # traceroute -6 github.com
traceroute: bad address 'github.com'
/ # traceroute -4 github.com
traceroute to github.com (192.30.255.112), 30 hops max, 46 byte packets
 1  10.30.0.1 (10.30.0.1)  0.023 ms  0.023 ms  0.021 ms
 2   ...

It looks like all network tools prefer using the "-6" option in this version.

niloc132 added a commit to deephaven/deephaven-core that referenced this issue Aug 25, 2021
…1034)

Apparently in older linux kernels or docker installs (the alpine bug report isn't sure which), DNS sometimes doesn't work, and we can't build this image since github.com fails to resolve in the second line of this RUN.

In Alpine 3.12, unzip doesn't create the directory automatically, so we need to make it ahead of time.

Alpine 3.12 EOLs May 1, 2022, we should update by then, decide that we aren't concerned with older kernels (or docker installs), or pick a different image for this proxy.

alpinelinux/docker-alpine#155

See #1119 for later followup.
@Logiqx
Copy link

Logiqx commented Dec 29, 2021

A quick update which might add a little further insight. The issue that I've encountered personally appears to be when accessing specific domains via IPv6 with Alpine 3.13 upwards; I've tested Alpine 3.13, 3.14 and 3.15. Alpine 3.12 and earlier releases do not have this specific issue.

The problem only affects some of my environments (e.g. Windows 10 running Docker Desktop with an Alpine 3.13/3.14/3.15 base image for my project). Some of my other environments work absolutely fine (e.g. Amazon Linux using Alpine 3.13/3.14/3.15 base images or my Windows machine using alternative base images such as Ubuntu / Debian). Alpine 3.12 and earlier still work fine on my Windows 10 machine.

It's all the same problem but for me it is when accessing www.worldcubeassociation.org

I have a simple Python script that downloads a zip file from that website but on my Windows laptop it fails due to what appears to be name resolution issue; original stack trace is included in my earlier comment but occurs in Alpine 3.13, 3.14 and 3.15.

To allow myself to upgrade to Python 3.10 + Alpine 3.15, I've implemented a dirty hack in my Python project to force IPv4 when running on Windows. I test the project code on my Windows machine (i.e. IPv4) then deploy to AWS which bypasses the hack and thus uses IPv6 (if available).

For anyone interested you can see the Python code that downloads the zip file from www.worldcubeassociation.org and the hack to force IPv4 on Windows: https://github.com/Logiqx/wca-db/tree/master/python

The fix suggested by dogi (installing the ip6tables package) does not work for my project.

@j4ym0
Copy link

j4ym0 commented Jan 11, 2022

I have run into this issue a few times on Alpine 3.12+ images using Docker for Windows, building multi-arch images with buildx, or even just running the base image. I would get curl: (6) Could not resolve host: codeload.github.com

My workaround is adding --retry 5 to my curl command. Now although it initially fails with 'could not resolve host' by the 3rd attempt it is successful.

I found that this helps, not sure why. Maybe it added another way to resolve the address.
I added ipv6 support to the docker config file in Settings -> Docker Engine (on windows)

  "fixed-cidr-v6": "2001:db8:1::/64",
  "ipv6": true,

This then would allow curl and wget to resolve the host the first time, but only if there was no redirect (301, 302) from the original domain, but can be resolved again using --retry. Adding the ip6tables package did not help in all cases.

I don't think this is an ipv4 / ipv6 issue, to me it seems to be an issue with the resolver and repeated requests will resolve the address. Now whether this lies in the Alpine image or in Docker I am not sure.

@limingxinleo
Copy link

mark

@decriptor
Copy link

I've been running into roughly the same problem. In my I'm trying to install a dotnet tool (dotnet-monitor) and I couldn't resolve api.nuget.org

I tried:

nslookup api.nuget.org - failed

nslookup api.nuget.org 172.24.112.1
Server:         172.24.112.1
Address:        172.24.112.1:53

Non-authoritative answer:
*** Can't find api.nuget.org: Parse error

Non-authoritative answer:
*** Can't find api.nuget.org: Parse error
nslookup api.nuget.org 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8:53

Non-authoritative answer:
api.nuget.org   canonical name = nugetapiprod.trafficmanager.net
nugetapiprod.trafficmanager.net canonical name = apiprod-mscdn.azureedge.net
<SNIP - for brevity sake>

I ended up manually adding my local dns to /etc/resolv.conf and things seem to be working just fine.

nameserver 172.24.112.1
nameserver 192.168.1.1

172.24.112.1 <- this is there by default. So, whatever that points to seems to cause problems?

@tobiasehlert
Copy link

I'm experiencing the same issue and I am running busybox in a Docker rootless, when running towards the default Docker rootless DNS resolving part.

When pointing out an external DNS in the nslookup command, it actually works in Docker rootless.

When running in "normal" Docker, both commands below work.

# using 1.1.1.1
docker run --rm golang:alpine /bin/busybox nslookup -debug github.com 1.1.1.1

# using default
docker run --rm golang:alpine /bin/busybox nslookup -debug github.com

Output is like this:

# using 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1:53

Query #0 completed in 6ms:
Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4

Query #1 completed in 6ms:
Non-authoritative answer:
# using default
Server:		192.168.65.1
Address:	192.168.65.1:53

Query #0 completed in 1ms:
Non-authoritative answer:
Name:	github.com
Address: 140.82.121.4
Name:	github.com
Address: 140.82.121.4

Query #1 completed in 1ms:
** server can't find github.com: NXDOMAIN

@mj520
Copy link

mj520 commented Oct 13, 2022

apk add bind-tools
curl、nslookup 、php ... ok

@Crapshit
Copy link

@mj520 this does not help us, because our application still fails in DNS resolution.

In our case we are also receiving NXDOMAIN / SERVFAIL for AAAA type records from our Consul cluster.

@timblaktu
Copy link

I have run into this issue a few times on Alpine 3.12+ images using Docker for Windows, building multi-arch images with buildx, or even just running the base image. I would get curl: (6) Could not resolve host: codeload.github.com

My workaround is adding --retry 5 to my curl command. Now although it initially fails with 'could not resolve host' by the 3rd attempt it is successful.

@j4ym0 on 3.16, retrying wget 10 times doesn't fix the DNS issue after upgrading from BusyBox wget using apk add --no-cache wget:

 > [iamlive download 2/2] RUN     wget --tries=10 --retry-connrefused --retry-on-host-error -O iamlive.tar.gz "https://github.com/iann0036/iamlive/releases/download/v0.49.0/iamlive-v0.49.0-linux-amd64.tar.gz" &&     tar -xzf iamlive.tar.gz:                                                                                                                                                 #0 0.425 --2022-11-09 14:26:27--  https://github.com/iann0036/iamlive/releases/download/v0.49.0/iamlive-v0.49.0-linux-amd64.tar.gz
#0 0.446 Resolving github.com (github.com)... failed: Name does not resolve.
#0 0.578 wget: unable to resolve host address 'github.com'
#0 0.578 Retrying.
#0 0.578
#0 1.579 --2022-11-09 14:26:29--  (try: 2)  https://github.com/iann0036/iamlive/releases/download/v0.49.0/iamlive-v0.49.0-linux-amd64.tar.gz
#0 1.579 Resolving github.com (github.com)... failed: Name does not resolve.
#0 1.582 wget: unable to resolve host address 'github.com'
#0 1.582 Retrying.
#0 1.582
.
.
.
#0 45.78 --2022-11-09 14:27:13--  (try:10)  https://github.com/iann0036/iamlive/releases/download/v0.49.0/iamlive-v0.49.0-linux-amd64.tar.gz
#0 45.78 Resolving github.com (github.com)... failed: Name does not resolve.
#0 45.79 wget: unable to resolve host address 'github.com'
#0 45.79 Giving up.
#0 45.79

I'm on Debian 11 on WSL2.

@issenn
Copy link

issenn commented Jan 19, 2023

same issue.

After the docker daemon runs for a period of time, alpine's network will be broken.
Maybe it's a docker problem, but if I can't restart the docker, and I can't test alpine.

/ #  ping -4 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
/ # traceroute github.com
traceroute to github.com (20.205.243.166), 30 hops max, 46 byte packets
 1  172.17.0.1 (172.17.0.1)  0.076 ms  0.007 ms  0.003 ms
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
/ # apk add iputils
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
48BB57250C7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:320:
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.17/main: Permission denied
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: No such file or directory
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
48BB57250C7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:320:
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.17/community: Permission denied
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: No such file or directory
ERROR: unable to select packages:
  iputils (no such package):
    required by: world[iputils]

dbelyaev pushed a commit to dbelyaev/action-checkstyle that referenced this issue Sep 3, 2024
this gets around name resolution issues present on rootless Docker:
alpinelinux/docker-alpine#155
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests