I have a Nextcloud AIO setup that (for some reason unclear to me) does DNS lookups only via IPv6. Looking up hosts inside containers works fine with IPv4, but not with IPv6 as it seems, the embedded DNS server is only listening on IPv4, i.e. 127.0.0.11.
c4e3669bae91:/usr/local/apache2$ dig google.com
; <<>> DiG 9.18.27 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19286
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6c45216ece82e04701000000674d70c4ee611777a9137765 (good)
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 101 IN A 142.250.184.238
;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Mon Dec 02 09:33:08 CET 2024
;; MSG SIZE rcvd: 83
c4e3669bae91:/usr/local/apache2$ dig -6 google.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
; <<>> DiG 9.18.27 <<>> -6 google.com
;; global options: +cmd
;; no servers could be reached
Manually adding an IPv6 nameserver to the containerās resolv.conf also works fine, but is not persistent.
How can I enable the embedded DNS server for user-defined networks to listen on IPv6 as well?
Please, share how you came to this conclusion. It wouldnāt make sense to me. As @bluepuma77 said, you could ask the NextCloud community about it, but normally a client accesses a DNS server and asks it to resolve a domain to an IP address. As far as I know, It diesnāt matter on which IP address the server is lisstening on. What matters is whether the DNS server knows about IPv6 addresses or not. Then a second request is sent either to an IPv4 address or an IPv6 address.
If there is only IPv4 enabled for Docker containers, then even if the DNS server gives you IPv6 addresses, the container will be able to use only IPv4 addresses. You can enable IPv6 for containers
Nextcloud was originally set up in a IPv6-only environment and IPv4 support only added later. I get a lot of errors that NC isnāt able to resolve hostnames, e.g. for internal service discovery, but also for the Nextcloud app store and other external hosts.
All DNS resolutions inside the containers work fine, if done via IPv4. But there is no nameserver reachable in any of the containers via IPv6. So, that is why I conclude that NC tries to reach an IPv6-nameserver only.
Already the first step in your description āa client accesses a DNS serverā fails. A DNS server always has to be provided as an IP address and not as a hostname, obviously. The Docker embedded DNS server in my user-defined network only listens on 127.0.0.11 and not on ::1.
So my thought is, that when I can enable it to listen on ::1 as well, DNS resolution should work.
Iāve posted a similar question in the NC community why it would show this strange, IPv6-only behaviour, but no answer yet.
And yes, Iām using nextcloud/all-in-one:latest. Above output is from the Apache container, but behaviour is the same in all other containers as well.
Do you have any logs that confirms the suspicion that NextCloud tries to use a DNS server on IPv6? If not, you could try to search for it.
The DNS server is defined in /etc/resolv.conf. That is what processes should use. That is not an IPv6 address. If there is custom DNS server defined somewhere in NextCloud that overrides the default address for its processes, that could cause what you experience, but that would probably mean that no request that uses a domain name would work. Is this the case, or ālot of errorsā means a lot, but not all requests?
What I would suspect is that the request can reach the DNS server IP and port, but it is not forwarded to an external DNS server that knows about the requested domain name., but since you wrote you saw no problem when trying ādigā in a container on ipv4, that shouldnāt be the case either.
Can you share the link?
I tested IPv6 network in a container by the way, and the DNS server will not listen on IPv6 even if an IPv6 network is enabled so I donāt think you could change that.
It seems that I was on the wrong path with IPv6 only. dig only searches for an IPv6 DNS server, if used with -6.
I had a second look at the Nextcloud logs and stumbled upon cURL error 6: Could not resolve host: apps.nextcloud.com. So I investigated cURL inside the nextcloud-aio-nextcloud container from the command line. It seems, cURL is not able to resolve hostnames at all - no matter if IPv4 or IPv6.
I still couldnāt reproduce it, but it seems you got answers on the NextCloud forum as well, suggesting it is a known issue in the Alpine image. I canāt say I understand it and it is an old issue, but it would explain why I canāt reproduce it as they say that it happens only on some machines.