How to enable embedded DNS to listen on IPv6?

Hi,

I have a Nextcloud AIO setup that (for some reason unclear to me) does DNS lookups only via IPv6. Looking up hosts inside containers works fine with IPv4, but not with IPv6 as it seems, the embedded DNS server is only listening on IPv4, i.e. 127.0.0.11.

c4e3669bae91:/usr/local/apache2$ dig google.com

; <<>> DiG 9.18.27 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19286
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6c45216ece82e04701000000674d70c4ee611777a9137765 (good)
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             101     IN      A       142.250.184.238

;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Mon Dec 02 09:33:08 CET 2024
;; MSG SIZE  rcvd: 83

c4e3669bae91:/usr/local/apache2$ dig -6 google.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused

; <<>> DiG 9.18.27 <<>> -6 google.com
;; global options: +cmd
;; no servers could be reached

Manually adding an IPv6 nameserver to the containerā€™s resolv.conf also works fine, but is not persistent.

How can I enable the embedded DNS server for user-defined networks to listen on IPv6 as well?

Thanks!

Have you asked in the NextCloud forum how the AIO users deal with this?

Please, share how you came to this conclusion. It wouldnā€™t make sense to me. As @bluepuma77 said, you could ask the NextCloud community about it, but normally a client accesses a DNS server and asks it to resolve a domain to an IP address. As far as I know, It diesnā€™t matter on which IP address the server is lisstening on. What matters is whether the DNS server knows about IPv6 addresses or not. Then a second request is sent either to an IPv4 address or an IPv6 address.

If there is only IPv4 enabled for Docker containers, then even if the DNS server gives you IPv6 addresses, the container will be able to use only IPv4 addresses. You can enable IPv6 for containers

Did you use this command only to test if it can access the DNS server on an IPv6 address or to get IPv6 IP addresses in the response?

And what is the image you are using? It doesnā€™t seem to be nextcloud/all-in-one:latest.

Nextcloud was originally set up in a IPv6-only environment and IPv4 support only added later. I get a lot of errors that NC isnā€™t able to resolve hostnames, e.g. for internal service discovery, but also for the Nextcloud app store and other external hosts.

All DNS resolutions inside the containers work fine, if done via IPv4. But there is no nameserver reachable in any of the containers via IPv6. So, that is why I conclude that NC tries to reach an IPv6-nameserver only.

Already the first step in your description ā€œa client accesses a DNS serverā€ fails. A DNS server always has to be provided as an IP address and not as a hostname, obviously. The Docker embedded DNS server in my user-defined network only listens on 127.0.0.11 and not on ::1.

So my thought is, that when I can enable it to listen on ::1 as well, DNS resolution should work.

Iā€™ve posted a similar question in the NC community why it would show this strange, IPv6-only behaviour, but no answer yet.

And yes, Iā€™m using nextcloud/all-in-one:latest. Above output is from the Apache container, but behaviour is the same in all other containers as well.

Do you have any logs that confirms the suspicion that NextCloud tries to use a DNS server on IPv6? If not, you could try to search for it.

The DNS server is defined in /etc/resolv.conf. That is what processes should use. That is not an IPv6 address. If there is custom DNS server defined somewhere in NextCloud that overrides the default address for its processes, that could cause what you experience, but that would probably mean that no request that uses a domain name would work. Is this the case, or ā€œlot of errorsā€ means a lot, but not all requests?

What I would suspect is that the request can reach the DNS server IP and port, but it is not forwarded to an external DNS server that knows about the requested domain name., but since you wrote you saw no problem when trying ā€œdigā€ in a container on ipv4, that shouldnā€™t be the case either.

Can you share the link?

I tested IPv6 network in a container by the way, and the DNS server will not listen on IPv6 even if an IPv6 network is enabled so I donā€™t think you could change that.

Thanks a lot for your thoughts!

It seems that I was on the wrong path with IPv6 only. dig only searches for an IPv6 DNS server, if used with -6.

I had a second look at the Nextcloud logs and stumbled upon cURL error 6: Could not resolve host: apps.nextcloud.com. So I investigated cURL inside the nextcloud-aio-nextcloud container from the command line. It seems, cURL is not able to resolve hostnames at all - no matter if IPv4 or IPv6.

I posted the details in the Nextcloud forum: Several problems after adding IPv4 support to former IPv6-only instance and upgrade to v30 - ā„¹ļø Support - Nextcloud community

I still couldnā€™t reproduce it, but it seems you got answers on the NextCloud forum as well, suggesting it is a known issue in the Alpine image. I canā€™t say I understand it and it is an old issue, but it would explain why I canā€™t reproduce it as they say that it happens only on some machines.

1 Like