infomaniak IPv6 issues
-
After some digging I've understood that Cloudron is using Hakara in a docker container as the SMTP mail server.
So I guess the whole mail server stack is running in a docker container.
Based on those facts, I had a look if ipv6 was enabled in docker.
I saw that Docker is configured to manage IPv6 firewall rules (iptables) using
ps aux | grep dockerd. =>--storage-driver=overlay2 --experimental --ip6tables --userland-proxy=falsebut that containers aren't using ipv6 :
sudo docker network inspect bridge | grep -A 5 IPv6
Result :"EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ {@girish , if I create a custom config file "deamon.js" in /etc/docker/daemon.json , and I add this config inside the json to enable ipv6 inside containers :
{ "ipv6": true, "fixed-cidr-v6": "fd00:dead:beef::/64" }Do you think it could solve the issue ? Because I guess reverse DNS checks likely happen inside this mail container ?
And maybe each app update reset the docker network bridge ? And then the mail container loses ipv6 connectivity / ability to do his rever DNS check for ipv6 correctly ?I really don't know, trying to figure things out here.
wrote 15 days ago last edited by jdaviescoates 15 days ago@Gengar said in Email sending broken after updating to 8.2.x (due to IPv6 issues):
Do you think it could solve the issue ? Because I guess reverse DNS checks likely happen inside this mail container ?
if that was the issue then wouldn't we all be having the strange issues you're having? Speaking personally my PTR6 status has been fine and green ever since I initially set it. -
@Gengar said in Email sending broken after updating to 8.2.x (due to IPv6 issues):
Do you think it could solve the issue ? Because I guess reverse DNS checks likely happen inside this mail container ?
if that was the issue then wouldn't we all be having the strange issues you're having? Speaking personally my PTR6 status has been fine and green ever since I initially set it.wrote 15 days ago last edited by@jdaviescoates yeah i thought about that too and I guess you are right…
But I really have no other leads rn …
-
wrote 15 days ago last edited by Gengar 15 days ago
@girish I think I have very interesting new information to narrow down the possibilities for the root cause. What I did is that I tried to restart every component/service I could, starting from the most specific (mail container) to the most general (full system reboot):
Service / Component restarted Result sudo docker restart mailNOK sudo systemctl restart boxNOK sudo systemctl restart dockerNOK – I had to restart apps manually due to bad gateway / 500 errors. sudo systemctl restart unboundNOK sudo systemctl restart systemd-resolvedNOK sudo systemctl restart systemd-networkdNOK sudo netplan applyNOK sudo rebootOK – PTR6 works again. So I asked myself: what could exist between the NOK and OK state that I hadn't tried?
I decided to target the IPv6 stack of the OS directly. I ran:
sudo ip -6 neigh flush all sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 sleep 2 sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
️ After this, it was still NOK, but interestingly it reported the PTR6 = null state instantly, instead of the usual 1–2 minute delay. That suggested something was cleared or reset => Makes sense as I flushed.After flushing the IPv6 neighbours and disabling / re-enabling the ipv6 module I've restarted netplan and docker :
sudo netplan apply sudo systemctl restart docker️ Again, after restarting Docker I had to manually restart all apps (some with bad gateway / nginx errors like n8n). But...
IT WORKED!
The PTR6 value was immediately resolved again and Cloudron no longer shows
null. So this suggests that the root cause may lie somewhere in the interaction between the kernel IPv6 stack and Docker’s networking layer ? particularly after updates...What do you think @girish ? What could be the root cause ?
-
Not sure, but in many VPS , IPv6 and related networking are simply not that reliable . It's hard to point at the root cause without debugging the setups. Which VPS are you using, if you don't mind sharing?
wrote 15 days ago last edited by@joseph I'm using a VPS from Infomaniak. => https://www.infomaniak.com/
-
@Gengar should I use https://www.infomaniak.com/en/hosting/vps-lite ? Can't make out if those have IPv6
-
@Gengar should I use https://www.infomaniak.com/en/hosting/vps-lite ? Can't make out if those have IPv6
-
@Gengar should I use https://www.infomaniak.com/en/hosting/vps-lite ? Can't make out if those have IPv6
-
@Gengar I have created a ticket now to set the PTR records. But going back to your original issue:
"host -t PTR <ipv6> 127.0.0.150 always fails instantly." This works just fine on my VPS. Maybe you have some firewall rules? I just allowed everything incoming in firewall.
ubuntu@ov-9503b4:~$ host -t PTR 45.55.2.141 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 141.2.55.45.in-addr.arpa domain name pointer my.cloudron.io. ubuntu@ov-9503b4:~$ host -t PTR 2604:a880:1:4a::2:7000 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 0.0.0.7.2.0.0.0.0.0.0.0.0.0.0.0.a.4.0.0.1.0.0.0.0.8.8.a.4.0.6.2.ip6.arpa domain name pointer my.cloudron.io. -
@Gengar I have created a ticket now to set the PTR records. But going back to your original issue:
"host -t PTR <ipv6> 127.0.0.150 always fails instantly." This works just fine on my VPS. Maybe you have some firewall rules? I just allowed everything incoming in firewall.
ubuntu@ov-9503b4:~$ host -t PTR 45.55.2.141 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 141.2.55.45.in-addr.arpa domain name pointer my.cloudron.io. ubuntu@ov-9503b4:~$ host -t PTR 2604:a880:1:4a::2:7000 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 0.0.0.7.2.0.0.0.0.0.0.0.0.0.0.0.a.4.0.0.1.0.0.0.0.8.8.a.4.0.6.2.ip6.arpa domain name pointer my.cloudron.io.wrote 13 days ago last edited by Gengar 13 days agoThis post is deleted! -
@Gengar I have created a ticket now to set the PTR records. But going back to your original issue:
"host -t PTR <ipv6> 127.0.0.150 always fails instantly." This works just fine on my VPS. Maybe you have some firewall rules? I just allowed everything incoming in firewall.
ubuntu@ov-9503b4:~$ host -t PTR 45.55.2.141 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 141.2.55.45.in-addr.arpa domain name pointer my.cloudron.io. ubuntu@ov-9503b4:~$ host -t PTR 2604:a880:1:4a::2:7000 127.0.0.150 Using domain server: Name: 127.0.0.150 Address: 127.0.0.150#53 Aliases: 0.0.0.7.2.0.0.0.0.0.0.0.0.0.0.0.a.4.0.0.1.0.0.0.0.8.8.a.4.0.6.2.ip6.arpa domain name pointer my.cloudron.io.wrote 13 days ago last edited by Gengar 13 days ago@girish Okay so here it doesn't work the same. For example I've rebooted my server this morning (like 2 hours ago) beceause my PTR6 was null.
And I've tried again and yeah, I have a communication error during the 1st try that you don't have. But each time it resolve it even with the communication error and the 2nd time it always works. And I have this exact behavior each time.
That's weird.
My firewall is setup like this :
-
wrote 13 days ago last edited by
OK, i'm gonna say it: It's something to do with infomaniak, and it's time to move to a different VPS provider.
-
OK, i'm gonna say it: It's something to do with infomaniak, and it's time to move to a different VPS provider.
wrote 13 days ago last edited by@scooke 🥲 I really like Infomaniak especially their commitment to ecology https://www.infomaniak.com/en/ecology ... If I have no other choices maybe I will switch to another hosting provider... We will see...
-
@scooke 🥲 I really like Infomaniak especially their commitment to ecology https://www.infomaniak.com/en/ecology ... If I have no other choices maybe I will switch to another hosting provider... We will see...
@Gengar
Just read the Hetzner page: https://www.hetzner.com/unternehmen/nachhaltigkeit/
If you are looking for an eco-friendly provider, Hetzner is pretty good. -
@Gengar
Just read the Hetzner page: https://www.hetzner.com/unternehmen/nachhaltigkeit/
If you are looking for an eco-friendly provider, Hetzner is pretty good.wrote 13 days ago last edited by@BrutalBirdie Oh thanks for the link ! I will read what they do
-
@BrutalBirdie Oh thanks for the link ! I will read what they do
wrote 13 days ago last edited by@Gengar I have a spreadsheet with a bunch of Eco VPS providers here:
I should add Informaniak!
But yeah Hetzner is probably the best option overall imho, great value and great UX. I tried Netcup because they are even cheaper, but 1) you have to pay 6 months in advance (whereas with Hetzner you can just pay for an hour if you cancel), 2) their default Ubuntu is stripped down and so installing Cloudron doesn't work until you mess around installing full Ubuntu first 3) their UI/ UX is just no way near as good as Hetzner's, etc.
-
@Gengar I have a spreadsheet with a bunch of Eco VPS providers here:
I should add Informaniak!
But yeah Hetzner is probably the best option overall imho, great value and great UX. I tried Netcup because they are even cheaper, but 1) you have to pay 6 months in advance (whereas with Hetzner you can just pay for an hour if you cancel), 2) their default Ubuntu is stripped down and so installing Cloudron doesn't work until you mess around installing full Ubuntu first 3) their UI/ UX is just no way near as good as Hetzner's, etc.
wrote 13 days ago last edited by@jdaviescoates If it works with Infomaniak, it would be another cheap VPS and ecofriendly one yeah. They have their "VPS Light" that is cheap and atm, except the ptr6 value that switches to null after updates, that seems solid.
With hetzner , can you setup yourself your PTR ? For Infomaniak we need to open a ticket to their support.
-
@Gengar I have a spreadsheet with a bunch of Eco VPS providers here:
I should add Informaniak!
But yeah Hetzner is probably the best option overall imho, great value and great UX. I tried Netcup because they are even cheaper, but 1) you have to pay 6 months in advance (whereas with Hetzner you can just pay for an hour if you cancel), 2) their default Ubuntu is stripped down and so installing Cloudron doesn't work until you mess around installing full Ubuntu first 3) their UI/ UX is just no way near as good as Hetzner's, etc.
wrote 13 days ago last edited by avatar1024 13 days ago@jdaviescoates said in Email sending broken after updating to 8.2.x (due to IPv6 issues):
but 1) you have to pay 6 months in advance (whereas with Hetzner you can just pay for an hour if you cancel), 2) their default Ubuntu is stripped down and so installing Cloudron doesn't work until you mess around installing full Ubuntu first 3) their UI/ UX is just no way near as good as Hetzner's, etc.
Just to say, I used to be with Hetzner and I am now with Netcup and regarding: 1) you do NOT have to pay 6 months in advance (it's just cheaper if you do); 2) I had no such issue with their ubuntu version. I've installed Cloudron from blank ubuntu from Netcup and I've been running several Cloudron instances with no problems. Totally agree with 3), Hetzner UI is SO much better...but then their prices are also significantly higher so I'd rather get better hardware and a lesser friendly UI.
However on my servers, and despite following all the right steps, I kept having issue with IPv6. PTR records and DNS all check OK on Cloudron, MX checks etc, but I keep getting random email bounce from Gmail. The only final solution was to disable IPv6 completely. Perhaps Hetzner is better in that respect.
-
@jdaviescoates If it works with Infomaniak, it would be another cheap VPS and ecofriendly one yeah. They have their "VPS Light" that is cheap and atm, except the ptr6 value that switches to null after updates, that seems solid.
With hetzner , can you setup yourself your PTR ? For Infomaniak we need to open a ticket to their support.
wrote 13 days ago last edited by@Gengar said in Email sending broken after updating to 8.2.x (due to IPv6 issues):
With hetzner , can you setup yourself your PTR
Yes, you can.
