"Special" treatment of port 53 does not work in all cases
-
I tried installing AdGuard Home to give it a try. However, I noticed that I wasn't getting any responses to DNS queries I was throwing at the Cloudron machine. I connected in through ssh, and checked netstat -anlp, and saw that port 53 was only bound on one of the two interfaces that machine has.
I went digging, and found that src/docker.js treats port 53 in a special manner (see getLowerUpIp). This doesn't work for my specific case, where I have two interfaces, and one of those interfaces is for a special internal-only purpose and doesn't really have any external network access.
I'm not sure how this could best be resolved. I guess the easy solution might be to bind to all external interfaces, rather than just the first?
-
I tried installing AdGuard Home to give it a try. However, I noticed that I wasn't getting any responses to DNS queries I was throwing at the Cloudron machine. I connected in through ssh, and checked netstat -anlp, and saw that port 53 was only bound on one of the two interfaces that machine has.
I went digging, and found that src/docker.js treats port 53 in a special manner (see getLowerUpIp). This doesn't work for my specific case, where I have two interfaces, and one of those interfaces is for a special internal-only purpose and doesn't really have any external network access.
I'm not sure how this could best be resolved. I guess the easy solution might be to bind to all external interfaces, rather than just the first?
@robin would it work for you if I made it bind to all the IPv4 interfaces (other than loopback)?
We have to figure a way to filter out all the internal docker interfaces and bridges.
You can quickly check this like below on your server:
$ node Welcome to Node.js v14.15.4. Type ".help" for more information. > os.networkInterfaces() -
I tried installing AdGuard Home to give it a try. However, I noticed that I wasn't getting any responses to DNS queries I was throwing at the Cloudron machine. I connected in through ssh, and checked netstat -anlp, and saw that port 53 was only bound on one of the two interfaces that machine has.
I went digging, and found that src/docker.js treats port 53 in a special manner (see getLowerUpIp). This doesn't work for my specific case, where I have two interfaces, and one of those interfaces is for a special internal-only purpose and doesn't really have any external network access.
I'm not sure how this could best be resolved. I guess the easy solution might be to bind to all external interfaces, rather than just the first?
@robin Ideally, I would want to bind to 0.0.0.0 but we can't because there is an internal DNS server on port 53. The code then needs a way to bind explicitly to the "external" interfaces of the server.
Looks like we can:
ls -l /sys/class/net/ | grep -v virtualand this lists potential interfacesip link show- this shows even the virtual interfaces. not sure how i can filter them out . there isip link show typebut cannot find a suitable type option to use
-
@robin would it work for you if I made it bind to all the IPv4 interfaces (other than loopback)?
We have to figure a way to filter out all the internal docker interfaces and bridges.
You can quickly check this like below on your server:
$ node Welcome to Node.js v14.15.4. Type ".help" for more information. > os.networkInterfaces()@girish Yeah, binding to all interfaces would work for me. And I think it's reasonable enough to assume that Cloudron can "own" any interfaces it is given access to, just like a 0.0.0.0 bind would normally, so that seems fine...
Some searching finds me this, which looks potentially useful:
The one liner given there (with jq) does indeed report only the two physical interfaces I have:
# ip -details -json link show | jq -r ' > .[] | > if .linkinfo.info_kind // .link_type == "loopback" then > empty > else > .ifname > end > ' enp1s0 enp2s0 -
@girish Yeah, binding to all interfaces would work for me. And I think it's reasonable enough to assume that Cloudron can "own" any interfaces it is given access to, just like a 0.0.0.0 bind would normally, so that seems fine...
Some searching finds me this, which looks potentially useful:
The one liner given there (with jq) does indeed report only the two physical interfaces I have:
# ip -details -json link show | jq -r ' > .[] | > if .linkinfo.info_kind // .link_type == "loopback" then > empty > else > .ifname > end > ' enp1s0 enp2s0 -
@robin thanks, I have fixed it here -https://git.cloudron.io/cloudron/box/-/commit/1e665b63234ba7cfdfd6d16679a2261418c7449c . It will be in the next release.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login