Miniflux: Many feeds not fetching with „dial tcp: lookup # on 127.0.0.11:53: server misbehaving“

necrevistonnezr

Many (not all) feeds that I know exist are not fetched with this error:

Miniflux is not able to reach this website due to a network error: Get "https://krebsonsecurity.com/feed/": dial tcp: lookup krebsonsecurity.com on 127.0.0.11:53: server misbehaving.

Googling this error led to nothing.

The config looks fine:

Basic data:

sudo cloudron-support --troubleshoot
[sudo] password for ##: 
Vendor: AZW Product: EQ
Linux: 6.8.0-58-generic
Ubuntu: noble 24.04
Processor: Intel(R) N100
BIOS Intel(R) N100 To Be Filled By O.E.M. CPU @ 2.8GHz x 4
RAM: 16144264KB
Disk: /dev/mapper/ubuntu--vg-ubuntu--lv  355G
[OK]node version is correct
[OK]IPv6 is enabled and public IPv6 address is working
[OK]docker is running
[OK]docker version is correct
[OK]MySQL is running
[OK]nginx is running
[OK]dashboard cert is valid
[OK]dashboard is reachable via loopback
[OK]box v8.3.1 is running
[OK]netplan is good
[OK]DNS is resolving via systemd-resolved
[OK]Dashboard is reachable via domain name
[OK]Domain ## is valid and has not expired
[OK]unbound is running

joseph

127.0.0.11:53 is the docker DNS service . It's unable to resolve that domain for some reason . Can you try host krebsonsecurity.com on the web terminal of the app?

I can add the feed here atleast.

robi

Maybe restart unbound service.

necrevistonnezr

I have restarted the server for good measure.

E.g.

host https://www.heise.de/rss/heise-atom.xml

results in

Host https://www.heise.de/rss/heise-atom.xml not found: 3(NXDOMAIN)

but I can open it in my browser for example.

Also:

host -a heise.de
Trying "heise.de"
Host heise.de not found: 4(NOTIMP)
Received 26 bytes from 127.0.0.11#53 in 6 ms

nebulon

For a start host wants the domain not the URL, so that explains the first NXDOMAIN. But I don't think this is related to the issue. So if you run host heise.de on your laptop, the Cloudron host system and within the app container, do you get different results?

necrevistonnezr

I can reach heise.de on the host system,

host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:1001:302::
heise.de mail is handled by 30 mx03.hornetsecurity.com.
heise.de mail is handled by 40 mx04.hornetsecurity.com.
heise.de mail is handled by 10 mx01.hornetsecurity.com.
heise.de mail is handled by 20 mx02.hornetsecurity.com.

also on my local laptop. Just not from within the app container.

necrevistonnezr

Errr, tried again from the webterminal, now I get:

host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:1001:302::
heise.de mail is handled by 10 mx01.hornetsecurity.com.
heise.de mail is handled by 20 mx02.hornetsecurity.com.
heise.de mail is handled by 30 mx03.hornetsecurity.com.
heise.de mail is handled by 40 mx04.hornetsecurity.com.

Is it possible that it works only from time to time?

nebulon

So the container uses the host system resolver these days, so systemd-resolve which runs on port 53. Next time this happens, check if systemd-resolve is actually working on the host.

Additionally have you setup any custom iptables rules, which may interefere here and maybe rate-limit any requests coming from the docker network?