Can't get Cloudflare to work

swheeler78

I keep getting this error "queryNs ESERVFAIL" on the new version (9.0.12) of Cloudron when setting up a new server. Can't figure it out. Works fine with the version 8 of clousdron.

d1rk

Same here. I tried all steps from troubleshooting unbound (as described here: https://docs.cloudron.io/troubleshooting/#unbound).

I found the following line in the box.log:

box:services statusUnbound: unbound is up, but failed to resolve ipv4.api.cloudron.io . Error: queryA ETIMEOUT ipv4.api.cloudron.io at QueryReqWrap.onresolve [as oncomplete] (node:internal/dns/promises:294:17) { errno: undefined, code: 'ETIMEOUT', syscall: 'queryA', hostname: 'ipv4.api.cloudron.io' } undefined

Ping works, although:

$ ping ipv4.api.cloudron.io
PING ipv4.api.cloudron.io (165.227.67.76) 56(84) bytes of data.
64 bytes from prod.cloudron.io (165.227.67.76): icmp_seq=1 ttl=49 time=87.0 ms
64 bytes from prod.cloudron.io (165.227.67.76): icmp_seq=2 ttl=49 time=85.5 ms

james

Hello @d1rk
Can you please try to restart the unbound service and try again?
For this you can go into your Cloudron Dashboard under services and restart the unbound service.

d1rk

Hi @James - Thanks for your reply. Greatly appreciated.

I already did, as well as restarting the server. Both did not help, unfortunately.

james

Hello @d1rk
Can you please ssh into your Cloudron server and try the following command:

dig ipv4.api.cloudron.io @127.0.0.150

joseph

If it matters (for the outbound firewall configuration) : ping is ICMP traffic , DNS is UDP port 53 .

d1rk

Thanks for the two of you @James @Joseph to help me with that.

$ dig ipv4.api.cloudron.io @127.0.0.150
;; communications error to 127.0.0.150#53: timed out
;; communications error to 127.0.0.150#53: timed out
;; communications error to 127.0.0.150#53: timed out

; <<>> DiG 9.18.39-0ubuntu0.22.04.2-Ubuntu <<>> ipv4.api.cloudron.io @127.0.0.150
;; global options: +cmd
;; no servers could be reached

For the record: my firewall is outbound open:

james

Hello @d1rk
Thanks.
Could you please now run the following command and share the output?

lsof -i :53

d1rk

@James Now I could do it. The result is this:

COMMAND      PID            USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
systemd-r    669 systemd-resolve   13u  IPv4   17046      0t0  UDP localhost:domain
systemd-r    669 systemd-resolve   14u  IPv4   17047      0t0  TCP localhost:domain (LISTEN)
unbound    20480         unbound    3u  IPv4  164940      0t0  UDP localhost:domain
unbound    20480         unbound    4u  IPv4  164941      0t0  TCP localhost:domain (LISTEN)
unbound    20480         unbound    5u  IPv4  164942      0t0  UDP xum:domain
unbound    20480         unbound    6u  IPv4  164943      0t0  TCP xum:domain (LISTEN)
unbound    20480         unbound   13u  IPv4 8207316      0t0  UDP Ubuntu-2204-jammy-amd64-base:64328->j.root-servers.net:domain
node      632203      yellowtent   24u  IPv4 8210389      0t0  UDP localhost.localdomain:57067->localhost:domain

Not sure, how to read that, tbh. Does that help?

james

Hello @d1rk
Yes this helps me to narrow it down.
If the command dig ipv4.api.cloudron.io @127.0.0.150 still returns the same output as before please post the output of the following commands:

dig +trace +nodnssec ipv4.api.cloudron.io @127.0.0.150

systemctl status unbound.service

cat /etc/unbound/unbound.conf

cat /etc/unbound/unbound.conf.d/cloudron-network.conf