Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UDP port 53 for dnsmasq fails (any port 1024 and lower) #3775

Closed
davidalger opened this issue Jul 31, 2019 · 14 comments

Comments

@davidalger
Copy link

commented Jul 31, 2019

  • I have tried with the latest version of my channel (Stable or Edge)
  • I have uploaded Diagnostics
  • Diagnostics ID:

Expected behavior

Forwarding 127.0.0.1:53:53/udp should work in the latest stable release of Docker Desktop.

Actual behavior

Docker Desktop for Mac v2.1.0.0 was released and as is normal, users on the stable release of Docker for Mac were prompted to upgrade:

After upgrading, my (and other team members) dnsmasq container ceased to function. The issue appears to possibly be related to #3464, except for that task was originally opened as a result of TCP port 80. There are other users who reported similar issue there however with UDP port 53.

Information

Steps to reproduce the behavior

  1. Run the script on this gist: https://gist.github.com/davidalger/ff7be7e13f23ca59c96ada6004e3c25b

    curl -s https://gist.githubusercontent.com/davidalger/ff7be7e13f23ca59c96ada6004e3c25b/raw/529c296a20452b182cece5f7f5529530e95395da/dnsforwardtest.sh | bash
    
  2. Note the connection timed out in the output for DNS lookups on UDP 53 and 1024, but not 1025 or 5000 and each of the lookups of TCP (regardless of port) succeed:

       davidalger:~$ curl -s https://gist.githubusercontent.com/davidalger/ff7be7e13f23ca59c96ada6004e3c25b/raw/529c296a20452b182cece5f7f5529530e95395da/dnsforwardtest.sh | bash
       ==> cd /var/folders/c8/l3c87j253jx43f5_whq5zsqc0000gn/T/dnstest.j1s2ZdZN
       ==> docker-compose up -d
       Creating network "dnstestj1s2zdzn_default" with the default driver
       Creating dnstestj1s2zdzn_dnsmasq_1 ... done
       ==> dig +noall +answer apple.com @127.0.0.1 -p 53
       ;; connection timed out; no servers could be reached
       ==> dig +noall +answer apple.com @127.0.0.1 -p 1024
       ;; connection timed out; no servers could be reached
       ==> dig +noall +answer apple.com @127.0.0.1 -p 1025
       apple.com.		74	IN	A	17.142.160.59
       apple.com.		74	IN	A	17.172.224.47
       apple.com.		74	IN	A	17.178.96.59
       ==> dig +noall +answer apple.com @127.0.0.1 -p 5000
       apple.com.		74	IN	A	17.178.96.59
       apple.com.		74	IN	A	17.172.224.47
       apple.com.		74	IN	A	17.142.160.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 53
       apple.com.		74	IN	A	17.142.160.59
       apple.com.		74	IN	A	17.178.96.59
       apple.com.		74	IN	A	17.172.224.47
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 1024
       apple.com.		74	IN	A	17.172.224.47
       apple.com.		74	IN	A	17.142.160.59
       apple.com.		74	IN	A	17.178.96.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 1025
       apple.com.		74	IN	A	17.178.96.59
       apple.com.		74	IN	A	17.172.224.47
       apple.com.		74	IN	A	17.142.160.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 5000
       apple.com.		74	IN	A	17.142.160.59
       apple.com.		74	IN	A	17.178.96.59
       apple.com.		74	IN	A	17.172.224.47
       ==> docker-compose down -v
       Stopping dnstestj1s2zdzn_dnsmasq_1 ... done
       Removing dnstestj1s2zdzn_dnsmasq_1 ... done
       Removing network dnstestj1s2zdzn_default
    
  3. Running the same on the previous stable release of Docker for Mac (version 2.0.0.3) works as expected:

       davidalger:~$ curl -s https://gist.githubusercontent.com/davidalger/ff7be7e13f23ca59c96ada6004e3c25b/raw/529c296a20452b182cece5f7f5529530e95395da/dnsforwardtest.sh | bash
       ==> cd /var/folders/c8/l3c87j253jx43f5_whq5zsqc0000gn/T/dnstest.t8M3cNFL
       ==> docker-compose up -d
       Creating network "dnstestt8m3cnfl_default" with the default driver
       Pulling dnsmasq (jpillora/dnsmasq:)...
       latest: Pulling from jpillora/dnsmasq
       ba7f5deea89d: Pull complete
       bbeb009eb883: Pull complete
       609a25457ce0: Pull complete
       b0ad4c0d5e37: Pull complete
       d0477d12de9d: Pull complete
       Creating dnstestt8m3cnfl_dnsmasq_1 ... done
       ==> dig +noall +answer apple.com @127.0.0.1 -p 53
       apple.com.		3450	IN	A	17.172.224.47
       apple.com.		3450	IN	A	17.178.96.59
       apple.com.		3450	IN	A	17.142.160.59
       ==> dig +noall +answer apple.com @127.0.0.1 -p 1024
       apple.com.		3450	IN	A	17.142.160.59
       apple.com.		3450	IN	A	17.178.96.59
       apple.com.		3450	IN	A	17.172.224.47
       ==> dig +noall +answer apple.com @127.0.0.1 -p 1025
       apple.com.		3449	IN	A	17.172.224.47
       apple.com.		3449	IN	A	17.142.160.59
       apple.com.		3449	IN	A	17.178.96.59
       ==> dig +noall +answer apple.com @127.0.0.1 -p 5000
       apple.com.		3449	IN	A	17.178.96.59
       apple.com.		3449	IN	A	17.172.224.47
       apple.com.		3449	IN	A	17.142.160.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 53
       apple.com.		3449	IN	A	17.142.160.59
       apple.com.		3449	IN	A	17.178.96.59
       apple.com.		3449	IN	A	17.172.224.47
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 1024
       apple.com.		3449	IN	A	17.172.224.47
       apple.com.		3449	IN	A	17.142.160.59
       apple.com.		3449	IN	A	17.178.96.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 1025
       apple.com.		3449	IN	A	17.178.96.59
       apple.com.		3449	IN	A	17.172.224.47
       apple.com.		3449	IN	A	17.142.160.59
       ==> dig +tcp +noall +answer apple.com @127.0.0.1 -p 5000
       apple.com.		3449	IN	A	17.142.160.59
       apple.com.		3449	IN	A	17.178.96.59
       apple.com.		3449	IN	A	17.172.224.47
       ==> docker-compose down -v
       Stopping dnstestt8m3cnfl_dnsmasq_1 ... done
       Removing dnstestt8m3cnfl_dnsmasq_1 ... done
       Removing network dnstestt8m3cnfl_default
    

This issue makes the latest "stable" release of Docker Desktop completely unusable for myself and my colleagues, who rely on the dnsmasq container with a port forward for UDP 53 for *.test domains. Would be happy to provide more information if needed, but this appears to be a cut-n-dry case of a somewhat major regression in the stable release line.

@ericparton

This comment has been minimized.

Copy link

commented Jul 31, 2019

I'm having the same issue using a similar setup with the codekitchen/dinghy-http-proxy container which also binds to port 53 to resolve local test domains for developers. The following command works on the previous version of docker for mac, but not the latest one:

nslookup app.test 127.0.0.1

@JonathanGuo

This comment has been minimized.

Copy link

commented Jul 31, 2019

Same issue happens to us as well with andyshinn/dnsmasq. Previous docker version works fine until upgraded to the latest one.

Docker desktop community (for mac): 2.1.0.0 (36874)
ENgine: 19.03.1
Compose: 1.24.1

@hagleyj

This comment has been minimized.

Copy link

commented Aug 1, 2019

I too am having this issue with a bind container and port 53 UDP. It does with with port 53 TCP though

@christhomas

This comment has been minimized.

Copy link

commented Aug 2, 2019

I also have this problem and now I have to downgrade docker in order for it to work again. It would be nice if we were given a more technical explanation of what is happening here rather than a patch is made or something like this. I would like to know why this is happening and what the resolution was. On a technical level.

Oops: I should have also added that yes, I confirm that hagleyj is right, 2.0.0.3 is functioning, but 2.1.0.0 is broken

@hagleyj

This comment has been minimized.

Copy link

commented Aug 2, 2019

I can confirm that downgrading to 2.0.0.3 stable allows UDP below 1024 to work again

@stephen-turner

This comment has been minimized.

Copy link

commented Aug 4, 2019

Any idea, @djs55?

@back-2-95

This comment has been minimized.

Copy link

commented Aug 5, 2019

@davidalger davidalger changed the title UDP port 53 for dnsmasq fails (any port lower than 1024) UDP port 53 for dnsmasq fails (any port 1024 and lower) Aug 5, 2019

davidalger added a commit to davidalger/warden that referenced this issue Aug 5, 2019

@djs55

This comment has been minimized.

Copy link
Contributor

commented Aug 5, 2019

@davidalger thanks very much for the clear reproduction script. It does reproduce for me -- I'll try to figure out why. It's suspicious that it works for "unprivileged" ports but not for "privileged" ones. The code path for "privileged" ports is different so perhaps the problem is there.

@christhomas

This comment has been minimized.

Copy link

commented Aug 5, 2019

Just to give you some extra input. This has been an on-and-off problem with versions of docker for more than a year now. One version will be ok, the next will not be, a couple of versions after and it's back to normal again. Then it'll break suddenly. I was upgrading every edge version and having similar issues.

@stephdavid

This comment has been minimized.

Copy link

commented Aug 7, 2019

Hello, I have been suffering with this problem. I'm a little confused. Has it been fixed? If so, how do I go about sorting it on my system. This is stopping me from working on my local WordPress sites.

@guillaumerose

This comment has been minimized.

Copy link
Member

commented Aug 7, 2019

We are preparing the release. It will be out tomorrow morning (UTC). You can give a try to https://download.docker.com/mac/stable/37199/Docker.dmg - it's the promoted build, not published yet.

davidalger added a commit to davidalger/warden that referenced this issue Aug 7, 2019

Revert "Implement workaround for docker/for-mac#3775; publish DNS on …
…port 6053 for macOS hosts"

This reverts commit 623d83c.
@davidalger

This comment has been minimized.

Copy link
Author

commented Aug 7, 2019

Nice turnaround time @guillaumerose and @djs55. You guys rock!

Just installed the promoted build and I can confirm that build 37199 (v2.1.0.1) as linked above resolves the issue both in the provided test case as well as with our tooling on Warden where I initially discovered the issue.

Looking forward to seeing the release drop tomorrow! 🎉

@guillaumerose

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

Release is out! Edge will be updated today or Monday.

@christhomas

This comment has been minimized.

Copy link

commented Aug 8, 2019

Yes, this is working, thanks for the quick fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.