Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS/IPV6 Problem #153

Closed
sfaujour opened this issue Mar 22, 2016 · 10 comments
Closed

DNS/IPV6 Problem #153

sfaujour opened this issue Mar 22, 2016 · 10 comments
Labels
question

Comments

@sfaujour
Copy link

Hi Guys,
i'm working since about 2 Weeks, to get the Docker-Alpine Image working, together with other containers over a docker-compose.yml (Version: 2).

Setup

  • Web-Container (alpine linux, webserver, php, application)
  • Database Container (ubuntu, mariadb)
  • Redis Container (ubunut, redis)

The Problem
When i use "curl [container-name]:[port]", i took about 9s to resolve the hostname an get an answer.
Otherwise with "curl -4 [container-name]:[port]" (ipv4 explicit), it is resolved instantly.
So this is an IPV6 resolution problem, which i cant solve, or better i tried to solve.

I read a lot, what it can be, about solutions installing "dnsmasq", different DNS hacks, disabling ipv6, installing glibc and so on, but really nothing worked for me.

Yesterday i saw, that the IPV6 address of the alpine image has a scope id too, the other "ubuntu" containers im working with not, can that be one issue?

There are no "links" or linking containers described in docker-composer file, while all containers in version 2, under service node will be in one network. (Worked with Web-Container and ubuntu image!).
@andyshinn
Copy link
Contributor

Are you able to provide some way I can reproduce the issue?

@sfaujour
Copy link
Author

Hi @andyshinn, i try to explain, but at first i got a wrong time its not 9 secs its about 5 secs, but now heres the plan:

At first you need the docker-compose.yml (cant upload here):
https://gist.github.com/sebknoth/40b9f94b1ff09a8dd9b7

Here the steps to reproduce my problem:
docker-compose up -d

docker exec -it ubuntu-nginx bash
[inside ubuntu] apt-get update && apt-get install curl
[inside ubuntu] curl alpine-linux (should be instantly)
[inside ubuntu] curl -4 alpine-linux (should be instantly)

ctrl-d/exit/logoff

docker exec -it alpine-linux /bin/sh
[inside alpine] apk add --update curl
[inside alpine] curl ubuntu-nginx (about 5s <-- my real problem)
[inside alpine] curl -4 ubuntu-nginx (should be instantly)

The main problem is, that php-curl / php7-curl are using the standard curl call, and i have to wait for about 10 secs to get an answer from my status page (mysql/redis), but thats not interesting here.

@andyshinn
Copy link
Contributor

I can reproduce this now. I'll see if there is a workaround.

@pierre-borckmans
Copy link

We had the same issue, and for what it's worth, we noticed several things:

  • docker 1.9.1 is not having this issue
  • docker 1.11 release candidate is not showing this issue
  • other images than alpine also have the issue on docker 1.10 (we tried centos and ubuntu), just less systematically (we did loops of pings, and we would still get 5s timeouts, roughly 30% of the time).

@LukasBacigal
Copy link

Relevant? moby/moby#19474 and also moby/moby#21396 which should repair similiar problems in 1.11
TL;DR since 1.10 docker creates embedded DNS server, through this DNS server are proxied all requests

@sanimej
Copy link

sanimej commented Apr 1, 2016

@LukasBacigal @sebknoth I saw this linked to in one of the docker issues..

To clarify, docker embedded DNS server in 1.10 didn't handle IPv6 service discovery. So any AAAA query was getting forwarded to external DNS servers you have configured for the containers. And if that server happens to be unreachable there will be a 5 seconds wait for the query to timeout.

Some of the tools (ex: curl, nc) and apps try to resolve the name to IPv6 first and then in IPv4 (ideally they should do both in parallel and pick up whichever comes first to comply with the happy eyeballs RFC). That might be reason for the delay you noticed with Docker 1.10

For 1.11 we are adding IPv6 service discovery in Docker and also AAAA query for names in the docker domain will not be forwarded to external servers. That probably is the reason why you are not seeing the issue with 1.11 RC. Though obvious I want to state that RC images are not final yet and there could be more changes/fixes before the 1.11 official release.

@sfaujour
Copy link
Author

sfaujour commented Apr 1, 2016

@sanimej Exactly the same i thought, i read about the "--ipv6" flag in 1.11 / subset-setting in 1.10. It'll be help us a lot!!
Already saw the issue moby/moby#21396 which should be, that what you talking about.
Many thanks and i'll look for 14th of april when 1.11 will be relaesed :)

@chuangbo chuangbo mentioned this issue Apr 6, 2016
Closed
@sfaujour
Copy link
Author

Yay guys, now it works!!! Thanks to all :) Docker 1.11 did it!

@keitap keitap mentioned this issue Jul 8, 2016
Closed
@huzhengchuan huzhengchuan mentioned this issue Nov 14, 2016
Closed
@adamquaile adamquaile mentioned this issue Sep 6, 2018
Open
@ImTheDeveloper
Copy link

I think I might be getting the same issue https://superuser.com/questions/1411111/docker-dns-resolution-slow-for-http-calls-in-node-application

Working fine to curl ipv4 pointed me here.

@benz0li
Copy link

benz0li commented Nov 26, 2021

@sanimej Is IPv6 service discovery supposed to work with docker swarm?

See also https://github.com/b-data/docker-swarm-ipv6-nftables/blob/main/NOTES.md#container-to-container

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@andyshinn @sfaujour @ImTheDeveloper @pierre-borckmans @sanimej @LukasBacigal @benz0li