-
-
Notifications
You must be signed in to change notification settings - Fork 32.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS resolution operating but no HTTP(S) traffic succeeding towards HA.io inside container #57173
Comments
OK, so odds are high this will happen to other people and I found the solution: The culprit is a change in Alpine, the way it does DNS resolution is that it queries for both v4 and v6 records (A, AAAA) despite no v6 stack being present or used. When the DNS server responds with an empty AAAA record, it goes limp... regardless of whether the A records are perfectly fine. This is quite dumb, but it is an upstream alpine issue. See here: Now, on to the show: If you are using a corporate firewall, or pfsense, or something similar, this is what you need to do to overcome this problem:
Once that is done, this issue will be fixed and suddenly internal DNS resolution will work in the Alpine container. Please make a very visible documentation note in the site to let people know about this. Your container depends on successful AAAA responses from the DNS server. This is NOT standard per se, it is entirely possible and normal to NOT provide AAAA records, and it is a security loophole to leave IPv6 enabled in networks where it isn't actually used (I could go into this topic but won't, it affects Windows hosts more so than *nix, due to some quirks in the Windows network stack and the way it prioritizes v6 over v4). |
Based on your info, and commenting from a layman's point of view, I had this issue of components in general not being able to connect to hosts, using HA in a Docker container (running as net host) on a Synology DS1819+ NAS and [I believe to have] solved it by enabling IPV6 to Automatic in the network connection settings, which was disabled. |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. |
The problem
Hi,
This is a fresh docker-compose setup, no modifications done to the suggested yaml.
When started, the following comes up:
Executing a shell in the container for diagnostics gets me this:
Which confirms DNS resolution is working fine, inside and outside the container.
Trying to directly access the addresses (they are Cloudflare hosted so this won't work obviously):
From outside the container:
So, DNS is operating perfectly fine in my network, HTTP(S) access is not filtered for the outbound connections to the right hosts and there is no apparent reason for HA inside the container to fail.
I have exhausted all options to resolve the issue as an operator mistake/local configuration problem, because it obviously "isn't", so I am filing this bug hoping to get some guidance in locating the actual culprit.
What is version of Home Assistant Core has the issue?
core-(latest?)
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant Container
Integration causing the issue
No response
Link to integration documentation on our website
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: