From: David Gibson <david@gibson.dropbear.id.au>
To: Juan Orti <jorti@pm.me>
Cc: "passt-user@passt.top" <passt-user@passt.top>
Subject: Re: IPv6 UDP not working
Date: Sun, 28 May 2023 15:23:24 +1000 [thread overview]
Message-ID: <ZHLlTIsb9lVSSP7A@yekko> (raw)
In-Reply-To: <o0t07HOIe1WVorR4ppjQtAzY-E0bv5xAt-6UHTffXL_jo2sor1DmCVar_CuqwchJNLRUt8Q3mK3eZfQdJh0ryvXvuf-ewSHRBT5MhOoglDw=@pm.me>
[-- Attachment #1: Type: text/plain, Size: 2001 bytes --]
On Sat, May 27, 2023 at 02:22:47PM +0000, Juan Orti wrote:
> Hi,
>
> I'm testing a DNS server in a rootless container using pasta, and I have seen that the IPv6 UDP packets are not reaching the service:
>
> $ dig www.google.com @fddc:f797:78ef:70::5 +short
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
>
> ; <<>> DiG 9.18.15 <<>> www.google.com @fddc:f797:78ef:70::5 +short
> ;; global options: +cmd
> ;; no servers could be reached
>
> TCP over IPv6 and UDP, TCP over IPv4 works fine:
>
> $ dig www.google.com @fddc:f797:78ef:70::5 +short +tcp
> 216.239.38.120
> $ dig www.google.com @192.168.7.5 +short
> 216.239.38.120
> $ dig www.google.com @192.168.7.5 +short +tcp216.239.38.120
>
> The pasta process is running with these arguments:
>
> /usr/bin/pasta --config-net -u 53-53:53-53 -t 53-53:53-53 -t 3003-3003:3003-3003 -T none -U none --no-map-gw --netns /run/user/1002/netns/netns-378b62b8-bf27-3b51-1fb1-e2ebb7119647
>
> I'm using passt-0^20230509.g96f8d55-1.fc38.x86_64 from Fedora CoreOS 38. Is this a known bug? or am I doing something wrong?
So, we have some special cases related to port 53 - aimed at allowing
the container to contact a nameserver outside. I don't think we
thought much about the case of a DNS server inside the container. So
my first guess would be that those special cases have an error that's
interfering with your use case. If it's possible to try running your
server on a port other than 53 temporarily that would be interesting
to try.
We also attempt to auto-configure those cases from the host's
resolv.conf, so if you could share that it might shed some extra
light.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next parent reply other threads:[~2023-05-28 8:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <o0t07HOIe1WVorR4ppjQtAzY-E0bv5xAt-6UHTffXL_jo2sor1DmCVar_CuqwchJNLRUt8Q3mK3eZfQdJh0ryvXvuf-ewSHRBT5MhOoglDw=@pm.me>
2023-05-28 5:23 ` David Gibson [this message]
2023-05-28 10:12 ` IPv6 UDP not working Juan Orti
2023-05-28 10:50 ` Juan Orti
2023-05-28 14:38 ` Stefano Brivio
2023-05-28 16:27 ` Juan Orti
2023-05-28 22:08 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZHLlTIsb9lVSSP7A@yekko \
--to=david@gibson.dropbear.id.au \
--cc=jorti@pm.me \
--cc=passt-user@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).