From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 02A145A026D
	for <passt-user@passt.top>; Sun, 28 May 2023 10:02:33 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4QTWNP3CY8z4x3k; Sun, 28 May 2023 18:02:29 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1685260949;
	bh=xJFaPFODoTZTm6+AACsO+C/cBOhOHyO2XAVeh5vKPlU=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=DD1hnVIRSnLgnt+sn6be3sBx91+M9nSHPgbebnJZ5D3hBLIe0sk0m3dE/ENCMWAVd
	 WryJSvJPjULf4nG2AwE/tyoQw5ZBTIT9T09i7Qzs/jV8aaWplkvDafX4Ubdz4+5t9k
	 Vu5b7UbdSJ8ZBVztVLXGdDZne9wfShCacYdnI68c=
Date: Sun, 28 May 2023 15:23:24 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Juan Orti <jorti@pm.me>
Subject: Re: IPv6 UDP not working
Message-ID: <ZHLlTIsb9lVSSP7A@yekko>
References: <o0t07HOIe1WVorR4ppjQtAzY-E0bv5xAt-6UHTffXL_jo2sor1DmCVar_CuqwchJNLRUt8Q3mK3eZfQdJh0ryvXvuf-ewSHRBT5MhOoglDw=@pm.me>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="/7ABqIbm4x4GPjhD"
Content-Disposition: inline
In-Reply-To: <o0t07HOIe1WVorR4ppjQtAzY-E0bv5xAt-6UHTffXL_jo2sor1DmCVar_CuqwchJNLRUt8Q3mK3eZfQdJh0ryvXvuf-ewSHRBT5MhOoglDw=@pm.me>
Message-ID-Hash: TOH2O4GT2CKLFGSFOZONQKFZ6XGOICHI
X-Message-ID-Hash: TOH2O4GT2CKLFGSFOZONQKFZ6XGOICHI
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "passt-user@passt.top" <passt-user@passt.top>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/ZHLlTIsb9lVSSP7A@yekko/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/TOH2O4GT2CKLFGSFOZONQKFZ6XGOICHI/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>


--/7ABqIbm4x4GPjhD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 27, 2023 at 02:22:47PM +0000, Juan Orti wrote:
> Hi,
>=20
> I'm testing a DNS server in a rootless container using pasta, and I have =
seen that the IPv6 UDP packets are not reaching the service:
>=20
> $ dig www.google.com @fddc:f797:78ef:70::5 +short
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
> ;; communications error to fddc:f797:78ef:70::5#53: timed out
>=20
> ; <<>> DiG 9.18.15 <<>> www.google.com @fddc:f797:78ef:70::5 +short
> ;; global options: +cmd
> ;; no servers could be reached
>=20
> TCP over IPv6 and UDP, TCP over IPv4 works fine:
>=20
> $ dig www.google.com @fddc:f797:78ef:70::5 +short +tcp
> 216.239.38.120
> $ dig www.google.com @192.168.7.5 +short
> 216.239.38.120
> $ dig www.google.com @192.168.7.5 +short +tcp216.239.38.120
>=20
> The pasta process is running with these arguments:
>=20
> /usr/bin/pasta --config-net -u 53-53:53-53 -t 53-53:53-53 -t 3003-3003:30=
03-3003 -T none -U none --no-map-gw --netns /run/user/1002/netns/netns-378b=
62b8-bf27-3b51-1fb1-e2ebb7119647
>=20
> I'm using passt-0^20230509.g96f8d55-1.fc38.x86_64 from Fedora CoreOS 38. =
Is this a known bug? or am I doing something wrong?

So, we have some special cases related to port 53 - aimed at allowing
the container to contact a nameserver outside.  I don't think we
thought much about the case of a DNS server inside the container.  So
my first guess would be that those special cases have an error that's
interfering with your use case.  If it's possible to try running your
server on a port other than 53 temporarily that would be interesting
to try.

We also attempt to auto-configure those cases from the host's
resolv.conf, so if you could share that it might shed some extra
light.

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--/7ABqIbm4x4GPjhD
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmRy5S8ACgkQzQJF27ox
2GfOjQ/7BtdS1YQH6OCegIhhf6GX/Zw/o0JO0BevXrdDOTwAC0dQub8fz/KmYgNk
yumxoMCtMfLuUPsy+Vlh+dqlOhkOeu8hqXXarSG1y1/fQYSMj3CJreMhY5FJOSmB
QKi2UfxiABg957TTGkh/SKOIPf057vyyup1MQLpgH4OrgGUWKGCKJVMgi6Ex+C0r
XiF+czxMEPNMK/SAGKe0PaS6Keu8J8ndLdRgM532IFCO4AJKqZLKcviZ0tL5A5Vr
/Bno8quA4qfZuQBDXHu+Cjj+WWMK1uQxL8fDULiZlhqn9rgho/OUvarPZVw948S2
YC2HLQ0Y8m6GvXBenkfGgTi44Qr/Nht95nJZu6/aj9A4G4ZVYXRS7CqWxYQgu8tn
BZVBgKblNatd6FYEZqsp/1aJeKY7GeTn3gGSnsL6jEFqnZVsQ7UMstmdV0a3GWIz
V3Hb3XG9Jncr01GC9ghSDhdyCujQfwR/sD/895JNLxjWfbQ5f6gkVH+YMJH3Tmyx
INutqvc66fZeLEzmCTHuqpNlSZXUT5tsP/2hWMpc7VXzZX7dc75Ei3jobNuXKU3y
vEqcvVcuVCOO0g0IjaPxkII62a4jWcd88undDPwylIbMSN8507eQzneFV37MtWkB
X4AKhsouop1uW0fkpsn6hbc3J64Tka6OArOc/K1xBonRq7jZuC0=
=yMj1
-----END PGP SIGNATURE-----

--/7ABqIbm4x4GPjhD--