Ssh sftp no longer working - DNS completely broken in latest docker

bd2f77417f961e523bec · 15 May 2024 13:51

It’s been fine for the last 5 months but last backup didn’t work and I’m getting the same error trying again now:

Running backup command from /cache/localhost/5 to back up /backuproot/backup
Options: [-log backup -storage hetzner-ssh -threads 10 -stats]
2024-05-15 01:21:01.446 INFO REPOSITORY_SET Repository set to /backuproot/backup
2024-05-15 01:21:01.446 INFO STORAGE_SET Storage set to sftp://u123456@u123456.your-storagebox.de/duplicacy
2024-05-15 01:21:21.458 ERROR STORAGE_CREATE Failed to load the SFTP storage at sftp://u123456@u123456.your-storagebox.de/duplicacy: dial tcp: lookup u123456.your-storagebox.de on 100.100.100.100:53: read udp 172.17.0.4:42050->100.100.100.100:53: i/o timeout
Failed to load the SFTP storage at sftp://u123456@u123456.your-storagebox.de/duplicacy: dial tcp: lookup u123456.your-storagebox.de on 100.100.100.100:53: read udp 172.17.0.4:42050->100.100.100.100:53: i/o timeout

saspus · 15 May 2024 14:36

Looks like your Tailscale Magic DNS failed.

bd2f77417f961e523bec · 15 May 2024 16:57

sftp works fine through WinSCP. I’m only having the issue with duplicacy.

bd2f77417f961e523bec · 15 May 2024 17:01

This error has only been occurring since I updated the container yesterday. How do I roll back?

bd2f77417f961e523bec · 15 May 2024 17:08

It looks like it can’t resolve any hostname at all and this is just a DNS issue. From within the console:

 # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=55 time=28.196 ms

yet

# ping duplicacy.com
ping: bad address 'duplicacy.com'

Looking at

 /etc/resolv.conf

I get

# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN

nameserver 100.100.100.100
search tail1234f.ts.net

I can ping 100.100.100.100 fine on host machine.

However I can’t ping 100.100.100.100 from within the docker.

Looks like maybe docker doesn’t work with tailscale any more?

bd2f77417f961e523bec · 15 May 2024 19:50

Okay I’m sorry this was actually a tailscale bug.

I fixed it by running tailscale set --stateful-filtering=false on the host.

saspus · 15 May 2024 22:55

Nice!

The 100.100.100.100 is definitely a Tailscale DNS. I did not know Tailscale have their own firewall. Unclear why would they device to block DNS traffic though.

As a small aside:

I have played with Tailscale a bit in the past. In the upside I like the UI and scheninigans

The downside is that it’s L3, and not much different from regular site-to-site VPN.

ZeroTier, while having much uglier UI, works on L2. This avoids all the TCP/IP shenanigans and makes mDNS possible. You can reach all devices in the virtual network by their .local names and not need mess with hostnames and/or addresses and/or DNS.

bd2f77417f961e523bec · 15 May 2024 17:06

Failed to create the sftp client: dial tcp: lookup u123456.your-storagebox.de on 100.100.100.100:53: read udp 172.17.0.4:36964->100.100.100.100:53: i/o timeout

I get this error when trying to add a SFTP storage.

Was working yesterday before I updated the docker image.

system · 25 May 2024 17:07

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.