Nextcloud docker cannot resolv UCS' ip address from name anymore

Apps & App Center
, , ,
#1

Out of a sudden, a Nextcloud installation on one UCS was broker, users couldn’t login and got an internal server error.
After some investigation, I found out that Nextcloud LDAP client wasn’t able to connect to UCS LDAP server anymore.
Pinging the server by name gives “unknown host” response, so I changed to config from name to IP as a workaround, but I’d like to know, how to fix this dns issue.
Pinging and resolving e.g. www.google.de works fine.

Some installation infos:
UCS 4.3-1 errata163
Nextcloud 13.0.5-0

Thanks for any help in advance,
Christian.

#2

As far as I can see, the /etc/resolv.conf inside the docker image is using the public IP of the UCS host as nameserver. I havent checked how this is done but you can check with univention-app shell nextcloud cat /etc/resolv.conf and eventually apply a fix with the same method.

hth,
Dirk

#3

Hi Dirk,

what do you mean with a fix?
The entries in the docker’s /etc/resolv.conf do look the same as on other UCSs.
I can ping the nameserver’s IP from within the docker so I don’t know what I should or can fix.

Christian.

#4

Hi,

it was just my first guess that the specified nameserver in the vm is not correct. In that case the fix would be to adjust this by editing resolv.conf.

This only proves that something responds to your ICMP echo request. It does not necessarily prove that TCP or UDP in general is working and DNS requests are answered.
One additional factor with this kind of setup we try to communicate from the internal Docker network (172.17.0.0/16) to the public IP of the UCS host. This means that also the network of the host itself is involved.

You could try to install the “dnsutils” package in the Nextcloud container and use dig or host to check what is causing the missing DNS response. I would also try the docker ip of the UCS host as the nameserver is listening there too. Are you familiar with the usage of these DNS tools?

But before checking the resolver from inside the container you should make sure that the specified DNS behaves properly when queried from other hosts.

Best Regards,
Dirk

#5

Thanks Dirk

I figured out, that my UCS isn’t resolving his own nameserver entries anymore.

root@cloud:~# nslookup [anything].domain.tld
Server:		192.xxx.xxx.17
Address:	192.xxx.xxx.17#53

** server can't find [anything].domain.tld: SERVFAIL

After rebooting the server it worked again … :frowning:

Mastodon