Docker-alpine: DNS/IPV6 Problem
Hi Guys,
i'm working since about 2 Weeks, to get the Docker-Alpine Image working, together with other containers over a docker-compose.yml (Version: 2).
Setup
- Web-Container (alpine linux, webserver, php, application)
- Database Container (ubuntu, mariadb)
- Redis Container (ubunut, redis)
The Problem
When i use "curl [container-name]:[port]", i took about 9s to resolve the hostname an get an answer.
Otherwise with "curl -4 [container-name]:[port]" (ipv4 explicit), it is resolved instantly.
So this is an IPV6 resolution problem, which i cant solve, or better i tried to solve.
I read a lot, what it can be, about solutions installing "dnsmasq", different DNS hacks, disabling ipv6, installing glibc and so on, but really nothing worked for me.
Yesterday i saw, that the IPV6 address of the alpine image has a scope id too, the other "ubuntu" containers im working with not, can that be one issue?
There are no "links" or linking containers described in docker-composer file, while all containers in version 2, under service node will be in one network. (Worked with Web-Container and ubuntu image!).
sfaujour
All 9 comments
Are you able to provide some way I can reproduce the issue?
andyshinn
on 23 Mar 2016
Hi @andyshinn, i try to explain, but at first i got a wrong time its not 9 secs its about 5 secs, but now heres the plan:
At first you need the docker-compose.yml (cant upload here):
https://gist.github.com/sebknoth/40b9f94b1ff09a8dd9b7
Here the steps to reproduce my problem:
docker-compose up -d
docker exec -it ubuntu-nginx bash
[inside ubuntu] apt-get update && apt-get install curl
[inside ubuntu] curl alpine-linux (should be instantly)
[inside ubuntu] curl -4 alpine-linux (should be instantly)
ctrl-d/exit/logoff
docker exec -it alpine-linux /bin/sh
[inside alpine] apk add --update curl
[inside alpine] curl ubuntu-nginx (about 5s <-- my real problem)
[inside alpine] curl -4 ubuntu-nginx (should be instantly)
The main problem is, that php-curl / php7-curl are using the standard curl call, and i have to wait for about 10 secs to get an answer from my status page (mysql/redis), but thats not interesting here.
sfaujour
on 23 Mar 2016
I can reproduce this now. I'll see if there is a workaround.
andyshinn
on 23 Mar 2016
We had the same issue, and for what it's worth, we noticed several things:
- docker 1.9.1 is not having this issue
- docker 1.11 release candidate is not showing this issue
- other images than alpine also have the issue on docker 1.10 (we tried centos and ubuntu), just less systematically (we did loops of pings, and we would still get 5s timeouts, roughly 30% of the time).
pierre-borckmans
on 24 Mar 2016
Relevant? docker/docker#19474 and also docker/docker#21396 which should repair similiar problems in 1.11
TL;DR since 1.10 docker creates embedded DNS server, through this DNS server are proxied all requests
LukasBacigal
on 29 Mar 2016
@LukasBacigal @sebknoth I saw this linked to in one of the docker issues..
To clarify, docker embedded DNS server in 1.10 didn't handle IPv6 service discovery. So any AAAA query was getting forwarded to external DNS servers you have configured for the containers. And if that server happens to be unreachable there will be a 5 seconds wait for the query to timeout.
Some of the tools (ex: curl, nc) and apps try to resolve the name to IPv6 first and then in IPv4 (ideally they should do both in parallel and pick up whichever comes first to comply with the happy eyeballs RFC). That might be reason for the delay you noticed with Docker 1.10
For 1.11 we are adding IPv6 service discovery in Docker and also AAAA query for names in the docker domain will not be forwarded to external servers. That probably is the reason why you are not seeing the issue with 1.11 RC. Though obvious I want to state that RC images are not final yet and there could be more changes/fixes before the 1.11 official release.
sanimej
on 2 Apr 2016
@sanimej Exactly the same i thought, i read about the "--ipv6" flag in 1.11 / subset-setting in 1.10. It'll be help us a lot!!
Already saw the issue https://github.com/docker/docker/pull/21396 which should be, that what you talking about.
Many thanks and i'll look for 14th of april when 1.11 will be relaesed :)
sfaujour
on 2 Apr 2016
Yay guys, now it works!!! Thanks to all :) Docker 1.11 did it!
sfaujour
on 14 Apr 2016
I think I might be getting the same issue https://superuser.com/questions/1411111/docker-dns-resolution-slow-for-http-calls-in-node-application
Working fine to curl ipv4 pointed me here.
ImTheDeveloper
on 4 Mar 2019
Related issues
javixeneize
路
4Comments
IdanAdar
路
4Comments
filiptodoric
路
3Comments
nrvnrvn
路
4Comments
oarmstrong
路
4Comments
Most helpful comment
@LukasBacigal @sebknoth I saw this linked to in one of the docker issues..
To clarify, docker embedded DNS server in 1.10 didn't handle IPv6 service discovery. So any AAAA query was getting forwarded to external DNS servers you have configured for the containers. And if that server happens to be unreachable there will be a 5 seconds wait for the query to timeout.
Some of the tools (ex: curl, nc) and apps try to resolve the name to IPv6 first and then in IPv4 (ideally they should do both in parallel and pick up whichever comes first to comply with the happy eyeballs RFC). That might be reason for the delay you noticed with Docker 1.10
For 1.11 we are adding IPv6 service discovery in Docker and also AAAA query for names in the docker domain will not be forwarded to external servers. That probably is the reason why you are not seeing the issue with 1.11 RC. Though obvious I want to state that RC images are not final yet and there could be more changes/fixes before the 1.11 official release.