I cant install mailcow and it shows and dns error

LukasHuth

The unhealthy docker is mailcowdockerized-unbound-mailcow-1

I already tried to update it

and the docker log for it shows:
curl: (7) Failed to connect to “www.internic.net” port 443 after 3216 ms: Couldn’t connect to server

this is my os:
PRETTY_NAME=“Ubuntu 22.04.3 LTS”
NAME=“Ubuntu”
VERSION_ID=“22.04”
VERSION=“22.04.3 LTS (Jammy Jellyfish)”
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL=“https://www.ubuntu.com/”
SUPPORT_URL=“https://help.ubuntu.com/”
BUG_REPORT_URL=“https://bugs.launchpad.net/ubuntu/”
PRIVACY_POLICY_URL=“https://www.ubuntu.com/legal/terms-and-policies/privacy-policy”
UBUNTU_CODENAME=jammy

DocFraggle

Did you open your firewall for outbound connections?

LukasHuth

DocFraggle yeah, I did

DocFraggle

Well, you can debug further and test the connection directly from your host:

> curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 2620:0:2830:200::b:9...
* TCP_NODELAY set
* Connected to www.internic.net (2620:0:2830:200::b:9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3323 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; CN=internic.net
*  start date: Dec 13 00:00:00 2022 GMT
*  expire date: Dec  6 23:59:59 2023 GMT
*  subjectAltName: host "www.internic.net" matched cert's "www.internic.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x562e04c4e6b0)
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /domain/named.cache HTTP/2
> Host: www.internic.net
> User-Agent: curl/7.61.1
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 10)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/2 200 
< date: Thu, 09 Nov 2023 10:59:45 GMT
< server: Apache
< vary: Accept-Encoding
< last-modified: Thu, 09 Nov 2023 06:55:00 GMT
< etag: "cf1-609b2aeb21900"
< accept-ranges: bytes
< content-length: 3313
< cache-control: max-age=420
< expires: Thu, 09 Nov 2023 11:06:19 GMT
< x-frame-options: SAMEORIGIN
< referrer-policy: origin-when-cross-origin
< content-security-policy: upgrade-insecure-requests
< age: 25
< content-type: text/plain; charset=UTF-8
< content-language: en
< strict-transport-security: max-age=48211200; preload
< 
{ [5 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100  3313  100  3313    0     0   7249      0 --:--:-- --:--:-- --:--:--  7249
* Connection #0 to host www.internic.net left intact

If that works, try it from inside the unbound container (installed at /opt/mailcow-dockerized in my case):

> cd /opt/mailcow-dockerized; docker compose exec unbound-mailcow /bin/bash 

bcfb45b5c531:/# curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.0.46.9:443...
* Connected to www.internic.net (192.0.46.9) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3323 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; CN=internic.net
*  start date: Dec 13 00:00:00 2022 GMT
*  expire date: Dec  6 23:59:59 2023 GMT
*  subjectAltName: host "www.internic.net" matched cert's "www.internic.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://www.internic.net/domain/named.cache
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: www.internic.net]
* [HTTP/2] [1] [:path: /domain/named.cache]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /domain/named.cache HTTP/2
> Host: www.internic.net
> User-Agent: curl/8.4.0
> Accept: */*
> 
{ [5 bytes data]
< HTTP/2 200 
< date: Thu, 09 Nov 2023 11:00:28 GMT
< server: Apache
< content-security-policy: upgrade-insecure-requests
< vary: Accept-Encoding
< last-modified: Thu, 09 Nov 2023 06:55:00 GMT
< etag: "cf1-609b2aeb21900"
< accept-ranges: bytes
< content-length: 3313
< cache-control: max-age=420
< expires: Thu, 09 Nov 2023 11:07:28 GMT
< x-frame-options: SAMEORIGIN
< referrer-policy: origin-when-cross-origin
< content-type: text/plain; charset=UTF-8
< content-language: en
< strict-transport-security: max-age=48211200; preload
< 
{ [3313 bytes data]
100  3313  100  3313    0     0   7589      0 --:--:-- --:--:-- --:--:--  7581
* Connection #0 to host www.internic.net left intact

If it doesn’t work you should see some hints in the verbose output of curl

LukasHuth

DocFraggle it worked on the host but not in the container, this is the full output
`97116160f4f8:/# cat /tmp/root.hints
cat: can’t open ‘/tmp/root.hints’: No such file or directory
97116160f4f8:/# curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– 0:00:04 –:–:– 0* Could not resolve host: www.internic.net

Closing connection
curl: (6) Could not resolve host: www.internic.net`

esackbauer

Which docker and docker compose versions are installed? There are known problems with DNS with docker 24.0.2 or lower.

DocFraggle

And maybe post some more details of your system, is it a hosted system somewhere, are you running it at home, network details like IPv6 enabled or not

domi-btnr

What helped in my Case was disabling IPv6 in the docker-compose.yml
You can do that in Line 636 by changing enable_ipv6: true to enable_ipv6: false

Hope it helps