The unhealthy docker is mailcowdockerized-unbound-mailcow-1

I already tried to update it

and the docker log for it shows:
curl: (7) Failed to connect to “www.internic.net” port 443 after 3216 ms: Couldn’t connect to server

this is my os:
PRETTY_NAME=“Ubuntu 22.04.3 LTS”
NAME=“Ubuntu”
VERSION_ID=“22.04”
VERSION=“22.04.3 LTS (Jammy Jellyfish)”
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL=“Ubuntu Icon Enterprise Open Source and Linux | Ubuntu

Ubuntu Icon Ubuntu
Enterprise Open Source and Linux | Ubuntu
Ubuntu is the modern, open source operating system on Linux for the enterprise server, desktop, cloud, and IoT.
Ubuntu

SUPPORT_URL=“ Official Ubuntu Documentation
help.ubuntu.com
Official Ubuntu Documentation

BUG_REPORT_URL=“Launchpad Icon Bugs : Ubuntu
Launchpad Icon Launchpad
Bugs : Ubuntu
Ubuntu also includes a wide variety of software through its network of software repositories. Once your system is installed you can simply call up a list of all the existing tools out there and choose any of them for immediate installation over the internet.

PRIVACY_POLICY_URL=“ https://www.ubuntu.com/legal/terms-and-policies/privacy-policy
ubuntu.com
https://www.ubuntu.com/legal/terms-and-policies/privacy-policy
No preview could be generated for this link

UBUNTU_CODENAME=jammy

Did you open your firewall for outbound connections?

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    Well, you can debug further and test the connection directly from your host:

    > curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 2620:0:2830:200::b:9...
* TCP_NODELAY set
* Connected to www.internic.net (2620:0:2830:200::b:9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3323 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; CN=internic.net
*  start date: Dec 13 00:00:00 2022 GMT
*  expire date: Dec  6 23:59:59 2023 GMT
*  subjectAltName: host "www.internic.net" matched cert's "www.internic.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x562e04c4e6b0)
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /domain/named.cache HTTP/2
> Host: www.internic.net
> User-Agent: curl/7.61.1
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 10)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/2 200 
< date: Thu, 09 Nov 2023 10:59:45 GMT
< server: Apache
< vary: Accept-Encoding
< last-modified: Thu, 09 Nov 2023 06:55:00 GMT
< etag: "cf1-609b2aeb21900"
< accept-ranges: bytes
< content-length: 3313
< cache-control: max-age=420
< expires: Thu, 09 Nov 2023 11:06:19 GMT
< x-frame-options: SAMEORIGIN
< referrer-policy: origin-when-cross-origin
< content-security-policy: upgrade-insecure-requests
< age: 25
< content-type: text/plain; charset=UTF-8
< content-language: en
< strict-transport-security: max-age=48211200; preload
< 
{ [5 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100  3313  100  3313    0     0   7249      0 --:--:-- --:--:-- --:--:--  7249
* Connection #0 to host www.internic.net left intact

    If that works, try it from inside the unbound container (installed at /opt/mailcow-dockerized in my case):

    > cd /opt/mailcow-dockerized; docker compose exec unbound-mailcow /bin/bash 

bcfb45b5c531:/# curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.0.46.9:443...
* Connected to www.internic.net (192.0.46.9) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3323 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; CN=internic.net
*  start date: Dec 13 00:00:00 2022 GMT
*  expire date: Dec  6 23:59:59 2023 GMT
*  subjectAltName: host "www.internic.net" matched cert's "www.internic.net"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://www.internic.net/domain/named.cache
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: www.internic.net]
* [HTTP/2] [1] [:path: /domain/named.cache]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /domain/named.cache HTTP/2
> Host: www.internic.net
> User-Agent: curl/8.4.0
> Accept: */*
> 
{ [5 bytes data]
< HTTP/2 200 
< date: Thu, 09 Nov 2023 11:00:28 GMT
< server: Apache
< content-security-policy: upgrade-insecure-requests
< vary: Accept-Encoding
< last-modified: Thu, 09 Nov 2023 06:55:00 GMT
< etag: "cf1-609b2aeb21900"
< accept-ranges: bytes
< content-length: 3313
< cache-control: max-age=420
< expires: Thu, 09 Nov 2023 11:07:28 GMT
< x-frame-options: SAMEORIGIN
< referrer-policy: origin-when-cross-origin
< content-type: text/plain; charset=UTF-8
< content-language: en
< strict-transport-security: max-age=48211200; preload
< 
{ [3313 bytes data]
100  3313  100  3313    0     0   7589      0 --:--:-- --:--:-- --:--:--  7581
* Connection #0 to host www.internic.net left intact

    If it doesn’t work you should see some hints in the verbose output of curl

      DocFraggle it worked on the host but not in the container, this is the full output
      `97116160f4f8:/# cat /tmp/root.hints
      cat: can’t open ‘/tmp/root.hints’: No such file or directory
      97116160f4f8:/# curl -vo /tmp/root.hints https://www.internic.net/domain/named.cache

      internic.net
      https://www.internic.net/domain/named.cache
      No preview could be generated for this link

      % Total % Received % Xferd Average Speed Time Time Time Current
      Dload Upload Total Spent Left Speed
      0 0 0 0 0 0 0 0 –:–:– 0:00:04 –:–:– 0* Could not resolve host: www.internic.net

      • Closing connection
        curl: (6) Could not resolve host: www.internic.net`

        Which docker and docker compose versions are installed? There are known problems with DNS with docker 24.0.2 or lower.

        And maybe post some more details of your system, is it a hosted system somewhere, are you running it at home, network details like IPv6 enabled or not

        What helped in my Case was disabling IPv6 in the docker-compose.yml
        You can do that in Line 636 by changing enable_ipv6: true to enable_ipv6: false

        Hope it helps

        No one is typing