Hi,
For some reason postfix-mailcow has stopped resolving DNS. It is not a firewall issue as I have disabled it also all other containers are able to resolve any hostname. Docker host is also able to resolve anything. My Docker network is set to 172.17.0.0 while my Mailcow network is 172.22.0.0. In unbound.conf 172.16.0.0/12 is allowed which includes both address spaces so this is not a case. I’ve tried to disable resolvconf running on the host but with no luck.

Any idea what happened and how to fix that?

A sample log from postfix:
NOQUEUE: reject: RCPT from unknown[46.41.134.25]: 450 4.1.8 <adamkarski@marketingfirmy.com.pl>: Sender address rejected: Domain not found; from=<spamer@marketingfirmy.com.pl> to=<email@domain.com> proto=ESMTP helo=<marketinguj.pl>

warning: dnsblog_query: lookup error for DNS query 25.134.41.46.dnsbl.sorbs.net: Host or domain name not found. Name service error for name=25.134.41.46.dnsbl.sorbs.net type=A: Host not found, try again

root@mail:/opt/mailcow-dockerized# docker-compose exec postfix-mailcow curl wp.pl
curl: (6) Could not resolve host: wp.pl
root@mail:/opt/mailcow-dockerized# docker-compose exec dovecot-mailcow curl wp.pl
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
root@mail:/opt/mailcow-dockerized# docker-compose exec clamd-mailcow curl wp.pl
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

  • diekuh

    • Community Hero
    • volunteer
    Moolevel 110
  • Post #2

The update did not change anything in your network. It is still an issue with your network I’m afraid.

Unbound is still just… unbound. Nothing changed. We also don’t touch your network.

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    diekuh How this could be a problem with network if all other devices in the network including docker containers running on this host have no DNS problem. Also test Ubuntu container works fine. If I exec to Postfix and manually change nameserver in /etc/resolv.conf to 1.1.1.1 it is able to resolve hostnames.

      15 days later

      Hi!

      I have same problem on my installation. But in my case it’s a frersh one.
      I can resolve from unbound container and from all containers that are not defining unbound as dns.

      For example I can normally resolve from mysql container. So for test I installed dnsutils package in mysql container.

      dig google.com

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65002
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             144     IN      A       142.250.180.110

;; Query time: 20 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Wed Dec 30 23:58:12 CET 2020
;; MSG SIZE  rcvd: 55

      but if I try to query unbound container…

      dig google.com @172.22.1.254 

; <<>> DiG 9.16.1-Ubuntu <<>> google.com @172.22.1.254
;; global options: +cmd
;; connection timed out; no servers could be reached

      Unbound container is running and I can ping it from mysql container.

      Any suggestion appreciated!

        • diekuh

          • Community Hero
          • volunteer
          Moolevel 110
        • Post #5

        Still a networking issue guys.

        Don’t ever change the resolve.conf in the container.

        If it works with a public resolver it just confirms the networking issues. It does obviously not work with the DNS NAT construct in Docker for you. Could also be related to filtered traffic by your ISP.

        No, we didn’t change your network configuration. How?!

        @diekuh thanks for reply!

        I’m not claiming that mailcow changed my network configuration. Like I said. It’s not even update. It’s fresh install.
        But problem is I’m pulling my hair out resolving this issue. And if I turn to docker community they won’t know structure of whole package as you do (I guess).

        So I did some more “debugging”…

        I started unbound with verbosity 3. And this is what I get in unbound log:

        unbound-mailcow_1    | Receiving root hints...
######################################################################## 100.0%                      
unbound-mailcow_1    | setup in directory /etc/unbound
unbound-mailcow_1    | unbound_server.key exists
unbound-mailcow_1    | unbound_control.key exists
unbound-mailcow_1    | create unbound_server.pem (self signed certificate)
unbound-mailcow_1    | create unbound_control.pem (signed client certificate)
unbound-mailcow_1    | Signature ok
unbound-mailcow_1    | subject=CN = unbound-control
unbound-mailcow_1    | Getting CA Private Key
unbound-mailcow_1    | Setup success. Certificates created. Enable in unbound.conf file to use
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: chdir to /etc/unbound
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: drop user privileges, run as unbound
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: switching log to /dev/console
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: module config: "validator iterator"
unbound-mailcow_1    | [1609404806] unbound[1:0] notice: init module 0: validator
unbound-mailcow_1    | [1609404806] unbound[1:0] notice: init module 1: iterator
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: target fetch policy for level 0 is 3
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: target fetch policy for level 1 is 2
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: target fetch policy for level 2 is 1
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: target fetch policy for level 3 is 0
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: target fetch policy for level 4 is 0
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: Reading root hints from /etc/unbound/root.hints
unbound-mailcow_1    | [1609404806] unbound[1:0] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (0 result, 26 avail) parentNS
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66352
unbound-mailcow_1    | [1609404806] unbound[1:0] info: start of service (unbound 1.9.6).
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
unbound-mailcow_1    | [1609404806] unbound[1:0] info: validator operate: query . DNSKEY IN
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
unbound-mailcow_1    | [1609404806] unbound[1:0] info: resolving . DNSKEY IN
unbound-mailcow_1    | [1609404806] unbound[1:0] info: priming . IN NS
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
unbound-mailcow_1    | [1609404806] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: sending to target: <.> 192.203.230.10#53
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404806] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: sending to target: <.> 199.9.14.201#53
unbound-mailcow_1    | [1609404806] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=8402 val=66352
unbound-mailcow_1    | [1609404807] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404807] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404807] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404807] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404807] unbound[1:0] debug: sending to target: <.> 193.0.14.129#53
unbound-mailcow_1    | [1609404807] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=8699 val=66352
unbound-mailcow_1    | [1609404808] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404808] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404808] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404808] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404808] unbound[1:0] debug: sending to target: <.> 199.9.14.201#53
unbound-mailcow_1    | [1609404808] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=8699 val=66352
unbound-mailcow_1    | [1609404809] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404809] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404809] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404809] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404809] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609404809] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=8996 val=66352
unbound-mailcow_1    | [1609404810] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404810] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404810] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404810] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404810] unbound[1:0] debug: sending to target: <.> 198.97.190.53#53
unbound-mailcow_1    | [1609404810] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9293 val=66352
unbound-mailcow_1    | [1609404811] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404811] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404811] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404811] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404811] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609404811] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9293 val=66352
unbound-mailcow_1    | [1609404812] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404812] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404812] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404812] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404812] unbound[1:0] debug: sending to target: <.> 192.203.230.10#53
unbound-mailcow_1    | [1609404812] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9293 val=66352
unbound-mailcow_1    | [1609404814] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404814] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404814] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404814] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404814] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609404814] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9590 val=66352
unbound-mailcow_1    | [1609404815] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404815] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404815] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404815] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404815] unbound[1:0] debug: sending to target: <.> 198.97.190.53#53
unbound-mailcow_1    | [1609404815] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9590 val=66352
unbound-mailcow_1    | [1609404816] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404816] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404816] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404816] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404816] unbound[1:0] debug: sending to target: <.> 192.58.128.30#53
unbound-mailcow_1    | [1609404816] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=9887 val=66352
unbound-mailcow_1    | [1609404817] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404817] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404817] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404817] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404817] unbound[1:0] debug: sending to target: <.> 192.5.5.241#53
unbound-mailcow_1    | [1609404817] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=10184 val=66352
unbound-mailcow_1    | [1609404818] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404818] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404818] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404818] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404818] unbound[1:0] debug: sending to target: <.> 192.36.148.17#53
unbound-mailcow_1    | [1609404818] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=10481 val=66352
unbound-mailcow_1    | [1609404819] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404819] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404819] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404819] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404819] unbound[1:0] debug: sending to target: <.> 192.58.128.30#53
unbound-mailcow_1    | [1609404819] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=10481 val=66352
unbound-mailcow_1    | [1609404820] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404820] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404820] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404820] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404820] unbound[1:0] debug: sending to target: <.> 199.7.91.13#53
unbound-mailcow_1    | [1609404820] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=10778 val=66352
unbound-mailcow_1    | [1609404821] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404821] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404821] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404821] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404821] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609404821] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11075 val=66352
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404822] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: sending to target: <.> 192.112.36.4#53
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11372 val=66352
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404822] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609404822] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404823] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404823] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404823] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404823] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404823] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609404823] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404825] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404825] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404825] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404825] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404825] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609404825] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404826] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404826] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404826] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404826] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404826] unbound[1:0] debug: sending to target: <.> 193.0.14.129#53
unbound-mailcow_1    | [1609404826] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404828] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404828] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404828] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404828] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404828] unbound[1:0] debug: sending to target: <.> 199.7.91.13#53
unbound-mailcow_1    | [1609404828] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404829] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404829] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404829] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404829] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404829] unbound[1:0] debug: sending to target: <.> 192.112.36.4#53
unbound-mailcow_1    | [1609404829] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404831] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404831] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404831] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404831] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404831] unbound[1:0] debug: sending to target: <.> 192.36.148.17#53
unbound-mailcow_1    | [1609404831] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404832] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404832] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404832] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404832] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404832] unbound[1:0] debug: sending to target: <.> 192.5.5.241#53
unbound-mailcow_1    | [1609404832] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404834] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404834] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404834] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404834] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404834] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609404834] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404835] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404835] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404835] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404835] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404835] unbound[1:0] debug: sending to target: <.> 192.36.148.17#53
unbound-mailcow_1    | [1609404835] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404838] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404838] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404838] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404838] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404838] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609404838] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404841] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404841] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404841] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404841] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404841] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609404841] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404844] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404844] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404844] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404844] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404844] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609404844] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404847] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404847] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404847] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404847] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404847] unbound[1:0] debug: sending to target: <.> 199.7.91.13#53
unbound-mailcow_1    | [1609404847] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404850] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404850] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404850] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404850] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404850] unbound[1:0] debug: sending to target: <.> 193.0.14.129#53
unbound-mailcow_1    | [1609404850] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404853] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404853] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404853] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404853] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609404853] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609404853] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609404856] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609404856] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: request has exceeded the maximum number of sends with 33
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: return error response SERVFAIL
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_moddone
unbound-mailcow_1    | [1609404856] unbound[1:0] info: validator operate: query . NS IN
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
unbound-mailcow_1    | [1609404856] unbound[1:0] info: iterator operate: query . DNSKEY IN
unbound-mailcow_1    | [1609404856] unbound[1:0] info: processQueryTargets: . DNSKEY IN
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: Failed to get a delegation, giving up
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: return error response SERVFAIL
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
unbound-mailcow_1    | [1609404856] unbound[1:0] info: validator operate: query . DNSKEY IN
unbound-mailcow_1    | [1609404856] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352

        My guess is unbound is trying to query different root dns servers. I took first ip it tried to connect to:

        unbound-mailcow_1    | [1609404806] unbound[1:0] debug: sending to target: <.> 192.203.230.10#53

        Iconnected to unbound container, installed dig and tried to query the same dns server:

        dig google.com @192.203.230.10

; <<>> DiG 9.14.12 <<>> google.com @192.203.230.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18628
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;google.com.                    IN      A

;; AUTHORITY SECTION:
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.

;; ADDITIONAL SECTION:
l.gtld-servers.net.     172800  IN      A       192.41.162.30
l.gtld-servers.net.     172800  IN      AAAA    2001:500:d937::30
b.gtld-servers.net.     172800  IN      A       192.33.14.30
b.gtld-servers.net.     172800  IN      AAAA    2001:503:231d::2:30
c.gtld-servers.net.     172800  IN      A       192.26.92.30
c.gtld-servers.net.     172800  IN      AAAA    2001:503:83eb::30
d.gtld-servers.net.     172800  IN      A       192.31.80.30
d.gtld-servers.net.     172800  IN      AAAA    2001:500:856e::30
e.gtld-servers.net.     172800  IN      A       192.12.94.30
e.gtld-servers.net.     172800  IN      AAAA    2001:502:1ca1::30
f.gtld-servers.net.     172800  IN      A       192.35.51.30
f.gtld-servers.net.     172800  IN      AAAA    2001:503:d414::30
g.gtld-servers.net.     172800  IN      A       192.42.93.30
g.gtld-servers.net.     172800  IN      AAAA    2001:503:eea3::30
a.gtld-servers.net.     172800  IN      A       192.5.6.30
a.gtld-servers.net.     172800  IN      AAAA    2001:503:a83e::2:30
h.gtld-servers.net.     172800  IN      A       192.54.112.30
h.gtld-servers.net.     172800  IN      AAAA    2001:502:8cc::30
i.gtld-servers.net.     172800  IN      A       192.43.172.30
i.gtld-servers.net.     172800  IN      AAAA    2001:503:39c1::30
j.gtld-servers.net.     172800  IN      A       192.48.79.30
j.gtld-servers.net.     172800  IN      AAAA    2001:502:7094::30
k.gtld-servers.net.     172800  IN      A       192.52.178.30
k.gtld-servers.net.     172800  IN      AAAA    2001:503:d2d::30
m.gtld-servers.net.     172800  IN      A       192.55.83.30
m.gtld-servers.net.     172800  IN      AAAA    2001:501:b1f9::30

;; Query time: 20 msec
;; SERVER: 192.203.230.10#53(192.203.230.10)
;; WHEN: Thu Dec 31 09:09:45 utc 2020
;; MSG SIZE  rcvd: 835

        As you can see, it works. So I can manually query dns servers, but unbound fails to do the same (from same container).

        Any clue?

        I also tried to query unbound from it’s own container dig google.com @127.0.0.1 so no inner network communication between containers. I get this in log:

        unbound-mailcow_1    | [1609405965] unbound[1:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
unbound-mailcow_1    | [1609405965] unbound[1:0] info: validator operate: query google.com. A IN
unbound-mailcow_1    | [1609405965] unbound[1:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
unbound-mailcow_1    | [1609405965] unbound[1:0] info: resolving google.com. A IN
unbound-mailcow_1    | [1609405965] unbound[1:0] info: priming . IN NS
unbound-mailcow_1    | [1609405965] unbound[1:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
unbound-mailcow_1    | [1609405965] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405965] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405965] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405965] unbound[1:0] debug: sending to target: <.> 193.0.14.129#53
unbound-mailcow_1    | [1609405965] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405966] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: sending to target: <.> 199.9.14.201#53
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405966] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: sending to target: <.> 198.97.190.53#53
unbound-mailcow_1    | [1609405966] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405967] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405967] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405967] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405967] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405967] unbound[1:0] debug: sending to target: <.> 192.112.36.4#53
unbound-mailcow_1    | [1609405967] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405968] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405968] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405968] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405968] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405968] unbound[1:0] debug: sending to target: <.> 192.58.128.30#53
unbound-mailcow_1    | [1609405968] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405969] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405969] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: sending to target: <.> 192.36.148.17#53
unbound-mailcow_1    | [1609405969] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405970] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405970] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405970] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405970] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405970] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405970] unbound[1:0] debug: sending to target: <.> 192.112.36.4#53
unbound-mailcow_1    | [1609405970] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405972] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405972] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405972] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405972] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405972] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609405972] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405973] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405973] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405973] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405973] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405973] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609405973] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405974] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405974] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405974] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405974] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405974] unbound[1:0] debug: sending to target: <.> 199.9.14.201#53
unbound-mailcow_1    | [1609405974] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405975] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405975] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405975] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405975] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405975] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405975] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609405975] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405977] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405977] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405977] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405977] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405977] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609405977] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405978] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: sending to target: <.> 199.7.91.13#53
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405978] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: sending to target: <.> 192.36.148.17#53
unbound-mailcow_1    | [1609405978] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405980] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405980] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405980] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405980] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405980] unbound[1:0] debug: sending to target: <.> 192.5.5.241#53
unbound-mailcow_1    | [1609405980] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405981] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405981] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405981] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405981] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405981] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609405981] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405982] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405982] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405982] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405982] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405982] unbound[1:0] debug: sending to target: <.> 193.0.14.129#53
unbound-mailcow_1    | [1609405982] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405984] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405984] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405984] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405984] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405984] unbound[1:0] debug: sending to target: <.> 198.97.190.53#53
unbound-mailcow_1    | [1609405984] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405985] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405985] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405985] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405985] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405985] unbound[1:0] debug: sending to target: <.> 192.203.230.10#53
unbound-mailcow_1    | [1609405985] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405986] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405986] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405986] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405986] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405986] unbound[1:0] debug: sending to target: <.> 192.58.128.30#53
unbound-mailcow_1    | [1609405986] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405987] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405987] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405987] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405987] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405987] unbound[1:0] debug: sending to target: <.> 199.7.91.13#53
unbound-mailcow_1    | [1609405987] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405989] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405989] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405989] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405989] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405989] unbound[1:0] debug: sending to target: <.> 192.5.5.241#53
unbound-mailcow_1    | [1609405989] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405990] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405990] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405990] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405990] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405990] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609405990] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405991] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405991] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405991] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405991] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405991] unbound[1:0] debug: sending to target: <.> 192.203.230.10#53
unbound-mailcow_1    | [1609405991] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405993] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405993] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405993] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405993] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405993] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609405993] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405994] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405994] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405994] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405994] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405994] unbound[1:0] debug: sending to target: <.> 192.33.4.12#53
unbound-mailcow_1    | [1609405994] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609405997] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609405997] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609405997] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609405997] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609405997] unbound[1:0] debug: sending to target: <.> 192.58.128.30#53
unbound-mailcow_1    | [1609405997] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406000] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406000] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406000] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406000] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609406000] unbound[1:0] debug: sending to target: <.> 198.41.0.4#53
unbound-mailcow_1    | [1609406000] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406003] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406003] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406003] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406003] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609406003] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
unbound-mailcow_1    | [1609406003] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406006] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406006] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406006] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406006] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609406006] unbound[1:0] debug: sending to target: <.> 192.112.36.4#53
unbound-mailcow_1    | [1609406006] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406009] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406009] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406009] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406009] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609406009] unbound[1:0] debug: sending to target: <.> 199.7.83.42#53
unbound-mailcow_1    | [1609406009] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406012] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406012] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406012] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406012] unbound[1:0] info: sending query: . NS IN
unbound-mailcow_1    | [1609406012] unbound[1:0] debug: sending to target: <.> 199.9.14.201#53
unbound-mailcow_1    | [1609406012] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
unbound-mailcow_1    | [1609406015] unbound[1:0] info: iterator operate: query . NS IN
unbound-mailcow_1    | [1609406015] unbound[1:0] info: processQueryTargets: . NS IN
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: request has exceeded the maximum number of sends with 33
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: return error response SERVFAIL
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_moddone
unbound-mailcow_1    | [1609406015] unbound[1:0] info: validator operate: query . NS IN
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
unbound-mailcow_1    | [1609406015] unbound[1:0] info: iterator operate: query google.com. A IN
unbound-mailcow_1    | [1609406015] unbound[1:0] info: processQueryTargets: google.com. A IN
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: Failed to get a delegation, giving up
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: return error response SERVFAIL
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
unbound-mailcow_1    | [1609406015] unbound[1:0] info: validator operate: query google.com. A IN
unbound-mailcow_1    | [1609406015] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=11669 val=66352

        So unbound is running and it’s receiving requests. But can’t resolve queries to outside dns servers. I would say it’s firewall issue, BUT… I can resolve manually (from same container) to outside dns servers just fine. So it’s NOT firewall problem. I would say it’s not even network problem.

        I really hope someone can help me with this mystery. Thanks in advance!

        frido

        Just fyi …. no problem here (updated mailcow 5min ago) …

        ; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> google.com @172.22.1.254
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24364
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

        ;; OPT PSEUDOSECTION:
        ; EDNS: version: 0, flags:; udp: 4096
        ;; QUESTION SECTION:
        ;google.com. IN A

        ;; ANSWER SECTION:
        google.com. 151 IN A 172.217.23.142

        ;; Query time: 0 msec
        ;; SERVER: 172.22.1.254#53(172.22.1.254)
        ;; WHEN: Thu Dec 31 12:09:02 CET 2020
        ;; MSG SIZE rcvd: 55

          • diekuh

            • Community Hero
            • volunteer
            Moolevel 110
          • Post #8
          • Edited

          This is no evidence it is not a network problem…

          Posting Unbound debug logs does not help at all (thanks anyway). As you can see that’s not the layer of the problem. It is the network.

          When you dig from your host it is not comparable to the result you get from within the container! Even worse: when you dig @unbound-mailcow from - for example - postfix-mailcow, you will not have the same network path as if you dig @1.1.1.1 or whatever. Digging against unbound uses a NAT rule in Docker. As you already found out, it is routed through 127.0.0.11. Digging from postfix-mailcow against 1.1.1.1 is a completely different path.
          Perhaps a firewall sees DNS packages from the Docker internal subnet due to a broken masquerading rule (networking problem…).

          So showing me two digs from your host and from withing your container it does not at all prove it’s not a networking issue. It actually hardens my point.

          The unbound container is not broken I’m afraid, I cannot help you. I have not a single system in support or self-managed with this error. But it comes up from time to time and it is always and ever a network problem.

          Enotime to debug that with you. 🙁 Sorry.

          PS: https://docs.docker.com/config/containers/container-networking/#dns-services

          10 days later

          For anyone who may encounter similar problem. This is what I found out…

          @diekuh I was 100% sure it was not a problem with mailcow. But what was bothering me was the fact that I have all docker hosts setup the same way and on all locations this worked but on this one I had problems.

          So what eventually led me to sollution was the fact that command dig any google.com +notcp faild on ANY host (desktop also) within this network. If I forced tcp protocol with dig any bitlab.si +tcp query was successfull.

          So I searched unbound documentation and foud out that with adding tcp-upstream: yes in unbound.conf I can force it to use tcp protocol. And now all works fine.

          I assume it’s a problem with my main router because I’m using rather old monowall on this site. I prepared fresh pfsense computer and will report if udp will work with that one.

          4 years later

          that is good solution and its work, but you can just open port 53 for mailcow subnet and its okay. its better than change configs.
          sudo ufw allow from 172.22.1.0/24 to any port 53 comment “Allow DNS for mailcow subnet”

          No one is typing