I ran into a problem on versions higher than 17.2+, namely that dockers do not have access to dns 10.152.152.10, even after opening the port and trying to resolve through the firewall, it still does not work and docker writes an error that it cannot install default packages
100.6 Temporary failure resolving ‘deb.debian.org’
110.6 Err:2 Index of /debian bookworm-updates InRelease
110.6 Temporary failure resolving ‘deb.debian.org’
120.7 Err:3 Index of /debian-security bookworm-security InRelease
120.7 Temporary failure resolving ‘deb.debian.org’
120.7 Reading package lists…
APT isn’t the best test to confirm that DNS is broken.
What are the steps for issue reproduction?
Whonix issue or Docker issue?
docker can’t dig for example www.google.com
;; connection timed out; no servers could be reached
sudo docker run --rm -it debian:bookworm bash -c “apt-get update”
Ign:1 Index of /debian bookworm InRelease
Ign:2 Index of /debian bookworm-updates InRelease
Ign:3 Index of /debian-security bookworm-security InRelease
Ign:1 Index of /debian bookworm InRelease
Ign:2 Index of /debian bookworm-updates InRelease
Ign:3 Index of /debian-security bookworm-security InRelease
Ign:1 Index of /debian bookworm InRelease
Ign:2 Index of /debian bookworm-updates InRelease
Ign:3 Index of /debian-security bookworm-security InRelease
Err:1 Index of /debian bookworm InRelease
Temporary failure resolving ‘deb.debian.org’
Err:2 Index of /debian bookworm-updates InRelease
Temporary failure resolving ‘deb.debian.org’
Err:3 Index of /debian-security bookworm-security InRelease
Temporary failure resolving ‘deb.debian.org’
Reading package lists… Done
W: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://deb.debian.org/debian-security/dists/bookworm-security/InRelease Temporary failure resolving ‘deb.debian.org’
W: Some index files failed to download. They have been ignored, or old ones used instead.
but when I gave him the host network
sudo docker run --rm -it --network=host debian:bookworm bash -c “apt-get update”
Get:1 Index of /debian bookworm InRelease [151 kB]
Get:2 Index of /debian bookworm-updates InRelease [55.4 kB]
Get:3 Index of /debian-security bookworm-security InRelease [48.0 kB]
Get:4 Index of /debian bookworm/main amd64 Packages [8793 kB]
Get:5 Index of /debian bookworm-updates/main amd64 Packages [512 B]
Get:6 Index of /debian-security bookworm-security/main amd64 Packages [265 kB]
Fetched 9313 kB in 6s (1568 kB/s)
Reading package lists… Done
please note that on version 17.1+, everything is working normally without the “host” hypernetwork, I have read the patchnotes and the only way I can explain this behavior is that whonix has switched to the new dns security concept anon-dns
maybe im wrong -_0
No related changes to my knowledge.
System default DNS is functional.
Could be a firewall issue.