Could not resolve host: api.github.com

Question

Could not resolve host: api.github.com

JulianGro opened this issue 2 years ago · comments

For some reason the docker image cannot resolve api.github.com while the host can.
I would assume that this has to do with the host system not having full IPv4 support, since that is the only possible reason I can think of. It uses a system that I am unfamiliar with called DNS64. My understanding is that if it tries to use IPv4 using DNS64, the docker container could potentially not be configured in a way that would work with this.

Runner:

root@FOSSHOST-GitHub-Actions-Runner:~# ./docker-github-actions-runner.sh 
debian-bullseye: Pulling from myoung34/github-runner
Digest: sha256:dbb7b27c65f52d988835126647a8fdb66f814d28458cb6f2cd92db6b1154ed55
Status: Image is up to date for myoung34/github-runner:debian-bullseye
docker.io/myoung34/github-runner:debian-bullseye
Runner reusage is disabled
Obtaining the token of the runner
curl: (6) Could not resolve host: api.github.com
Configuring

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication

Invalid configuration provided for token. Terminating unattended configuration.
An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.
root@FOSSHOST-GitHub-Actions-Runner:~#

Host:

root@FOSSHOST-GitHub-Actions-Runner:~# nslookup api.github.com
Server:		2606:4700:4700::64
Address:	2606:4700:4700::64#53

Non-authoritative answer:
Name:	api.github.com
Address: 140.82.121.6
Name:	api.github.com
Address: 64:ff9b::8c52:7906

root@FOSSHOST-GitHub-Actions-Runner:~#

root@FOSSHOST-GitHub-Actions-Runner:~# curl api.github.com
root@FOSSHOST-GitHub-Actions-Runner:~# curl api.gi.ddfddd
curl: (6) Could not resolve host: api.gi.ddfddd
root@FOSSHOST-GitHub-Actions-Runner:~#

Julian Groß · Answer 1 · Sun Mar 13 2022 23:50:51 GMT+0800 (China Standard Time)

It works after getting IPv4 set up on the host.
Since I have no idea what or where the issue is, I am closing this for now.

Diego Spinola · Answer 2 · Fri Jul 28 2023 02:39:52 GMT+0800 (China Standard Time)

Documenting for future

Was getting a similar error , I tried to disable ipv6 on the host but still no luck, then I remembered that my VPN's MTU is 1360 and the docker deamon inside the VM I was defaulting to something different from the ethernet interface... sneaky little bug...

no more SSL_ERROR_SYSCALL or curl errors

Here's how you can do it for a Docker installation on Ubuntu:

Open the Docker service file. It's usually located at /lib/systemd/system/docker.service.

sudo nano /lib/systemd/system/docker.service

Find the line that begins with ExecStart=. It should look something like this:

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Append --mtu=1360 (or whatever your own MTU might be) at the end of this line. After your change, it should look like this:

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --mtu=1360

Save and close the file.

Reload the systemd daemon to apply the changes:

sudo systemctl daemon-reload

Restart Docker:

sudo systemctl restart docker

myoung34 · Answer 3 · Fri Jul 28 2023 02:49:27 GMT+0800 (China Standard Time)

If you can add more context here @DiegoSpinola I'll document it

What's the default MTU on the daemon (in ref to "sneaky little bug")?

Diego Spinola · Answer 4 · Fri Jul 28 2023 04:15:53 GMT+0800 (China Standard Time)

Apparently docker by default sets the MTU of it's virtual networks created by the hosts daemons to 1500 bytes even if the physical adapter from the host is configured to a lower MTU... It's difficult to debug because it won't outright stop all network activity, only a few things will fail due to packet fragmentation and reassembly (depending on the infrastructure in between src and dst)

You might get something like

Jul 27 17:06:44 docker[2615]: Obtaining the token of the runner
Jul 27 17:09:46 docker[2615]: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.github.com:443
Jul 27 17:09:46 docker[2615]: Ephemeral option is enabled

The tricky part is that you might open a bash shell inside the container and try to ping api.github.com and it will work fine (because the icmp packets are smaller than the MTU) , you might even use curl to test the api from inside the container:

curl -I https://api.github.com/users/octocat

and it might even will work (if the size of the request and response are smaller than the network MTU) which will lead you to question your own sanity 😵‍💫

Took me a whole day to figure this out but now everything is up and running with the steps mentioned above!