nanobot/ara
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ad3e1b526a31f8ccc9af5e6316c919450bc01f7c
ara/traefik-infrastructure/evidence/tables/resolv_conf_original.md
T

2.2 KiB
Raw Blame History

resolv.conf — Original Broken Content

Source: Direct inspection of /etc/resolv.conf inside bridge-networked Docker container, 2026-02-13 Caption: Content of /etc/resolv.conf as found inside bridge-networked Docker containers before the daemon.json DNS fix. This file was generated by Docker from the host's /etc/resolv.conf (Unraid default) and listed two unreachable nameservers before the first reachable one. Extraction type: raw_table

File Content (Reconstructed from HISTORY.md)

nameserver 192.168.1.50
nameserver 169.254.24.117
nameserver 1.1.1.1

Nameserver Analysis

Entry IP Role Reachable from bridge container? Notes
nameserver 1 192.168.1.50 Technitium DNS (LAN IP) No Technitium listens here on host, but UDP responses from this IP are dropped by Docker NAT/conntrack for bridge container queries. Causes ~4-second timeout.
nameserver 2 169.254.24.117 Docker embedded DNS (legacy) No Link-local address; not a valid DNS server in this configuration. Dead endpoint. Causes another ~4-second timeout.
nameserver 3 1.1.1.1 Cloudflare public DNS Yes Actually reachable; responds quickly. But only reached after ~8 seconds of failed attempts at nameservers 1 and 2.

Failure Mode

DNS resolution path for any query:

  1. Try 192.168.1.50:53 — wait ~4s — no response — timeout
  2. Try 169.254.24.117:53 — wait ~4s — no response — timeout
  3. Try 1.1.1.1:53 — response in <50ms — success

Total latency per query: ~8 seconds before the actual DNS response.

Incident Note

During debugging of this resolv.conf, the nanobot container edited this file and accidentally left only nameserver 192.168.1.50 (the broken entry), immediately destroying all DNS connectivity. Recovery required Makar to externally restart the nanobot container. This incident led to the hard rule encoded in C06 and H06: never write to /etc/resolv.conf inside a running container.

Post-Fix resolv.conf

After applying {"dns": ["172.17.0.1"]} to daemon.json and recreating containers:

nameserver 172.17.0.1

Single entry. Technitium reachable at this IP via docker0 bridge. ~2ms latency.

Reference in New Issue View Git Blame Copy Permalink