This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pulling docker containers fails at most times

Hi,

we try to pull docker containers from docker.io but the requests fail most of the times.

I already made a web exception for docker.io so https decryption and content scanning are disabled. XG log gives no hint, access to the URLs is allowed.

It seems that the initial request fails. If that one works the download of the container works without issues.

Does anybody have another idea?

This thread was automatically locked due to age.

0 Jelle over 6 years ago

As I guess it seems to be a timeout issue I looked into the process. What I discovered so far was that a nslookup for example to registry-1.docker.io resulted in the following message: "dns request timed out. timeout was 2 seconds".

Then I changed the DNS configuration in XG so that IPv4 DNS servers are preferred and the timeout message from nslookup disappeared.

Our DNS configuration is as follows:

Client PC --> PDC or backup DC acting as DNS servers --> XG

XG uses Google dns servers 8.8.8.8 and 8.8.4.4 and one OpenDNS server for IPv4 and the corresponding IPv6 servers

After the change in the XG configuration the docker containers can be pulled without issues. But we still have issues with building a docker container. During the build process additional packages are loaded via npm. As soon as a package from registry-1.npmjs.org should be loaded again a timout occurs.

What I have seen is that a nslookup to npmjs.org returns IPv4 and IPv6 addresses. A ping from XG to one of these IPv6 addresses results also in a timeout. So I guess there is a problem with the DNS lookup and the IPv6 addresses.

Currently I don't know what do test any further. Maybe someone here has an idea?
Cancel
Vote Up 0 Vote Down

Cancel