I took a look at the awesome self-hosted repo and found DailyTxt. I have no experience with it but maybe worth a try?
Je partage ici aussi car ça pourrait intéresser des non-membres de c/technologie.
publication croisée depuis : https://jlai.lu/post/6653760
> Je me suis aperçu hier soir qu'un ordinateur sur un réseau domestique relié à internet par une Freebox était par défaut accessible en IPv6 depuis internet. Pour parler en des termes plus concrets : il est possible d'ouvrir une connexion sur la machine depuis internet.
>
> Par exemple, on peut faire un ping et ça répond. Ou on peut ouvrir une connexion SSH.
>
> Il y a une option "activer le firewall IPv6" dans l'interface de configuration de la Freebox qui permet de bloquer le trafic IPv6 entrant mais cette option semble être désactivée par défaut (voir l'image). C'est un choix de Free que je trouve un peu cavalier car l'utilisateur à gros doigts se retrouve exposé sans le savoir, contrairement à l'IPv4 qui a l'effet secondaire bénéfique de cacher les appareils du réseau local tant qu'aucune redirection de port n'est configurée dans la NAT.
>
> Je ne sais pas ce qu'il en est des box des autres FAI mais ça vaut le coup d'aller vérifier. Surtout si le réseau héberge des machines sous linux, lesquelles ont fréquemment un serveur SSH actif par défaut (qui, circonstance aggravante accepte souvent les connexions par mot de passe par défaut) ou s'il comporte des caméras IP à la sécurité douteuse (coucou le mot de passe admin en carton).
>
> Pour relativiser toutefois : les machines du réseau local sont certes accessibles publiquement mais encore faut il connaître leur IPv6 pour pouvoir les atteindre. La découverte par la force brute est peu probable, étant donné la taille gigantesque de l'espace d'adresse IPv6 (il y a de l'ordre de 10^38 adresses possibles). Et même en connaissant les 8 premiers octets du préfixe (ce que le FAI attribue à son abonné), il reste encore les 8 derniers à découvrir, ce qui représente de l'ordre de 10^19 possibilités. A raison de 100 essais par seconde, il faudrait plus de trois milliards d'années pour les essayer toutes. Le plus gros risque à mon avis, c'est qu'un attaquant exploite des IPv6 qui auraient fuité par ailleurs, lors de l'attaque d'un service web grand public qui conserverait de telles infos dans ses bases de données ou dans ses logs, par exemple.
>
> Pour savoir si vous êtes à risque, il vous faut :
>
> - connaître l'IPv6 d'un appareil du réseau à vérifier. C'est visible sur la page https://www.mon-ip.com/, vue depuis la machine considérée. C'est aussi visible depuis un terminal avec ipconfig /all sous windows ou ifconfig sous linux. Dans ce cas, ignorez les adresses de type "link-local" qui débutent par fe80::, celles-ci ne sont pas routables. Si la machine est publiquement accessible, elle aura plusieurs autres adresses dont les 8 premiers octets (c'est à dire, les quatre premiers mots séparés par deux-points) sont identiques. Prenez-en une parmi celles-là.
> - une machine sur un autre réseau, qui a une connexion IPv6 (c'est fréquent de nos jours). A défaut, vous pouvez connecter un ordinateur en wifi sur la connexion partagée d'un téléphone relié au réseau de données de l'opérateur mobile. Ca produira le même effet. Depuis cet ordinateur, tentez un ping avec l'adresse choisie plus haut. Si ça répond, la machine est accessible publiquement.
>
I had a quick look at resolv.conf's manpage on Debian and I think @daddy32@lemmy.world's suggestion of adding a second nameserver would actually work:
nameserver Name server IP address
Internet address of a name server that the resolver should query, either an IPv4 address (in dot notation), or an IPv6 address in colon (and possibly dot) notation as per RFC 2373. Up to MAXNS (currently 3, see <re‐
solv.h>) name servers may be listed, one per keyword. If there are multiple servers, the resolver library queries them in the order listed. If no nameserver entries are present, the default is to use the name server
on the local machine. (The algorithm used is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of retries are
made.)
According to the doc, the resolver will try each name server in order until one is successful.
Sorry, I was unclear: I use dnsmasq as single source of truth. In its DHCP config, I set machine names, routes and all. And this is because this dnsmasq is the DHCP that it knows how to translate the names of the devices it configured. Pi-hole forwards all DNS requests to dnsmasq. Now if I use two instances of dnsmasq, only one can be a DHCP and the other won't know how to resolve local names, unless it uses the first dnsmasq as upstream. But in scenarios where this first dnsmasq instance is down, we are back to square one.
My goodness, that's some impressive responsiveness ^^
I guess see your point. But then the problem shifts to the upstream dnsmasq instance which acts as DHCP + DNS for the local devices. This is the server ultimately able to translate local names.
I don't think it's doable to have two instances of dnsmasq that are able to translate local names interchangeably. That would require two DHCPs to have authority on the network. But I'm no expert so I may be missing something obvious.
For some reason, I am only seeing this comment thread now, so sorry for the late response.
Thanks for those valuable details. But I am still a bit confused. I understand why you are saying that pi hole should be the only DNS server handling requests sent by LAN devices (including the machine hosting the DNS). That's because it is the only one which can resolve local names (well, that's actually its upstream dnsmasq running as a sibling container that does that but that's a minor detail).
But then you say there should be another DNS server to solve my problem. If I put two server entries in /etc/resolv.conf, one being pi hole and the other my ISP's DNS, the two of them will be randomly picked by DNS clients. When the ISP's is used, it will fail to translate local names. I guess there is a way to let the client try the other server after a failure but it will add some undesirable latency.
Sorry if I misunderstood your point but after reading the first comments I was quite convinced by the idea of adding a second nameserver entry in /etc/resolv.conf. Your explanations convinced me otherwise and now I have the impression that I can't really solve my initial problem in a reliable way.
Well, I have not really thought about why. I guess that's partly due to old habits of running services on the host with systemd (my migration to docker is recent and still a work in progress). But I guess I'd like to continue to be able to resolve names of local devices on my network when connected through ssh on the host. Is that inherently wrong, still? I will implement the secondary DNS as a fallback. I am hoping to get rid of the issue that way.
Yes, others have suggested something similar. I'll do that first because it is easy. Monitoring-wise, I should already be covered but since prometheus is running on the same server, it was down during the outage. There is room for improvement, for sure! I have a couple of RPis on my network that I can leverage for better monitoring.
Your suggestion looks similar to this other comment and makes sense. I'll try that!
I have never managed to wrap my head around DoH and DoT but this is on my todo list ^^
I didn't know dnsmasq has an adblock plugin, I'll have a look. Originally, I was using dnsmasq alone (running on bare metal). Then I migrated to docker and added pi-hole for ad blocking. I tried to get rid of dnsmasq but pi-hole's embedded DHCP is not as configurable as dnsmasq's and I could not address my use case.
Thanks a lot for your time!
I see. I kind of thought about it earlier today while mulling over the problem. I can definitely do that first because it's easy and makes total sense.
I already have prometheus monitoring the DNS resolution, I think. I'll check!
Thanks for taking the time to answer!
Yeah, that was my plan B. To be honest, I was not super confident that it would work when I put this setup together, because of the "host uses a container as DNS and docker uses the host as DNS" kind of circular dependency.
But people do use docker for DNS servers so it has to work, right? That's where I'd like to understand where I'm wrong. I'm fine with running pi hole and dnsmasq on the host as long as I get why this is not doable in docker.
Thanks for your input, though. That's helpful.
In both the pi-hole (exposed on the host) and dnsmasq (used as upstream by pi-hole) containers:
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make
further changes once it
# has been modified.
nameserver 127.0.0.11
options ndots:0
# Based on host file: '/etc/resolv.conf' (internal res
olver)
# ExtServers: [host(127.0.0.1)]
# Overrides: []
# Option ndots from: internal
So they are pointing to docker's embedded DNS, itself forwarding to the host.
Hi everyone,
I own a homeserver running multiple services set up in individual docker compose projects. One of them is dnsmasq + pi-hole. Pi-hole is exposed on the host's 53 port and uses dnsmasq as upstream.
The host's /etc/resolv.conf points to 127.0.0.1 to use pi-hole. Other containers from other compose projects on the same machine indirectly use pi-hole as well, as they use docker's embedded DNS which forwards to the host.
Everything had worked fine for weeks before I ran into an issue after unattended-upgrades updated docker. After the upgrade, systemd attempted to restart the docker service. From the logs, it seems that the containers had a hard time honoring the SIGTERM. They started to complain about failing to reach the DNS server. At least that's my understanding from journalctl -u docker. Here's a (long) excerpt that shows:
- containers failing to stop gracefully
- stale processes after docker forcibly shut them down
- repeated errors "stream copy error: reading from a closed fifo" afterwards that I am wondering what they mean
avril 12 06:46:24 prosper systemd[1]: Stopping docker.service - Docker Application Container Engine... avril 12 06:46:24 prosper dockerd[1580]: time="2024-04-12T06:46:24.161850246+02:00" level=info msg="Processing signal 'terminated'" avril 12 06:46:33 prosper dockerd[1580]: time="2024-04-12T06:46:33.276053218+02:00" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:127.0.0.1:37197" dns-server="udp:127.0.0.1:53" error="read udp 127.0.0.> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.509762706+02:00" level=info msg="ignoring event" container=d518bb77113596e96db39a6770fd9955ec29efacd907cdb02148708e92156cd5 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989217237+02:00" level=info msg="ignoring event" container=81b3413f7d2409fe1a8fd8e1cf7dce3a23a6f7a4dc7cc23c13e9f1ba84b24eb7 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989312976+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=642a3c9a2c821727f30c5cf84aac52778c027083f61d571831a408a2a8c> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989126980+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=781a3eac3f08d78ef285bc0231c00bd52005fe2257fd358f7c2b51af392> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989532834+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=7406c47622ecf7fb3f9e9ff6b7a8be2a3920342b4921b33a32b3df45123> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989693081+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=e5311ad000d63615c2336db1d3630cde233495108029648289f3660ad2d> avril 12 06:46:34 prosper dockerd[1580]: time="2024-04-12T06:46:34.989723995+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=e6194d95ed1b95dddeaacab68f64a8e869c7a2489144198a84865d57f89> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.350637865+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=249922bad7603a6e00bbcb0528cb7b7774a321f23e9f81b9784cc5968b5> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.506956200+02:00" level=info msg="ignoring event" container=a5ac3703480cbfd4455d4d0b373023f730da63a8792863e19bfda469ee44370b module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.602466692+02:00" level=info msg="ignoring event" container=1bd974e7ccf8f77ed93b51aa9eb0bed07cd0e26db7201fecb33c5c6f82712cb2 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.661037905+02:00" level=info msg="ignoring event" container=881fbf5034c7c0016b0715a8028e2c69788ddff218bc70fef98b30019d2b48bd module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.714184730+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=0d9862444b4a7fce35df527f034e4f673aecf44a6551858056f9d8c7ce4> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.775230427+02:00" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:127.0.0.1:42577" dns-server="udp:127.0.0.1:53" error="read udp 127.0.0.> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.881449888+02:00" level=info msg="Container failed to exit within 10s of signal 2 - using the force" container=c0147e337cee407e7ab9b133bd20667d287d6e2e121259c4794e4e090b12> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.893446715+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=0eecbecfcaa2639946f0ed4a61a36f6ef004453af793cab91a52a97724d> avril 12 06:46:35 prosper dockerd[1580]: time="2024-04-12T06:46:35.987621257+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=3493720ae2fc565fdc052a1d137590818d418d290f4418ec6911cac4704> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.186176914+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=5cee8cfa0e068dbda35e89bcaec19450b50a0903b13bd677f6a6cb61686> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.186467614+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.186476595+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.214354986+02:00" level=info msg="ignoring event" container=e6194d95ed1b95dddeaacab68f64a8e869c7a2489144198a84865d57f8970a3f module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.339111902+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=8f42101141cf634f3495ae850b368a4b00ce065fb9a401ab7e1450d532b> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.484546249+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=881fbf5034c7c0016b0715a8028e2c69788ddff218bc70fef98b30019d2> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.728059697+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=1bd974e7ccf8f77ed93b51aa9eb0bed07cd0e26db7201fecb33c5c6f827> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.753403840+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=d518bb77113596e96db39a6770fd9955ec29efacd907cdb02148708e921> avril 12 06:46:36 prosper dockerd[1580]: time="2024-04-12T06:46:36.787737744+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=c39c900cb5ccd9ae3d48be4f953389edcab7bf051b9d505e23a816a8627> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.235834609+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=13a3101e56e66f045318ad572a19b259a8cd3fbe7772b82f9262c15b727> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.331772840+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=a5ac3703480cbfd4455d4d0b373023f730da63a8792863e19bfda469ee4> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.411877163+02:00" level=warning msg="Health check for container e6194d95ed1b95dddeaacab68f64a8e869c7a2489144198a84865d57f8970a3f error: context canceled" avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.705699519+02:00" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:127.0.0.1:58293" dns-server="udp:127.0.0.1:53" error="read udp 127.0.0.> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.748247132+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=81b3413f7d2409fe1a8fd8e1cf7dce3a23a6f7a4dc7cc23c13e9f1ba84b> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.790571926+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=e6e82f5a61e3b412c93abdd7fcc1cf25560e7d8ae957313fd36429f3ed7> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.811976559+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=48d78ba0c55912bd57f72c6934940ad173261364d13483e630769b670d0> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.832092046+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=0c7717003531fe815060e60da13065abe8399782c750d526e7fba872f0e> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.965233556+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=73b5051331f81477c6358d74e889fedf50bf0c57696fdd8a735e5a20f3b> avril 12 06:46:37 prosper dockerd[1580]: time="2024-04-12T06:46:37.965447255+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=c73fda2593bbbeb66589373add0609f8a165eab6d3ef4f0fe9bc871b1ca> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.094152959+02:00" level=info msg="ignoring event" container=0eecbecfcaa2639946f0ed4a61a36f6ef004453af793cab91a52a97724d5225f module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.113626463+02:00" level=info msg="ignoring event" container=642a3c9a2c821727f30c5cf84aac52778c027083f61d571831a408a2a8c2c71f module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.113684911+02:00" level=info msg="ignoring event" container=e5311ad000d63615c2336db1d3630cde233495108029648289f3660ad2d6c33a module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.192923515+02:00" level=info msg="ignoring event" container=8f42101141cf634f3495ae850b368a4b00ce065fb9a401ab7e1450d532b917ba module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.212691218+02:00" level=info msg="ignoring event" container=7406c47622ecf7fb3f9e9ff6b7a8be2a3920342b4921b33a32b3df45123878f2 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.282823538+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=a8be522903b221bd8af2b6bf0533b56bc828863852d17fa604ed932d8cd> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.364351179+02:00" level=info msg="ignoring event" container=249922bad7603a6e00bbcb0528cb7b7774a321f23e9f81b9784cc5968b54ca54 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.433220060+02:00" level=info msg="ignoring event" container=0d9862444b4a7fce35df527f034e4f673aecf44a6551858056f9d8c7ce44dbd4 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.435651309+02:00" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:127.0.0.1:59049" dns-server="udp:127.0.0.1:53" error="read udp 127.0.0.> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.503015026+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=6c0fcacc03cef94239fadb71e55ded7b01d07ed075023966427072d480a> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.531879355+02:00" level=info msg="Container failed to exit within 10s of signal 28 - using the force" container=6290112ab909221f1d3eee48a09e49403c1f61b7e1675ab3e581649ea82> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.789853647+02:00" level=info msg="Container failed to exit within 10s of signal 28 - using the force" container=89d8e915dc9ab961502830d0f8086d1a4b709d726d69e6d26570463219a> avril 12 06:46:38 prosper dockerd[1580]: time="2024-04-12T06:46:38.928854916+02:00" level=info msg="ignoring event" container=5cee8cfa0e068dbda35e89bcaec19450b50a0903b13bd677f6a6cb6168675d21 module=libcontainerd namespace=moby topic=/tas> avril 12 06:46:39 prosper dockerd[1580]: time="2024-04-12T06:46:39.089539561+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=b52727b63c13631c15b7b22d400f2c913ae73a2f5b36b0f566bef0ba645> avril 12 06:46:39 prosper dockerd[1580]: time="2024-04-12T06:46:39.202791198+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=deda565519df8cd8705fff76564af4a084514fea41fe03ca1ab7e56f14b> avril 12 06:46:39 prosper dockerd[1580]: time="2024-04-12T06:46:39.290584165+02:00" level=error msg="Force shutdown daemon" avril 12 06:46:39 prosper dockerd[1580]: time="2024-04-12T06:46:39.567930258+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=c813f03c24c960653e28a9857a5d7f1fde677bcd3e226ed1585d41626a9> avril 12 06:46:39 prosper dockerd[1580]: time="2024-04-12T06:46:39.725804932+02:00" level=info msg="Daemon shutdown complete" avril 12 06:46:42 prosper systemd[1]: docker.service: Deactivated successfully. avril 12 06:46:42 prosper systemd[1]: docker.service: Unit process 15700 (docker-proxy) remains running after unit stopped. avril 12 06:46:42 prosper systemd[1]: docker.service: Unit process 15979 (docker-proxy) remains running after unit stopped. avril 12 06:46:42 prosper systemd[1]: docker.service: Unit process 18294 (docker-proxy) remains running after unit stopped. avril 12 06:46:42 prosper systemd[1]: Stopped docker.service - Docker Application Container Engine. avril 12 06:46:42 prosper systemd[1]: docker.service: Consumed 3h 16min 43.639s CPU time. avril 12 06:46:42 prosper systemd[1]: docker.service: Found left-over process 15700 (docker-proxy) in control group while starting unit. Ignoring. avril 12 06:46:42 prosper systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. avril 12 06:46:42 prosper systemd[1]: docker.service: Found left-over process 15979 (docker-proxy) in control group while starting unit. Ignoring. avril 12 06:46:42 prosper systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. avril 12 06:46:42 prosper systemd[1]: docker.service: Found left-over process 18294 (docker-proxy) in control group while starting unit. Ignoring. avril 12 06:46:42 prosper systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. avril 12 06:46:42 prosper systemd[1]: Starting docker.service - Docker Application Container Engine... avril 12 06:46:44 prosper dockerd[276530]: time="2024-04-12T06:46:44.366430751+02:00" level=info msg="Starting up" avril 12 06:46:45 prosper dockerd[276530]: time="2024-04-12T06:46:45.443488954+02:00" level=info msg="[graphdriver] using prior storage driver: overlay2" avril 12 06:46:57 prosper dockerd[276530]: time="2024-04-12T06:46:57.117503878+02:00" level=info msg="Loading containers: start." avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.071827546+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.074049075+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.077609642+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.077684622+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.082780007+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.084236865+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.088120145+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.088249509+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.168036186+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.168083531+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.169898516+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.171988424+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.172240688+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.172348881+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.173855919+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.176585486+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.178804059+02:00" level=info msg="ignoring event" container=781a3eac3f08d78ef285bc0231c00bd52005fe2257fd358f7c2b51af39266c42 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.180166037+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.185876045+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.270156961+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.270186688+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.281083861+02:00" level=info msg="ignoring event" container=89d8e915dc9ab961502830d0f8086d1a4b709d726d69e6d26570463219a620f1 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.282779586+02:00" level=info msg="ignoring event" container=6290112ab909221f1d3eee48a09e49403c1f61b7e1675ab3e581649ea829ad0f module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.298497572+02:00" level=info msg="ignoring event" container=b52727b63c13631c15b7b22d400f2c913ae73a2f5b36b0f566bef0ba645e7c0f module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.316205371+02:00" level=info msg="ignoring event" container=c73fda2593bbbeb66589373add0609f8a165eab6d3ef4f0fe9bc871b1ca315a7 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.316278998+02:00" level=info msg="ignoring event" container=3493720ae2fc565fdc052a1d137590818d418d290f4418ec6911cac4704eb7e8 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.341300109+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.341872295+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.370180971+02:00" level=info msg="ignoring event" container=6c0fcacc03cef94239fadb71e55ded7b01d07ed075023966427072d480ab42f7 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.382180381+02:00" level=info msg="ignoring event" container=c0147e337cee407e7ab9b133bd20667d287d6e2e121259c4794e4e090b123e11 module=libcontainerd namespace=moby topic=/t> avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.436201339+02:00" level=error msg="stream copy error: reading from a closed fifo" avril 12 06:46:58 prosper dockerd[276530]: time="2024-04-12T06:46:58.436352997+02:00" level=error msg="stream copy error: reading from a closed fifo"
I ssh'ed into the server and noticed that the pi-hole & dnsmasq containers were not running. I ran docker compose up -d in all projects, starting with the DNS one and it went back to normal.
My question is: how bad of an idea is this to run a DNS in docker and use it for the host and other containers? Maybe I just had back luck but I can't help thinking this setup creates some sort of circular dependency between the host, docker and the containers.
If anyone has experience with a similar setup, I'd be curious to hear their opinion on the issue I ran into.
Thanks!
Je ne connaissais pas Rethink, merci ! En plus elle est sur FDroid, trop bien. Ca ressemble à AdAway en effet. Y avait Blokada dans le temps, aussi.
Euh ben en tout mon téléphone n'est pas rooté donc je ne crois pas. Je suis sur Lineage avec mindthegapps. Au pire ça s'essaye et tu sauras vite.
En alternative, il y a AdAway, appli libre dispo sur FDroid qui ne nécessite pas d'accorder sa confiance à un service tiers fermé. Je l'utilise depuis des années et ça marche bien. Mon pi hole ne voit plus grand chose à bloquer depuis mes appareils Android.
Pour ceux que ça intéresse, je crois que le vélomobile présenté est un DFXL de la marque DF https://www.velomobileworld.com/product/df-dfxl/
Le reportage est assez pauvre en informations, alors je vais en rajouter quelques unes, sur la base des recherches que j'ai pu effectuer ces dix dernières années.
Il existe bien d'autres marques et modèles de vélomobiles, certains orienté sport et vitesse (ex : le Quest, d'autres confort ou praticité pour les déplacements quotidiens. Les modèles sont souvent disponibles avec ou sans assistance électrique. Les coques sont le plus souvent en fibre de verre ou en carbone, le premier étant moins cher et plus facile à réparer et le second un peu moins lourd. Certains sont ouverts au niveau de la tête, comme le DFXL sur la vidéo. D'autres ont une casquette rigide, souvent amovible pour une protection parfaite contre les intempéries, comme le Waw.
Certains ont une suspension pour le confort (souvent optionnelle, étant donné le poids et le prix qui vont avec).
Tout est affaire de compromis entre le poids, le prix, la performance, le confort et la facilité de manoeuvre. Le rayon de braquage est notamment un point à considérer, certains comme le Quest ayant (de mémoire) un rayon de 12m ! Cela peut être handicapant en ville.
En ce qui me concerne, mon préféré est le Waw de la marque Katanga en République Tchèque : https://www.katanga.eu/waw/, dont David Massot, un français passionné a fait plusieurs vidéos de présentation comme celle-ci David a aussi réalisé un voyage de 1500 km entre les locaux de Katanga et Avignon, visible ici
En France, il y a un revendeur spécialisé très connu dans le milieu : les cycles JV Fenioux basés à Chasnais en Vendée, autrefois au Mans. Ils organisent des séances d'essai de temps en temps. Et ils sont aussi fabricants de deux modèles plutôt soignés : le Le Mans et le Mulsanne
Le risque est d'avoir une surintensité sur ton périphérique à 1000€, pour économiser sur un câble à 10€.
J'ai pas compris ce que tu voulais dire ici. Un câble ne peut pas causer une surintensité sur l'appareil qu'il alimente. En revanche, un câble de mauvaise qualité aura une impédance trop importante, ce qui causera une chute de tension telle que l'appareil n'aura pas la tension nécessaire et ne démarrera pas ou ne fonctionnera pas bien.
Un câble ne peut que limiter l'intensité du circuit, il ne peut pas l'augmenter. Ce n'est pas un composant actif comme peut l'être un générateur.
J'ai essayé de lire le post de Leung mais il a été supprimé on dirait.
If you can read French, this article gives a great counterpoint on the situation https://contre-attaque.net/2023/09/15/niger-un-diplomate-francais-otage-de-macron/ Macron might very well be up to escalating the situation to the point he can engage Niger militarily.
I know for a fact that the FP2 is quite thick and bulky and often gives a bad first impression to people from an aesthetics point of view. Personally, that has never been an issue for me but that's a matter of taste.
Anyway, I believe that anyone buying a Fairphone should do it for a reason and not like they would buy another a regular product. I wrote in this other thread (in French, unfortunately) that buying a Fairphone is like buying a compromise between fairness, repairability, environment concerns, aesthetics and technical performances. There have always been loads of reasons for people to complain about Fairphones. Either they are ugly & too massive or outdated or expensive, the list goes on. While those complaints can be true, one has to keep in mind that improving on one aspect (making a thiner phone, for example) has direct consequences on the others (like, a thiner phone is probably more difficult to be made modular, so either more pricey or less reliable). Someone replied that rather than being a purchase of a tradeoff, it is a purchase of another type of innovation. Instead of being technical innovation, it is social and environmental innovation. I kind of like that way of approaching it as well.
Also, I pointed out that there is no doubt that giants in the smartphone business would make fantastic ethical and repairable phones if they ever wanted to. Only they would have the ability to propose a series of models which would fulfill anyone's needs. But hey, they don't seem to care, do they? In the meantime, I am willing to support the only tiny actor in the field that is striving to at least try with their unique model.
I have had a FP2 for 6,5 years and I'm pretty happy with it. It is still mostly functional but I'm having issues with the bottom mic. As I don't make phone calls so often, it is not too big of a deal for me to use my bluetooth headphones when I do. But I know that getting spare parts for FP2 has become very difficult now so if the USB plug breaks down it will probably be game over this time.
Anyway, I repaired it a few times, either with new replacement parts I bought from the fairphone shop or ones I traded on the community forum. Bottom module, screen and even mother board.
I have had a premium experience with their tech support, also. When I purchased another used FP2 on the community forum for a family relative, it happened to arrive with a broken bottom module. Mic was not working. As this part was already sold out at that time and I could not find any on the aftermarket forum, I reached out to fairphone to kindly ask if they would agree to sell me one, as they were claiming to keep a few of them in store to fulfill their legal requirements in terms of warranty and stuff (not sure any FP2 was still covered by a warranty at that time but this was what was stated on their shop). To my biggest surprise, after reading my begging, they offered to send me a refurbished module free of charge. And when I asked if I could buy a battery at the same time to avoid having a separate parcel to be shipped for that, they just slipped a free battery along with the bottom module. Free of charge. I had never had such an amazing experience with any customer service before.
I'm running LineageOS and I'm happy with it. In terms of software updates, Fairphone went beyond their initial promise and it has been only recently that they dropped support for FP2.
When my FP2 dies, I'll consider buying a FP5 and I'm happy to have this option. But for now, I'm just hoping it can last for another few months!
According to the error, core.entity_registry is corrupt. Is there any hint as to what line is causing the error? Can you try to paste the JSON in an online linter?