images
images copied to clipboard
weserv
The hostname of the origin is unresolvable (DNS) or blocked by policy
I have deployed it according to Docker installation instructions
then: CentOS 7 docker exec -it weserv /bin/bash #into the docker
then: vi /etc/nginx/imagesweserv.conf
modify resolver 8.8.8.8; to: resolver 8.8.8.8 valid=5 ipv6=off; or resolver 127.0.0.11;
:wq
then: nginx -s reload
in any case, it's failed and return the result as following: {"status":"error","code":404,"message":"The hostname of the origin is unresolvable (DNS) or blocked by policy."}
and my test url, it's using cloudflare cdn to connect my centos server: https://img.zuixinhanman.com/?w=470&h=250&fit=cover&url=https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
Hi @guozili2,
What's the output of running:
# Check the DNS settings (ought to be inherited from the host when Docker's default bridge network is used)
$ cat /etc/resolv.conf | grep nameserver
# Install bind-utils for nslookup
$ dnf install -y bind-utils
# Try to resolve using the default DNS server(s) (specified in /etc/resolv.conf)
$ nslookup google.com
# ... and with Google's open DNS server
$ nslookup google.com 8.8.8.8
# ... and with Docker's embedded DNS server (when using a user-defined bridge)
$ nslookup google.com 127.0.0.11
within the container?
hello @kleisauke how are you?
im running on AWS and facing the same problems, what the output of your commands should be? so i can compare with my machine.
@fellipeamedeiros It depends on the current environment and OCI-compliant container runtime. For example, with Podman, I see:
$ podman run --rm -it --dns 1.1.1.1 --entrypoint bash ghcr.io/weserv/images:5.x
$ cat /etc/resolv.conf | grep nameserver
nameserver 1.1.1.1
$ dnf install -y bind-utils
$ nslookup google.com
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.39.110
Name: google.com
Address: 2a00:1450:400e:810::200e
$ nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 142.250.179.142
Name: google.com
Address: 2a00:1450:400e:80d::200e
$ exit
So resolving google.com works both with CloudFlare's and Google's open DNS server. Docker's embedded DNS server should only be used if you use host networking (the --network host CLI argument).
By default we use Google's open DNS server, but this can be changed in /etc/nginx/imagesweserv.conf inside the pre-built Docker image.
https://github.com/weserv/images/blob/6dcca50caea32dfbb71336980a7826b483b80229/ngx_conf/imagesweserv.conf#L55
See https://github.com/weserv/images/issues/206#issuecomment-567015037 if looking up IPv6 addresses is not desired. However, this is not always recommended, since there are a numerous hosts that only support IPv6 and/or provide broken IPv4 fallbacks.
@kleisauke i have the result below
nslookup google.com Server: 172.31.0.2 Address: 172.31.0.2#53
Non-authoritative answer: Name: google.com Address: 142.251.163.102 Name: google.com Address: 142.251.163.113 Name: google.com Address: 142.251.163.138 Name: google.com Address: 142.251.163.139 Name: google.com Address: 142.251.163.100 Name: google.com Address: 142.251.163.101 Name: google.com Address: 2607:f8b0:4004:c17::65 Name: google.com Address: 2607:f8b0:4004:c17::8a Name: google.com Address: 2607:f8b0:4004:c17::8b Name: google.com Address: 2607:f8b0:4004:c17::64
@kleisauke and we need any specif ports? today i only have port 80/433 on outbound rules
@fellipeamedeiros Does nslookup google.com 8.8.8.8 work? Please open a new issue if it does not. You may also want to add a outbound rule for UDP port 53 to transmit DNS queries.
I hope this information helped. Please feel free to re-open if questions remain.