Skip to content

dns resolution problems in NC33 (worked fine in NC32) #2537

New issue
New issue
Open
Open
dns resolution problems in NC33 (worked fine in NC32)#2537
Labels
0. Needs triagebug
@r2evans

Description

@r2evans
r2evans
opened on Mar 1, 2026

I have a docker compose stack that has been working fine up through NC32. When I updated to NC33, DNS resolution is not working as expected.

I have multiple NC installations, they all use basically the same docker-compose.yml structure, and they all use traefik in front of nextcloud.

For both (mycompany1 and myother2), I demonstrate that the /etc/resolv.conf files use the same nameservers, and that busybox nslookup <ownhostname> works in traefik. For one box running NC32, nslookup within nextcloud works; for the other box running NC33, nslookup within nextcloud does not work directly, but when I explicitly call it against my network's IP address, it finds it without delay or problem, confirming that it is not a network problem so much as a DNS lookup problem.

Box 1: ubuntu 24.04, docker-29.2.1, traefik-3.6, nextcloud-32.0.5

This looks normal. Because it's in a different network, I show that it sees both itself (mycompany1) and the problematic nextcloud instance (myother2). I check this in both traefik and nextcloud for completeness.

Box 1, traefik container, dns is fine 
root@host # docker compose exec traefik sh

root@traefik # cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [host(10.11.12.13)]
# Overrides: []
# Option ndots from: internal

root@traefik # busybox nslookup oc.mycompany1.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   oc.mycompany1.com
Address: 10.11.12.13

Non-authoritative answer:

root@traefik # busybox nslookup oc.myother2.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   oc.myother2.com
Address: 22.33.44.55
Box 1, nextcloud container, dns is fine 
root@host # docker compose exec nextcloud sh

root@nc # cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 127.0.0.11
options ndots:0

# Based on host file: '/etc/resolv.conf' (internal resolver)
# ExtServers: [host(10.11.12.13)]
# Overrides: []
# Option ndots from: internal
# busybox nslookup oc.mycompany1.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   oc.mycompany1.com
Address: 10.11.12.13

Non-authoritative answer:

root@nc # busybox nslookup oc.myother2.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:   oc.myother2.com
Address: 22.33.44.55

Box 2: synology 7.2.2, docker-24.0.2, traefik-3.6, nextcloud-33.0.0

Because traefik sees the "own hostname" fine, the change is not necessarily docker or docker compose, it is the same docker-compose.yml file. The same host with the same yml file and configuration worked in NC32 and now does not work after updating to NC33.

Box 2, traefik container, dns is fine 
root@nas # docker compose exec traefik sh

root@traefik # cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

root@traefik # busybox nslookup oc.myother2.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   oc.myother2.com
Address: 22.33.44.55

Non-authoritative answer:
Box 2, nextcloud container, dns behavior is different 
root@nas # docker compose exec nextcloud sh

root@nc # cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

root@nc # busybox nslookup oc.myother2.com
Server:         127.0.0.11
Address:        127.0.0.11:53

** server can't find oc.myother2.com: SERVFAIL

** server can't find oc.myother2.com: SERVFAIL

root@nc # busybox nslookup oc.myother2.com 192.168.1.1
Server:         192.168.1.1
Address:        192.168.1.1:53

Non-authoritative answer:
Name:   oc.myother2.com
Address: 22.33.44.55
`docker-compose.yml` 
services:

  traefik:
    image: traefik:3.6
    container_name: "traefik"
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.swarm.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=true"
      - "--providers.file.directory=/config/"
      - "--providers.file.watch=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--entrypoints.websecure.forwardedheaders.trustedips=172.16.0.0/12"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--accesslog=false"
      - "--accesslog.format=json"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=me@myother2.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - "8081:8080" # webui
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - "/volume1/docker/stack1/assets/traefik_traefik.yaml:/etc/traefik/traefik.yaml"
      - "./letsencrypt:/letsencrypt"

nextcloud:
    image: nextcloud:33.0.0-apache
    restart: unless-stopped
    depends_on:
      - postgres
      - traefik
      - redis
    dns:
      -.8.8.8.8
      - 8.8.4.4
    environment:
      - OVERWRITEHOST=oc.myother2.com
      - OVERWRITEWEBROOT=/oc
      - OVERWRITEPROTOCOL=https
      - REDIS_HOST=redis
      - PHP_UPLOAD_LIMIT=16G
      - PHP_MEMORY_LIMIT=16G
      - POST_MAX_SIZE=16G
      - MAX_INPUT_TIME=3600
      - MAX_EXECUTION_TIME=3600
    volumes:
      - /volume1/docker/stack1/nc/config:/var/www/html/config
      - /volume1/docker/stack1/nc/custom_apps:/var/www/html/custom_apps
      - /volume1/cloud/:/data/
      # this has "ServerName oc.myother2.com"
      - /volume1/docker/stack1/nc/servername.conf:/etc/apache2/conf-enabled/servername.conf
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.rule=Host(`oc.myother2.com`) && PathPrefix(`/oc`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.middlewares.nextcloud-headers.headers.stsseconds=315360000"
      - "traefik.http.middlewares.nextcloud-headers.headers.referrerpolicy=same-origin"
      - "traefik.http.middlewares.nextcloud-wellknowns.redirectregex.regex=https://oc.myother2.com/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-wellknowns.redirectregex.replacement=https://oc.myother2.com/oc/remote.php/dav"
      - "traefik.http.middlewares.nextcloud-wellknowns.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-stripprefix.stripprefix.prefixes=/oc"
      - "traefik.http.middlewares.nextcloud-secured.chain.middlewares=nextcloud-headers,nextcloud-stripprefix,nextcloud-wellknowns"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-secured"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver" #ssl#

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagebug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions