Synology DSM - "latest" unbound container stop-restart-loop

[master-kw]

Describe the bug
(I returned from holiday. Before, everything was fine with identical configuration, nothing has been changed).

Internet conncection wasn't working, unbound container was down. Manual restart stopped after seconds.

(After a long cause research) Installed Synology Container Manager from the scratch and only installed mvance/unbound "latest" container, nothing else. Same behavior as described before.

Choosed v1.18.0 (=latest) instead, everything's fine.

To Reproduce
Steps to reproduce the behavior:

1. Synology DSM 7.2.1-69057
2. Synology Container Manager 20.10.23-1437
3. unbound 1.18.0
4. there's no data in /volume1/docker/unbound

Error messages

Regards,
Oliver

[hdau54]

After installing unbound latest (1.18.0) the synology container doesn’t work (status: exited). I reinstalled unbound 1.17.1 and everything works fine. What could be the problem?

Kind regards,
Harald

[master-kw]

Hi Harald,

Only if I take the version marked as "latest", the container crashes. With 1.18.0 and 1.17.1 I 'only' have that log entries.

I'm not sure if it's possibly related to DSM's Container Manager, which still uses Docker Engine 20.10.23.

Oliver

[MatthewVance]

The differences between 1.18.0 and latest are the changes between 60f9d11 and 84088be. The big differences are latest uses Debian Bookworm as the base, OpenSSL 3.1.3 (instead of 3.1.2), and sets the following in the default config:

• ede: yes
• ede-serve-expired: yes
• harden-unknown-additional: yes
• sock-queue-timeout: 3

I'm not seeing any issues with the default config running on Ubuntu 22.04.3. I don't have a Synology to test on. While it doesn't make sense, my suspicion is Synology isn't getting along with the update to Debian Bookworm. Out of curiosity, does another image based on Debian Bookworm work without issue?

[hdau54]

Hi Matthew,

I think there are a lot of people who have a Synology and use unbound in the Docker container. Do you intend to go back to Debian Bullseye instead of Debian Bookworm as the base?

Regards
Harald

[master-kw]

AdGuard Home (incl. DNS server) + unbound…perfect combination! 😉

Oliver

[MatthewVance]

@hdau54 I do not intend to go back. That's not been confirmed as the issue. If it is, it would be better if Synology updated their system to support Debian Bookworm based containers. Staying on old versions will eventually create security issues.

[MatthewVance]

I forgot to mention. I plan to keep 1.18.0 on Debian 11. The plan is only latest and future Unbound releases will use Debian 12 or newer.

[jicho]

Hi,

When I update the image/container on my Synology NAS I have the same log entries as the initial issue, created/installed before the launch of Synology Container Manager.

The log lines are the same when I start a new container without any extra configuration settings (did it just for testing), this is done in the Synology Container Manager.

But for some reason (in both scenario's) the container isn't starting and stopping at my side.

@hdau54 maybe your problem can be solved when you use Portainer? Or... delete all images and containers (in case you didn't do that already)

Regarding the error/warnings, when I update my PostgreSQL image to the latest 15.x version (also Bookworm) I have no warnings and/or errors. This is the Postgres version info of running container:

root@postgres:/# cat /etc/os-release                                             
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"                                     
NAME="Debian GNU/Linux"                                                          
VERSION_ID="12"                                                                  
VERSION="12 (bookworm)"                                                          
VERSION_CODENAME=bookworm                                                        
ID=debian                                                                        
HOME_URL="https://www.debian.org/"                                               
SUPPORT_URL="https://www.debian.org/support"                                     
BUG_REPORT_URL="https://bugs.debian.org/"   

After typing this reaction everything is so far so good regarding the Bookworm images of unbound and Postgres 🤞

[hdau54]

I’ve tested again installing „unbound:latest“ with the same configuration like master-kw plus „portainer“ in the latest version. The effect „stop-restart-loop“ is unfortunately like the initial issue. I‘ve no idea anymore what to do. Deleting all existing images and containers is certainly no option for me, because everything else works fine.

[master-kw]

I think Synology is on the hook at this point. What reassures me personally is that my NAS only works on the LAN and has no external access.

But I still don't like error messages.... ;-)

[hdau54]

@MatthewVance
Hi Matthew,
I need your support because I'm stuck with the problem. I deleted the unbound container on my Synology and set everything up again (version 1.19.0). Unfortunately everything runs into a “stop-restart-loop”. Unfortunately I can't do anything with the error message in the log.

Fatal glibc error: cannot get entropy for arc4random
[1701388678] unbound[1:0] warning: unbound is already running as pid 1.

Everything runs smoothly up to version 1.18.0. I really hope you can help.

Harald

[master-kw]

@hdau54: as Matthew wrote above, Synology‘s DSM stucks on a Debian 11 level (or comparable) and 1.19.0 only works with Debian 12. This is where Synology has a duty. I‘ve fixed unbound version 1.18.0 on my DS (DSM 7.2.1-69057 U3).

Oliver

[nillebor]

Same problem: #147 (comment)
unbound: latest works without problems on older DiskStation from Synology.
Mount the files correctly and you have no problems either.