IPv4 only container are resolved with an IPv6 address on an IPv6 enabled network #47055
Description
Description
Hi there, there's something I don't fully understand about docker networking and ipv6.
I have a dual-stack network where some containers are v4+v6 and some are v4 only.
I can see that when a dual-stack container revolves an ipv4-only, it gets ans ipv4 AND an ipv6 address from the resolver.
Looking at the interface in the ipv4-only container, I don't see any ipv6 address, so I don't understand how the resolver can get an ipv6 address for it, especially if specified as ipv6-disabled.
Please find below the reproduction steps.
I'm probably missing something...
Thanks.
Reproduce
# create dual stack network
docker network create \
--subnet 192.168.123.0/24 --gateway 192.168.123.1 --ip-range 192.168.123.128/26 \
--subnet="fde0:725c:19d8:9704::/64" --gateway="fde0:725c:19d8:9704::1" --ipv6 \
test-dual-stack-network
# start and ipv4-only and a dual-stack container
docker run -d --network test-dual-stack-network --name dual-stack node:19-alpine tail -f /dev/null
docker run -d --network test-dual-stack-network --name ipv4-only --sysctl net.ipv6.conf.all.disable_ipv6=1 node:19-alpine tail -f /dev/null
# check that dual-stack container has ipv4 + ipv6
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
136: eth0@if137: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 state UP
inet6 fde0:725c:19d8:9704::2/64 scope global flags 02
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:7b80/64 scope link
valid_lft forever preferred_lft forever
# check that ipv4-only container has no ipv6
$ docker exec -ti ipv4-only ip -6 addr
(no output)
# resolve ipv4-only from dual-stack
$ docker exec -ti dual-stack nslookup ipv4-only
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
Name: ipv4-only
Address: 192.168.123.129
Non-authoritative answer:
Name: ipv4-only
Address: fde0:725c:19d8:9704::3
Expected behavior
docker exec -ti dual-stack nslookup ipv4-only to return only ipv4.
docker version
Client:
Cloud integration: v1.0.35-desktop+001
Version: 24.0.5
API version: 1.43
Go version: go1.20.6
Git commit: ced0996
Built: Fri Jul 21 20:32:30 2023
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.22.0 (117440)
Engine:
Version: 24.0.5
API version: 1.43 (minimum version 1.12)
Go version: go1.20.6
Git commit: a61e2b4
Built: Fri Jul 21 20:35:38 2023
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.21
GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc:
Version: 1.1.7
GitCommit: v1.1.7-0-g860f061
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client:
Version: 24.0.5
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2-desktop.1
Path: /Users/tomav/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.2-desktop.1
Path: /Users/tomav/.docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/tomav/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: /Users/tomav/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.6
Path: /Users/tomav/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/tomav/.docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /Users/tomav/.docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.20.0
Path: /Users/tomav/.docker/cli-plugins/docker-scout
Server:
Containers: 67
Running: 4
Paused: 0
Stopped: 63
Images: 28
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 7.668GiB
Name: docker-desktop
ID: 7fbae3e1-bac7-4317-85cb-9e58ca837f7f
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profileAdditional Info
$ docker inspect ipv4-only
[
{
"Id": "24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5",
"Created": "2024-01-10T15:06:21.784037625Z",
"Path": "docker-entrypoint.sh",
"Args": [
"tail",
"-f",
"/dev/null"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 34415,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-01-10T15:06:21.972918417Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:309fc9aaf0d7d138831483c33eae396be3e1b5bd83ac1e57e1b124f9300df1fc",
"ResolvConfPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/hostname",
"HostsPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/hosts",
"LogPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5-json.log",
"Name": "/ipv4-only",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "test-dual-stack-network",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
46,
187
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Sysctls": {
"net.ipv6.conf.all.disable_ipv6": "1"
},
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69-init/diff:/var/lib/docker/overlay2/551179578b1a8cc7cb5ef2d33912fbea4835946b83b14ef41d2bda84142ef175/diff:/var/lib/docker/overlay2/10a77529225f16c055942f8f3b7ad886e78d609f863db0adb7c0f2401d53b060/diff:/var/lib/docker/overlay2/3576624d09a3c441806ddb645291a31f9369d89815ffecde48d08dc1ba74d0ec/diff:/var/lib/docker/overlay2/382768c536559fb944f7131debd4748554762e32ac25fb6eebde1ae775dade8e/diff",
"MergedDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/merged",
"UpperDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/diff",
"WorkDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "24ce3d7b171d",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NODE_VERSION=19.7.0",
"YARN_VERSION=1.22.19"
],
"Cmd": [
"tail",
"-f",
"/dev/null"
],
"Image": "node:19-alpine",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "bbd1bed273e5a723dbd70bfc00de376bb5d2a5c1ed32993b2a8376eb89f38cec",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/bbd1bed273e5",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"test-dual-stack-network": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"24ce3d7b171d"
],
"NetworkID": "3529611cf1da65a490712c4866cee7ec16058e39362d2a1fcfe0320d7e7f10fc",
"EndpointID": "8865c25be193ce7e06e27284fa1f145afc798152add0f6817bf19d13259ccd3d",
"Gateway": "192.168.123.1",
"IPAddress": "192.168.123.129",
"IPPrefixLen": 24,
"IPv6Gateway": "fde0:725c:19d8:9704::1",
"GlobalIPv6Address": "fde0:725c:19d8:9704::3",
"GlobalIPv6PrefixLen": 64,
"MacAddress": "02:42:c0:a8:7b:81",
"DriverOpts": null
}
}
}
}
]