Using dnsmasq's filter-AAAA config, we simply filter out any ipv6
addresses for runners. This is helpful because docker has a poor IPv6
support. The internal dns server of docker that is responsible from
sending requests upstream and returning information fails to properly
handle ipv6 addresses. Looking into some of the failures in detail, we
realized that whenever dnsmasq returns an IPv6 address, we observe a
SERVFAIL package from the internal dns server of docker. Here is an
example package;
{
"_path": "dns",
"ts": "2024-11-15T14:53:39.612371Z",
"uid": "C6TGh23NBSGqa7ECu9",
"id": {
"orig_h": "127.0.0.1",
"orig_p": 54643,
"resp_h": "127.0.0.11",
"resp_p": 53
},
"proto": "udp",
"trans_id": 2448,
"rtt": null,
"query": null,
"qclass": null,
"qclass_name": null,
"qtype": null,
"qtype_name": null,
"rcode": 2,
"rcode_name": "SERVFAIL",
"AA": false,
"TC": false,
"RD": false,
"RA": false,
"Z": 0,
"answers": null,
"TTLs": null,
"rejected": true
}
The address 127.0.0.11 belongs to docker's internal dns service. This
happens just after the dnsmasq resolved one of the crates.io sub
hostnames to "2a04:4e42:8e::649". Testing things further, I have seen
that simply filtering out ipv6 addresses, we can resolve the issue.
1c3c014dda