Bug: Panic when using DNS_KEEP_NAMESERVER #2840
Description
Is this urgent?
No
Host OS
Ubuntu Noble
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)
What's the problem 🤔
Shutting down the container causes a Go panic:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x9fd6e8]
goroutine 79 [running]:
github.com/qdm12/dns/v2/pkg/server.(*Server).Stop(0x0)
github.com/qdm12/dns/[email protected]/pkg/server/server.go:149 +0x48
github.com/qdm12/gluetun/internal/dns.(*Loop).stopServer(0xc000426870)
github.com/qdm12/gluetun/internal/dns/run.go:102 +0x1f
github.com/qdm12/gluetun/internal/dns.(*Loop).runWait(0xc000426870, {0x1482778, 0xc0002679a0}, 0x0)
github.com/qdm12/gluetun/internal/dns/run.go:77 +0x157
github.com/qdm12/gluetun/internal/dns.(*Loop).Run(0xc000426870, {0x1482778, 0xc0002679a0}, 0x0?)
github.com/qdm12/gluetun/internal/dns/run.go:66 +0x3c7
created by main._main in goroutine 22
./main.go:399 +0x274b
Share your logs (at least 10 lines)
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)
🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2025-07-03T14:15:44-04:00 INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.32 and family v4
2025-07-03T14:15:44-04:00 INFO [routing] default route found: interface eth0, gateway fd89:8827:8499::1, assigned IP fd89:8827:8499::20 and family v6
2025-07-03T14:15:44-04:00 INFO [routing] local ethernet link found: eth0
2025-07-03T14:15:44-04:00 INFO [routing] local ipnet found: 10.1.0.0/16
2025-07-03T14:15:44-04:00 INFO [routing] local ipnet found: fd89:8827:8499::/64
2025-07-03T14:15:44-04:00 INFO [routing] local ipnet found: fe80::/64
2025-07-03T14:15:44-04:00 INFO [firewall] enabling...
2025-07-03T14:15:44-04:00 INFO [firewall] enabled successfully
2025-07-03T14:15:45-04:00 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
2025-07-03T14:15:45-04:00 INFO Alpine version: 3.20.5
2025-07-03T14:15:45-04:00 INFO OpenVPN 2.5 version: 2.5.10
2025-07-03T14:15:45-04:00 INFO OpenVPN 2.6 version: 2.6.11
2025-07-03T14:15:45-04:00 INFO IPtables version: v1.8.10
2025-07-03T14:15:45-04:00 INFO Settings summary:
├── VPN settings:
| ├── VPN provider settings:
| | ├── Name: protonvpn
| | ├── Server selection settings:
| | | ├── VPN type: wireguard
| | | ├── Countries: united states
| | | ├── Cities: new york
| | | ├── Port forwarding only servers: yes
| | | └── Wireguard selection settings:
| | └── Automatic port forwarding settings:
| | ├── Redirection listening port: disabled
| | ├── Use port forwarding code for current provider
| | ├── Forwarded port file path: /tmp/gluetun/forwarded_port
| | └── Forwarded port up command: /bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORTS}}}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1'
| └── Wireguard settings:
| ├── Private key: qCj...kA=
| ├── Interface addresses:
| | └── 10.2.0.2/32
| ├── Allowed IPs:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── Network interface: tun0
| └── MTU: 1320
├── DNS settings:
| └── Keep existing nameserver(s): yes
├── Firewall settings:
| └── Enabled: yes
├── Log settings:
| └── Log level: info
├── Health settings:
| ├── Server listening address: 127.0.0.1:9999
| ├── Target address: cloudflare.com:443
| ├── Duration to wait after success: 5s
| ├── Read header timeout: 100ms
| ├── Read timeout: 500ms
| └── VPN wait durations:
| ├── Initial duration: 6s
| └── Additional duration: 5s
├── Shadowsocks server settings:
| └── Enabled: no
├── HTTP proxy settings:
| └── Enabled: no
├── Control server settings:
| ├── Listening address: :8000
| ├── Logging: yes
| └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
| └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
| ├── Process UID: 1000
| ├── Process GID: 1000
| └── Timezone: america/new_york
├── Public IP settings:
| ├── IP file path: /tmp/gluetun/ip
| ├── Public IP data base API: ipinfo
| └── Public IP data backup APIs:
| ├── ifconfigco
| ├── ip2location
| └── cloudflare
└── Version settings:
└── Enabled: yes
2025-07-03T14:15:45-04:00 INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.32 and family v4
2025-07-03T14:15:45-04:00 INFO [routing] default route found: interface eth0, gateway fd89:8827:8499::1, assigned IP fd89:8827:8499::20 and family v6
2025-07-03T14:15:45-04:00 INFO [routing] adding route for 0.0.0.0/0
2025-07-03T14:15:45-04:00 INFO [routing] adding route for ::/0
2025-07-03T14:15:45-04:00 INFO [firewall] setting allowed subnets...
2025-07-03T14:15:45-04:00 INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.32 and family v4
2025-07-03T14:15:45-04:00 INFO [routing] default route found: interface eth0, gateway fd89:8827:8499::1, assigned IP fd89:8827:8499::20 and family v6
2025-07-03T14:15:45-04:00 WARN [dns] ⚠️⚠️⚠️ keeping the default container nameservers, this will likely leak DNS traffic outside the VPN and go through your container network DNS outside the VPN tunnel!
2025-07-03T14:15:45-04:00 INFO [http server] http server listening on [::]:8000
2025-07-03T14:15:45-04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2025-07-03T14:15:45-04:00 INFO [firewall] allowing VPN connection...
2025-07-03T14:15:45-04:00 INFO [wireguard] Using available kernelspace implementation
2025-07-03T14:15:45-04:00 INFO [wireguard] Connecting to 217.138.198.246:51820
2025-07-03T14:15:45-04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-07-03T14:15:50-04:00 INFO [healthcheck] healthy!
2025-07-03T14:16:14-04:00 WARN Caught OS signal terminated, shutting down
2025-07-03T14:16:14-04:00 INFO dns ticker: terminated ✔️
2025-07-03T14:16:14-04:00 INFO updater ticker: terminated ✔️
2025-07-03T14:16:14-04:00 INFO http server: terminated ✔️
2025-07-03T14:16:14-04:00 INFO control: terminated ✔️
2025-07-03T14:16:14-04:00 INFO updater: terminated ✔️
2025-07-03T14:16:14-04:00 INFO tickers: terminated ✔️
2025-07-03T14:16:14-04:00 INFO HTTP health server: terminated ✔️
2025-07-03T14:16:14-04:00 ERROR [vpn] getting public IP address information: context canceled
2025-07-03T14:16:14-04:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2025-07-03T14:16:14-04:00 ERROR [vpn] context canceled
2025-07-03T14:16:14-04:00 INFO vpn: terminated ✔️
2025-07-03T14:16:14-04:00 INFO shadowsocks proxy: terminated ✔️
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x9fd6e8]
goroutine 79 [running]:
github.com/qdm12/dns/v2/pkg/server.(*Server).Stop(0x0)
github.com/qdm12/dns/[email protected]/pkg/server/server.go:149 +0x48
github.com/qdm12/gluetun/internal/dns.(*Loop).stopServer(0xc000426870)
github.com/qdm12/gluetun/internal/dns/run.go:102 +0x1f
github.com/qdm12/gluetun/internal/dns.(*Loop).runWait(0xc000426870, {0x1482778, 0xc0002679a0}, 0x0)
github.com/qdm12/gluetun/internal/dns/run.go:77 +0x157
github.com/qdm12/gluetun/internal/dns.(*Loop).Run(0xc000426870, {0x1482778, 0xc0002679a0}, 0x0?)
github.com/qdm12/gluetun/internal/dns/run.go:66 +0x3c7
created by main._main in goroutine 22
./main.go:399 +0x274b
Share your configuration
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_SERVICE_PROVIDER=protonvpn
- VPN_TYPE=wireguard
- SERVER_COUNTRIES="United States"
- SERVER_CITIES="New York"
- DNS_KEEP_NAMESERVER=on
- PORT_FORWARD_ONLY=true
- TZ=America/New_York
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORTS}}}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1'