Cannot connect to download.docker.com

This topic has 2 replies, 2 voices, and was last updated 3 weeks ago by Pete Stenger.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
March 10, 2025 at 2:41 am #8350
Pete Stenger
Participant
I am having trouble connecting to docker servers (get.docker.com and download.docker.com), is there some misconfiguration I have made? I haven’t touched the networking configuration to my knowledge.

Here is a trace showing how I can’t connect:

ubuntu@wgclient:~$ dig https://get.docker.com
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> https://get.docker.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;https://get.docker.com. IN A ;; AUTHORITY SECTION: docker.com. 900 IN SOA ns-207.awsdns-25.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 64 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Mon Mar 10 06:27:20 UTC 2025 ;; MSG SIZE rcvd: 129
ubuntu@wgclient:~$ curl https://get.docker.com curl: (7) Failed to connect to get.docker.com port 443 after 22635 ms: Network is unreachable ubuntu@wgclient:~$ traceroute get.docker.com traceroute to d3cxuo8f8w64ms.cloudfront.net (108.157.150.23), 64 hops max

However, I can connect to http://www.docker.com:

ubuntu@wgclient:~$ ping get.docker.com PING get.docker.com(2600:9000:24f9:c000:10:a463:3d00:93a1 (2600:9000:24f9:c000:10:a463:3d00:93a1)) 56 data bytes From 2610:1e0:1700:201::1 icmp_seq=1 Destination unreachable: No route From 2610:1e0:1700:201::1 icmp_seq=2 Destination unreachable: No route From 2610:1e0:1700:201::1 icmp_seq=3 Destination unreachable: No route From 2610:1e0:1700:201::1 icmp_seq=4 Destination unreachable: No route From 2610:1e0:1700:201::1 icmp_seq=5 Destination unreachable: No route ^C --- get.docker.com ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4003ms
ubuntu@wgclient:~$ ping www.docker.com PING www.docker.com(2620:12a:8000::4 (2620:12a:8000::4)) 56 data bytes 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=1 ttl=55 time=8.78 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=2 ttl=55 time=8.78 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=3 ttl=55 time=8.84 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=4 ttl=55 time=8.85 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=5 ttl=55 time=8.81 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=6 ttl=55 time=8.81 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=7 ttl=55 time=9.00 ms 64 bytes from 2620:12a:8000::4 (2620:12a:8000::4): icmp_seq=8 ttl=55 time=8.80 ms ^C --- www.docker.com ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 7011ms rtt min/avg/max/mdev = 8.778/8.834/8.996/0.065 ms

Here is my setup script:

sudo apt-get update ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N "" sudo apt-get install -y ansible wireguard ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc
cat << EOF >> ~/.ssh/config Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/null EOF

I get a failure on the gpg key line, even though I can do many other actions that require an internet connection.

Slice id: 4d16e35c-91c2-4c1d-9cf6-a6d231e754d8
Node id: 8040a51b-dbda-403e-a966-cb3c232075f0

Any help would be appreciated!
March 10, 2025 at 9:21 am #8351
Mert Cevik
Moderator
This problem is caused by some issues within the hosting site’s and/or its upstream provider’s IPv6 routing, specific for the EDUKY node. Work is in progress to address this issue, but we don’t have a time yet for a resolution.

FABRIC provides the following VM images that have docker (and openvswitch) installed in them
– docker_ubuntu_20
– docker_ubuntu_22
– docker_ubuntu_24
– docker_rocky_8

On the other hand, the issue may present itself for some other specific servers. As a workaround, the following may help for a temporary solution.

Get the IPv4 address of the server
get.docker.com –> 108.157.150.23
download.docker.com –> 108.157.150.36

Adjust NAT64 addresses wrt FABRIC’s NAT64 gateway prefix
get.docker.com –> 2600:2701:5000:5001::6c9d:9617
download.docker.com –> 2600:2701:5000:5001::6c9d:9624

Add to /etc/hosts

echo “2600:2701:5000:5001::6c9d:9617 get.docker.com” >> /etc/hosts
echo “2600:2701:5000:5001::6c9d:9624 download.docker.com” >> /etc/hosts

Then, you should be able to reach these sites (routed to their IPv4 addresses through FABRIC’s NAT64)

ubuntu@Node1:~$ curl -I https://get.docker.com
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 22592
Connection: keep-alive
Date: Mon, 10 Mar 2025 08:24:07 GMT
Last-Modified: Mon, 23 Dec 2024 12:06:43 GMT
x-amz-version-id: jBhC8udY54KPazAadGzx.egHAVktsNCa
ETag: “1a91bbd5af88e59c539b2f1ac7490347”
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 3ce25b408212b0431973764f2829bcd2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MCI50-P2
X-Amz-Cf-Id: NtXIyn1U5TQwjsaleKkIXEG7buaVTJN7vPExXgeAiqDGwVdHe9Z6pA==
Age: 17673
March 10, 2025 at 1:12 pm #8353
Pete Stenger
Participant
Thank you!
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘Cannot connect to download.docker.com’ is closed to new replies.