From 1a91b724640cebd3ccca010d2fbaf21d90fd0000 Mon Sep 17 00:00:00 2001 From: gilgamezh Date: Sun, 31 May 2026 10:16:59 +0200 Subject: [PATCH] fix(qbittorrent): use AirVPN plaintext DNS, disable gluetun DoT AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default DoT resolver at 127.0.0.1 never gets answers. The startup healthcheck's "lookup cloudflare.com" then times out and the VPN restarts every ~6s in a permanent loop, leaving qbittorrent with no working DNS. Verified inside the pod netns: tunnel egress works (ping 8.8.8.8 18ms), AirVPN's pushed resolver 10.128.0.1 resolves fine, but tcp/853 to both 1.1.1.1 and 8.8.8.8 times out. Set DOT=off and DNS_ADDRESS=10.128.0.1 so gluetun points resolv.conf at AirVPN's pushed DNS, reached over the tunnel (no DNS leak, no port 853). Co-Authored-By: Claude Opus 4.8 --- helm-values/qbittorrent_values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/helm-values/qbittorrent_values.yaml b/helm-values/qbittorrent_values.yaml index 4547645..f08d8e8 100644 --- a/helm-values/qbittorrent_values.yaml +++ b/helm-values/qbittorrent_values.yaml @@ -76,6 +76,14 @@ gluetun: value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128" - name: SERVER_COUNTRIES value: "Netherlands" + # AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default + # DoT resolver never gets answers and the startup healthcheck loops + # forever on "lookup cloudflare.com: i/o timeout". Use AirVPN's pushed + # plaintext resolver instead (reached over the tunnel, no DNS leak). + - name: DOT + value: "off" + - name: DNS_ADDRESS + value: "10.128.0.1" - name: FIREWALL_INPUT_PORTS value: "8080" - name: FIREWALL_VPN_INPUT_PORTS