admin/turingpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(qbittorrent): use AirVPN plaintext DNS, disable gluetun DoT

Browse Source 
AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default DoT
resolver at 127.0.0.1 never gets answers. The startup healthcheck's
"lookup cloudflare.com" then times out and the VPN restarts every ~6s
in a permanent loop, leaving qbittorrent with no working DNS.

Verified inside the pod netns: tunnel egress works (ping 8.8.8.8 18ms),
AirVPN's pushed resolver 10.128.0.1 resolves fine, but tcp/853 to both
1.1.1.1 and 8.8.8.8 times out.

Set DOT=off and DNS_ADDRESS=10.128.0.1 so gluetun points resolv.conf at
AirVPN's pushed DNS, reached over the tunnel (no DNS leak, no port 853).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
gilgamezh
2026-05-31 10:16:59 +02:00
parent ac637adaf4
commit 1a91b72464
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helm-values/qbittorrent_values.yaml
+8
View File
@@ -76,6 +76,14 @@ gluetun:
value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128" value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128"
- name: SERVER_COUNTRIES - name: SERVER_COUNTRIES
value: "Netherlands" value: "Netherlands"
# AirVPN blocks outbound DNS-over-TLS (tcp/853), so gluetun's default
# DoT resolver never gets answers and the startup healthcheck loops
# forever on "lookup cloudflare.com: i/o timeout". Use AirVPN's pushed
# plaintext resolver instead (reached over the tunnel, no DNS leak).
- name: DOT
value: "off"
- name: DNS_ADDRESS
value: "10.128.0.1"
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: "8080" value: "8080"
- name: FIREWALL_VPN_INPUT_PORTS - name: FIREWALL_VPN_INPUT_PORTS