2025.08.0 is not compatible with RPi3 (and may be others?)

[yarikoptic]

There is a growing body of issues all boiling down to DNS resolution failures from within docker containers

• "Core DNS fails to provide answers" to integrations in HAOS since 2025.5 - DNS itself not broken. core#159542
• Timeout while contacting DNS servers when forwarding resolver has broken EDNS cookie handling with newer c-ares versions core#145708

and so on. And in my case it seems to be due to the fact that newer ghcr.io/home-assistant/aarch64-hassio-dns:2025.08.0 docker image is not compatible with RPi3 I use, running it causes

SIGILL: illegal instruction
PC=0x40a990 m=0 sigcode=1
instruction bytes: 0xe8 0xe1 0x3d 0x33 0x88 0xd8 0xf4 0xf SIGILL: illegal instruction
PC=0x40a990 m=0 sigcode=1
instruction bytes: 0xe8 0xe1 0x3d 0x33 0x88 0xd8 0xf4 0xf 0x3b 0xca 0x9e 0x5e 0xa6 0x91 0x90 0x39

goroutine 1 gp=0x40000021c0 m=0 mp=0x16ac3e0 [running, locked to thread]:
0x3b 0xca 0x9e 0x5e 0xa6 0x91 0x90 0x39

goroutine 1 gp=0x40000021c0 m=0 mp=0x16ac3e0 [running, locked to thread]:
google.golang.org/protobuf/reflect/protoregistry.initgoogle.golang.org/protobuf/reflect/protoregistry.init(()
	<autogenerated>:1 fp=0x400013be10 sp=0x400013be10 pc=0x40a990
runtime.doInit1(0x1633800)
...

then hassio_dns container dies and any other container trying to access DNS at 172.30.32.3 fails!

comparison of runs of 2025.02.0 and 2025.08.0

# docker run --rm ghcr.io/home-assistant/aarch64-hassio-dns:2025.02.0 /bin/sh -c "coredns -version" 2>&1
+ docker run --rm ghcr.io/home-assistant/aarch64-hassio-dns:2025.02.0 /bin/sh -c 'coredns -version'
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/corefile.sh
2025/12/30 16:15:11 open /config/coredns.json: no such file or directory
[16:15:11] ERROR: Corefile fails to generate. Use fallback corefile!
cont-init: info: /etc/cont-init.d/corefile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun coredns (no readiness notification)
s6-rc: info: service legacy-services successfully started
CoreDNS-1.11.4
linux/arm64, go1.23.3, 6e11ebd-dirty
[WARNING] plugin/hosts: File does not exist: /config/hosts
[ERROR] plugin/mdns: could not connect to systemd resolver due to: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory
[ERROR] plugin/mdns: mdns and llmnr urls will not resolve in without this
.:53
.:5553
CoreDNS-1.11.4
linux/arm64, go1.23.3, 6e11ebd-dirty
s6-rc: info: service legacy-services: stopping
[FATAL] plugin/loop: Loop (127.0.0.1:44619 -> :53) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 1121465534520236755.6849959334310020322."
[16:15:13] WARNING: Halt DNS plug-in with exit code 1
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

so it doesn't crash with SIGIL, whenever new

# docker run --rm ghcr.io/home-assistant/aarch64-hassio-dns:2025.08.0 /bin/sh -c "coredns -version" 2>&1
+ docker run --rm ghcr.io/home-assistant/aarch64-hassio-dns:2025.08.0 /bin/sh -c 'coredns -version'
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/corefile.sh
2025/12/30 16:15:28 open /config/coredns.json: no such file or directory
[16:15:28] ERROR: Corefile fails to generate. Use fallback corefile!
cont-init: info: /etc/cont-init.d/corefile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun coredns (no readiness notification)
s6-rc: info: service legacy-services successfully started
SIGILL: illegal instruction
PC=0x40a990 m=0 sigcode=1
instruction bytes: 0xe8 0xe1 0x3d 0x33 0x88 0xd8 0xf4 0xf SIGILL: illegal instruction
PC=0x40a990 m=0 sigcode=1
instruction bytes: 0xe8 0xe1 0x3d 0x33 0x88 0xd8 0xf4 0xf 0x3b 0xca 0x9e 0x5e 0xa6 0x91 0x90 0x39

goroutine 1 gp=0x40000021c0 m=0 mp=0x16ac3e0 [running, locked to thread]:
0x3b 0xca 0x9e 0x5e 0xa6 0x91 0x90 0x39

goroutine 1 gp=0x40000021c0 m=0 mp=0x16ac3e0 [running, locked to thread]:
google.golang.org/protobuf/reflect/protoregistry.initgoogle.golang.org/protobuf/reflect/protoregistry.ini

a quick and dirty workaround I am trying now is to trick local registry into having 08 to point to older 02

# docker tag ghcr.io/home-assistant/aarch64-hassio-dns:2025.02.0 \
            ghcr.io/home-assistant/aarch64-hassio-dns:2025.08.0

and ecobee came up. Testing more...

[yarikoptic]

workaround with tagging didn't persist reboot: now I configured dns to use that older one ha dns update --version 2025.02.0 and I did reboot for the good measure, upon reboot it is running ghcr.io/home-assistant/aarch64-hassio-dns:2025.02.0 but then it again upgraded it to 08 and somehow that ghcr.io/home-assistant/aarch64-hassio-dns:2025.08.0 is actually running without causing SIGILL this time -- I guess that code path is not always triggered!!!! That might explain why some folks reported that the issue is intermittent!?