I am setting up a Windows computer. It is a rather strange setup, but it is necessary my company's workflows developed on Linux will also work here. I will add background information to the end. But first the facts.
- I have an Ubuntu System set up in Windows 10 with WSL2.
- The Ubuntu System is a gateway to a local subnet.
- Inside the local subnet I have a private DNS server running.
- This DNS Server has
8.8.8.8
as a fallback server, if it doesn't know the answer - It is the only DNS Server set in Windows, no other DNS servers are there
- This DNS Server has
- When I open PowerShell and nslookup a domain — either in the
www
or thelocal
subnet — I receive the correct response. (Windows) - When I ping the domain or open it in a web browser it cannot look it up. This if for both public and private domains (Windows)
- When I ping the IP address returned from nslookup or open it works perfectly fine (Windows)
- When I ping dnsdock and it works (Ubuntu WSL2)
All the responses are non-authorative, which makes perfect sense, since it's forwarded through a private DNS server. Is Windows ignoring non-authorative answers?
Background
I think that describes my problem, but I think it's inevitable that I will get comments asking why my setup is that complicated. It's a computer for one of our developers. We are developing within Docker and inside Ubuntu Docker is installed natively (not via Docker desktop) because that allowed for forwarding to the actual containers.
I can ping them. To do so, I had to set up Ubuntu as a router (IPv4 forwarding to active and IP Table rules for forwarding). I also had to write a PowerShell script that reset the route on login because the IP address of Ubuntu changes on every startup. The private DNS server is DNSDock. It connects to the Docker socket and reads out Docker container automatically. It will a container’s name or tag or environment argument to a domain name.
This allows for DNS resolution of Docker containers and removes the need to bind ports. Which means that we can have as many parallel containers running as we want without adjusting the ports. Quite neat for multiple projects or micro services!
Don’t forget that they have to communicate with each other more often than not. It is important that a developer can just go into the project and run docker-compose up
. The whole idea is that the operating system doesn’t matter and no completely new methods have to be developed for people using Windows.
Here is the nslookup output for reference:
PS C:\WINDOWS\system32> nslookup www.yahoo.com 172.17.0.1
Server: UnKnown
Address: 172.17.0.1
Non-authoritative answer:
Name: new-fp-shed.wg1.b.yahoo.com
Addresses: 2a00:1288:110:c305::1:8000
2a00:1288:110:c305::1:8001
87.248.100.215
87.248.100.216
Aliases: www.yahoo.com
PS C:\WINDOWS\system32> nslookup www.yahoo.com
Server: UnKnown
Address: 172.17.0.1
Non-authoritative answer:
Name: new-fp-shed.wg1.b.yahoo.com
Addresses: 2a00:1288:110:c305::1:8000
2a00:1288:110:c305::1:8001
87.248.100.216
87.248.100.215
Aliases: www.yahoo.com
And here is the docker-compose file that starts and controls the DNS server:
version: '3.7'
services:
dnsdock:
image: aacebedo/dnsdock:v1.16.4-amd64
network_mode: bridge
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
container_name: dnsdock
ports:
- 172.17.0.1:53:53/udp
#- 53:53/udp
environment:
- nameserver="8.8.8.8:53"
/etc/resolv.conf
nameserver 172.17.0.1
ipconfig printout
PS C:\Users\<redacted>> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : <redacted>
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter LAN-Verbindung* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : <redacted>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter WLAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller
Physical Address. . . . . . . . . : <redacted>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.191(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 14, 2021 7:07:52 AM
Lease Expires . . . . . . . . . . : Thursday, January 14, 2021 8:07:50 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 172.17.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth-Netzwerkverbindung:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : <redacted>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter vEthernet (WSL):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : <redacted>
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.18.9.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : <redacted>
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.18.63.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled