1

I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.

I tried editing the host machine's /etc/resolv.conf, which now looks like this:

# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11

I also tried editing /etc/docker/daemon.json, which looks like this:

{
        "dns": ["10.8.0.1", "1.1.1.1"]
}

The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.

The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.

The containers can ping the address 10.8.0.1.

One of the containers has the following /etc/resolv.conf file:

search home centos
nameserver 127.0.0.11
options ndots:0

My named.conf file looks as follows:

acl trusted {
        2001:0db8:ee00:abcd::/64;
        127.0.0.1;
        10.8.0.0/8;
};

options {
        listen-on port 53 { 127.0.0.1; 10.8.0.1; };
        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { trusted; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
... #Zones are coming after this
Improve this question
4
  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...
    – xenoid
    Commented Feb 12, 2019 at 8:06
  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck
    – László Stahorszki
    Commented Feb 12, 2019 at 8:08
  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?
    – BMitch
    Commented Feb 13, 2019 at 14:30
  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network
    – László Stahorszki
    Commented Feb 13, 2019 at 15:34

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .