Docker add custom DNS server





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34




















0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34
















0












0








0








I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question
















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker




linux networking dns centos docker






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 11 at 19:22







László Stahorszki

















asked Feb 11 at 18:53









László StahorszkiLászló Stahorszki

1063




1063













  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34





















  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34



















Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06





Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06













I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08





I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08













Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30





Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30













it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34







it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34












0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Список кардиналов, возведённых папой римским Каликстом III

Image
Папа Каликст III Кардиналы, возведённые Папой римским Каликстом III  — 9 прелатов и мирян были возведены в сан кардинала на двух Консисториях за трёхлетний понтификат Каликста III. Самой крупной консисторией были Консистория от 17 декабря 1456 года, на которой было возведено шесть кардиналов. Папа Каллист III хотел назвать отца Жан Сорета, O.Carm., епископом или кардиналом, но он отказался, потому что хотел посвятить себя своему ордену и продвижению религиозного рвения и соблюдения устава монашеского ордена. Консистория от 17 сентября 1456 года | Луис Хуан дель Мила, племянник Его Святейшества, епископ Сегорбе (королевство Арагон); Жайме Португальский, администратор архиепархии Лиссабона (королевство Португалия); Родриго де Борха-и-Борха, племянник Его Святейшества, ризничий Валенсии (Папская область). Консистория от 17 декабря 1456 года | Ринальдо Пишичелло, архиепископ Неаполя (Неаполитанское королевство); Хуан де Мелья, епископ Саморы (королевство Ка
Read more

Deduzione

Image
.mw-parser-output .nota-disambigua{clear:both;margin-bottom:.5em;border:1px solid #CCC;padding-left:4px}.mw-parser-output .nota-disambigua i{vertical-align:middle} Disambiguazione – Se stai cercando il teorema, vedi Teorema di deduzione . Disambiguazione – Se stai cercando il concetto di deduzione in economia, vedi deduzione fiscale . Il ragionamento deduttivo umano assimilato a un meccanismo Il metodo deduttivo o deduzione è il procedimento razionale che fa derivare una certa conclusione da premesse più generiche, dentro cui quella conclusione è implicita. Il termine significa letteralmente «condurre da», perché proviene dal latino "de" (traducibile con da , preposizione indicante provenienza, o moto di discesa dall'alto verso il basso) e "ducere" ( condurre ). Questo metodo parte da postulati e princìpi primi e, attraverso una serie di rigorose concatenazioni logiche, procede verso determinazioni più particolari attinenti alla realtà tangi
Read more

Mysql.sock missing - “Can't connect to local MySQL server through socket”

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 Operating System - OSX 10.11.2 MAMP version - 3.5 I'm following along with this guide, setting up wordpress with Xammp on PC and MAMP on Mac, where I'm in step "Mac - 4" is asked to input: "In the Terminal run: /Applications/MAMP/Library/bin/mysqladmin -u root -p password {Your Windows MySQL password here}" However, this (with out bracket text) results in error message: error: 'Can't connect to local MySQL server through socket '/Applications/MAMP/tmp/mysql/mysql.sock' (2)' Check that mysqld is running and that the socket: '/Applications/MAMP/tmp/mysql/mysql.sock'
Read more