Docker add custom DNS server





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34




















0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34
















0












0








0








I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker







share|improve this question
















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager

search home centos

nameserver 10.8.0.1

nameserver 2001:730:3eb2::10

nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{

        "dns": ["10.8.0.1", "1.1.1.1"]

}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos

nameserver 127.0.0.11

options ndots:0


My named.conf file looks as follows:



acl trusted {

        2001:0db8:ee00:abcd::/64;

        127.0.0.1;

        10.8.0.0/8;

};



options {

        listen-on port 53 { 127.0.0.1; 10.8.0.1; };

        listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { trusted; };



        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;



        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";



        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

... #Zones are coming after this





linux networking dns centos docker




linux networking dns centos docker






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 11 at 19:22







László Stahorszki

















asked Feb 11 at 18:53









László StahorszkiLászló Stahorszki

1063




1063













  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34





















  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34



















Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06





Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06













I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08





I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08













Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30





Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30













it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34







it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34












0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Сан-Квентин

Image
Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
Read more

Алькесар

Image
Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
Read more

Josef Freinademetz

Image
San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
Read more