Docker add custom DNS server





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{
"dns": ["10.8.0.1", "1.1.1.1"]
}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos
nameserver 127.0.0.11
options ndots:0


My named.conf file looks as follows:



acl trusted {
2001:0db8:ee00:abcd::/64;
127.0.0.1;
10.8.0.0/8;
};

options {
listen-on port 53 { 127.0.0.1; 10.8.0.1; };
listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { trusted; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
... #Zones are coming after this









share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34




















0















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{
"dns": ["10.8.0.1", "1.1.1.1"]
}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos
nameserver 127.0.0.11
options ndots:0


My named.conf file looks as follows:



acl trusted {
2001:0db8:ee00:abcd::/64;
127.0.0.1;
10.8.0.0/8;
};

options {
listen-on port 53 { 127.0.0.1; 10.8.0.1; };
listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { trusted; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
... #Zones are coming after this









share|improve this question

























  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34
















0












0








0








I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{
"dns": ["10.8.0.1", "1.1.1.1"]
}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos
nameserver 127.0.0.11
options ndots:0


My named.conf file looks as follows:



acl trusted {
2001:0db8:ee00:abcd::/64;
127.0.0.1;
10.8.0.0/8;
};

options {
listen-on port 53 { 127.0.0.1; 10.8.0.1; };
listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { trusted; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
... #Zones are coming after this









share|improve this question
















I have a DNS server running on a CentOS 7 machine at 10.8.0.1. On this machine, I have some docker images running on a subnet of 10.8.1.0/24, without masquerading. I'd like the docker images to be able to resolve addresses from URLs defined in my local DNS server, but for some reason, no tutorials on Google helped me.



I tried editing the host machine's /etc/resolv.conf, which now looks like this:



# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11


I also tried editing /etc/docker/daemon.json, which looks like this:



{
"dns": ["10.8.0.1", "1.1.1.1"]
}


The docker container can resolve any URLs from global DNS servers, but I can't for the life of me figure out why it can't resolve the URLs on in my local DNS server.



The host machine can resolve the DNS requests, as well as clients connecting to the machine via VPN, where the dhcp-option DNS 10.8.0.1 is pushed to the clients connecting.



The containers can ping the address 10.8.0.1.



One of the containers has the following /etc/resolv.conf file:



search home centos
nameserver 127.0.0.11
options ndots:0


My named.conf file looks as follows:



acl trusted {
2001:0db8:ee00:abcd::/64;
127.0.0.1;
10.8.0.0/8;
};

options {
listen-on port 53 { 127.0.0.1; 10.8.0.1; };
listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { trusted; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
... #Zones are coming after this






linux networking dns centos docker






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 11 at 19:22







László Stahorszki

















asked Feb 11 at 18:53









László StahorszkiLászló Stahorszki

1063




1063













  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34





















  • Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

    – xenoid
    Feb 12 at 8:06











  • I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

    – László Stahorszki
    Feb 12 at 8:08











  • Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

    – BMitch
    Feb 13 at 14:30











  • it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

    – László Stahorszki
    Feb 13 at 15:34



















Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06





Is you local DNS server listening on the Docker interface? It could make more sense to have a DNS in another container anyway...

– xenoid
Feb 12 at 8:06













I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08





I didn't set up interfaces to listen on, that sounds like a good idea. I tried setting the listen address to any for both IPv4, and IPv6, with little luck

– László Stahorszki
Feb 12 at 8:08













Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30





Are you searching for a FQDN or a short hostname? Can you resolve requests from the docker host outside of a container?

– BMitch
Feb 13 at 14:30













it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34







it's technically a FQDN, I want to resolve for example this address: jira.ropi.io, to the respective IP address. The DNS server works outside of the docker containers. If I try to curl jira.ropi.io on the docker host, it will resolve the address, just like the VPN Clients connected to the network

– László Stahorszki
Feb 13 at 15:34












0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404548%2fdocker-add-custom-dns-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Сан-Квентин

8-я гвардейская общевойсковая армия

Алькесар