Join Log in
Score:1
avatar Server

Container DNS resolutions works only after restarting dnsmasq

cn flag
flypenguin

[Update] add software versions

I have a home server which runs docker and DNS/DHCP for my home network. It's all working quite nicely except for one thing: Containers can't do DNS resolution after reboot. Once I restart dnsmasq it starts working immediately.

if I look into journalctl I see this message: Oct 29 23:56:15 hub.mi.casa dnsmasq[425]: Ignoring query from non-local network

I think that docker creates some network interfaces which dnsmasq does not pick up after being started, although the dnsmasq docs clearly state ...

On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. [...] (from: --bind-interfaces)

... so I guess this should work.

System config:

  • Debian Bullseye (11.1)
  • Docker v20.10.10 (Docker repos), no special settings (DOCKER_OPTS etc.)
  • dnsmasq v2.85 (Debian repos)
  • systemd-resolved active but DNSStubListener=no is set
  • systemd-networkd handles the network (static IP address)

I can't figure out what to do here, does anybody have any ideas? I did find a RedHat bug report which describes pretty much exactly what I'm experiencing, it is supposed to be solved though.

I don't really want to start dnsmasq after docker, cause the system and my whole network works just fine without docker, but not without dnsmasq.

Config files

dnsmasq.conf

# MAIN SETTINGS

port=53
domain-needed
expand-hosts
bogus-priv
no-resolv
no-hosts

server=127.0.0.1#8053

# DHCP CONFIGURATION

dhcp-range=192.168.1.150,192.168.1.200,12h
domain=mi.casa
local=/fritz.box/

# set dhcp options ("dnsmasq --help dhcp" for list)
dhcp-option=option:router,192.168.1.1
dhcp-option=option:dns-server,192.168.1.13
dhcp-option=option:domain-search,mi.casa

# static IP address assignments using DHCP (example)
dhcp-host=aa:cc:dd:ff:ee:33,hass.mi.casa,192.168.1.20

# static ip address entries (example)
address=/hub.mi.casa/192.168.1.13

/etc/systemd/network/10-static.network

[Match]
Name=en*

[Network]
Address=192.168.1.13/24
Gateway=192.168.1.1
DNS=192.168.1.13#8053 # that's a pi-hole running on the system
Domains=mi.casa
355
0 + 0
Score:0
avatar Server
cn flag
flypenguin

holy moly, I found the solution here, in a barely-two-line comment from @mosvy under a somewhat related question. based on that I even have two solutions now.

goal seems to be to disable the restriction to serve only local networks. there seem to be two ways.

solution 1

# dnsmasq.conf - add this - thanks @mosvy
except-interface=my_dummy_interface

yes, it is actually my_dummy_interface, it's a name that does not exist (you could also call it "smurfydurfy"). so dnsmasq binds and answers on all interfaces automatically, except on one ... that does never show up.

solutions 2

# dnsmasq.conf - add this
listen-address=127.0.0.1,192.168.1.13

same thing apparently, it binds on those addresses and answers all requests regardless of origin.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.