Given two DNS servers, one runs on localhost (127.0.0.1:53) and the other in a Docker container (172.18.0.3:5300).
When I tried to check domain resolve through at localhost DNS with dig or nslookup commands the request is refused:
adam@adam-desktop:~$ nslookup whoami.docker
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find whoami.docker: REFUSED
and checked with dig but the result is similar:
adam@adam-desktop:~$ dig A whoami.docker
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> A whoami.docker
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10447
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.docker. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Mar 26 18:59:31 CEST 2023
;; MSG SIZE rcvd: 42
then the following log entries created:
adam@adam-desktop:~$ tail -F /var/log/syslog:
[...]
Mar 26 18:45:27 adam-desktop dnsmasq[10105]: query[A] whoami.docker from 127.0.0.1
Mar 26 18:45:27 adam-desktop dnsmasq[10105]: forwarded whoami.docker to 172.18.0.3
Mar 26 18:45:32 adam-desktop dnsmasq[10105]: query[A] whoami.docker from 127.0.0.1
Mar 26 18:45:32 adam-desktop dnsmasq[10105]: config error is REFUSED
But when I specified the 2nd DNS server in the command, the response is the expected:
adam@adam-desktop:~$ dig A @172.18.0.3 -p 5300 whoami.docker
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> A @172.18.0.3 -p 5300 whoami.docker
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5930
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.docker. IN A
;; ANSWER SECTION:
whoami.docker. 0 IN A 172.18.0.4
;; Query time: 3 msec
;; SERVER: 172.18.0.3#5300(172.18.0.3) (UDP)
;; WHEN: Sun Mar 26 18:58:08 CEST 2023
;; MSG SIZE rcvd: 58
So I don't understand why not working the resolving chain:
Request(whoami.docker) ->DNS1(127.0.0.1:53) -> DNS2(172.18.0.3): found entry(172.18.0.4 - whoami.docker) -> and return to client.
The localhost DNS configuration (dnsmasq.conf):
port=53
domain-needed
bogus-priv
strict-order
no-resolv
# Private DNS server on Docker network
server=/docker/172.18.0.3
#Use the Google nameservers
server=8.8.8.8
server=1.1.1.1
rebind-domain-ok=/.docker/
user=dnsmasq
#group=dnsmasq
listen-address=172.18.0.1, 172.17.0.1, 127.0.0.1
bind-interfaces
cache-size=0
log-queries
The NetworkManager config(/etc/NetworkManager/NetworkManager.conf):
[main]
dns=dnsmasq
plugins=ifupdown,keyfile
[...]
The 2nd DNS server config (inside a Docker container - IP address: 172.18.0.3):
port=5300
domain-needed
bogus-priv
log-queries
no-resolv
no-hosts
strict-order
#Use the Google nameservers
server=8.8.8.8
server=8.8.4.4
#serve all company queries using a specific nameserver
domain=docker
#explicitly define host-ip mappings
# Testing container
address=/whoami.docker/172.18.0.4
Content of /etc/resolv.conf:
nameserver 127.0.0.1
search home
options edns0 trust-ad
The Docker-Compose file which defines the DNS and the whoami containers:
version: '3.9'
services:
dnsmasq:
image: jpillora/dnsmasq
container_name: dnsmasq
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./dnsmasq.conf:/etc/dnsmasq.conf:ro
- ./dnsmasq.d:/etc/dnsmasq.d:rw
networks:
devnet:
ipv4_address: 172.18.0.3
logging:
options:
max-size: 100m
ports:
- "0.0.0.0:5300:53/udp"
- "0.0.0.0:5300:53/tcp"
- "0.0.0.0:5380:8080"
environment:
- HTTP_USER=foo
- HTTP_PASS=bar
# - VIRTUAL_HOST=ns.dev.home
whoami:
image: jwilder/whoami
container_name: whoami
restart: always
ports:
- "0.0.0.0:8000:8000"
environment:
- VIRTUAL_HOST=whoami.docker
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
devnet:
ipv4_address: 172.18.0.4
networks:
devnet:
driver: "bridge"
external: true
enable_ipv6: false
