Dnsmasq转发拒绝码头集装箱中的其他Dnsmasq
Dnsmasq转发拒绝码头集装箱中的其他Dnsmasq
提问于 2023-03-26 17:34:26
给定两个DNS服务器,一个在本地主机上运行(127.0.0.1:53),另一个在Docker容器中运行(172.18.0.3:5300)。
当我尝试在本地主机DNS使用dig或nslookup命令检查域解析request时,<#>request被拒绝:
adam@adam-desktop:~$ nslookup whoami.docker
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find whoami.docker: REFUSED并使用dig进行检查,但结果与此相似:
adam@adam-desktop:~$ dig A whoami.docker
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> A whoami.docker
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10447
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.docker. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Mar 26 18:59:31 CEST 2023
;; MSG SIZE rcvd: 42然后创建以下日志条目:
adam@adam-desktop:~$ tail -F /var/log/syslog:
[...]
Mar 26 18:45:27 adam-desktop dnsmasq[10105]: query[A] whoami.docker from 127.0.0.1
Mar 26 18:45:27 adam-desktop dnsmasq[10105]: forwarded whoami.docker to 172.18.0.3
Mar 26 18:45:32 adam-desktop dnsmasq[10105]: query[A] whoami.docker from 127.0.0.1
Mar 26 18:45:32 adam-desktop dnsmasq[10105]: config error is REFUSED但是,当我在命令中指定第二个DNS服务器时,响应是预期的:
adam@adam-desktop:~$ dig A @172.18.0.3 -p 5300 whoami.docker
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> A @172.18.0.3 -p 5300 whoami.docker
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5930
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.docker. IN A
;; ANSWER SECTION:
whoami.docker. 0 IN A 172.18.0.4
;; Query time: 3 msec
;; SERVER: 172.18.0.3#5300(172.18.0.3) (UDP)
;; WHEN: Sun Mar 26 18:58:08 CEST 2023
;; MSG SIZE rcvd: 58所以我不明白为什么不解决这个问题:
Request(whoami.docker) ->DNS1(127.0.0.1:53) -> DNS2(172.18.0.3):found (172.18.0.4- whoami.docker) ->并返回客户端。
localhost DNS配置(<#>dnsmasq.conf):
port=53
domain-needed
bogus-priv
strict-order
no-resolv
# Private DNS server on Docker network
server=/docker/172.18.0.3
#Use the Google nameservers
server=8.8.8.8
server=1.1.1.1
rebind-domain-ok=/.docker/
user=dnsmasq
#group=dnsmasq
listen-address=172.18.0.1, 172.17.0.1, 127.0.0.1
bind-interfaces
cache-size=0
log-queriesconfig(/etc/NetworkManager/NetworkManager.conf):NetworkManager
[main]
dns=dnsmasq
plugins=ifupdown,keyfile
[...]第二个DNS服务器配置(在Docker容器- IP地址:172.18.0.3内):
port=5300
domain-needed
bogus-priv
log-queries
no-resolv
no-hosts
strict-order
#Use the Google nameservers
server=8.8.8.8
server=8.8.4.4
#serve all company queries using a specific nameserver
domain=docker
#explicitly define host-ip mappings
# Testing container
address=/whoami.docker/172.18.0.4/etc/drv.conf的内容:
nameserver 127.0.0.1
search home
options edns0 trust-ad用于定义DNS和whoami容器的Docker文件:
version: '3.9'
services:
dnsmasq:
image: jpillora/dnsmasq
container_name: dnsmasq
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./dnsmasq.conf:/etc/dnsmasq.conf:ro
- ./dnsmasq.d:/etc/dnsmasq.d:rw
networks:
devnet:
ipv4_address: 172.18.0.3
logging:
options:
max-size: 100m
ports:
- "0.0.0.0:5300:53/udp"
- "0.0.0.0:5300:53/tcp"
- "0.0.0.0:5380:8080"
environment:
- HTTP_USER=foo
- HTTP_PASS=bar
# - VIRTUAL_HOST=ns.dev.home
whoami:
image: jwilder/whoami
container_name: whoami
restart: always
ports:
- "0.0.0.0:8000:8000"
environment:
- VIRTUAL_HOST=whoami.docker
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
devnet:
ipv4_address: 172.18.0.4
networks:
devnet:
driver: "bridge"
external: true
enable_ipv6: false回答 1
Server Fault用户
回答已采纳
发布于 2023-03-31 06:29:15
我用下一篇文章解决了我的问题。
1st步骤:我使用NetworkManager内置dnsmasq,而不是独立安装:DNSMasq +网络管理器+码头=好玩?
2nd步骤:我修改了Docker文件:删除了端口映射中的主机端口定义:
version: '3.9'
services:
dnsmasq:
image: jpillora/dnsmasq
container_name: dnsmasq
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./dnsmasq.conf:/etc/dnsmasq.conf:ro
- ./dnsmasq.d:/etc/dnsmasq.d:rw
networks:
devnet:
ipv4_address: 172.18.0.3
logging:
options:
max-size: 100m
ports:
- "53/udp"
- "53/tcp"
- "0.0.0.0:5380:8080"
environment:
- HTTP_USER=foo
- HTTP_PASS=bar
whoami:
image: jwilder/whoami
container_name: whoami
restart: always
ports:
- "0.0.0.0:8000:8000"
environment:
- VIRTUAL_HOST=whoami.dev.home
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
devnet:
ipv4_address: 172.18.0.4
networks:
devnet:
driver: "bridge"
external: true
enable_ipv6: false3rd步骤:在远程DNS服务器上修改dnsmasq配置文件(在Docker网络上),并将域信任到独立配置文件:码头管理系统 /etc/dnsmasq.conf:
port=53
domain-needed
bogus-priv
no-hosts
keep-in-foreground
bind-interfaces
no-resolv
expand-hosts
server=8.8.8.8
server=8.8.4.4
# changed domain from .docker to .dev.home
domain=dev.home
#log all dns queries
log-queries
conf-dir=/etc/dnsmasq.d/etc/dnsmasq/dnsmasq.d/1.whoami.conf:
address=/whoami.dev.home/172.18.0.4
txt-record=txt.whoami.dev.home,txt-whoami.whoami.dev.home4th步骤:向UFW添加额外规则(<#>/etc/ufw/后置),以允许Docker内部网络适当地遵循修复码头和UFW安全漏洞而不禁用Iptables
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1127172
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号