Comments (7)
andyshinn
commented on July 18, 2024
1
It is possible that --network=host needs something more than just --cap-add=NET_ADMIN to listen properly. You'd probably just have to do some debugging with ss or netstat to figure out what is listening where. The port mapping way should accomplish the same thing.
I'd be happy to accept a README pull request that gives this as an example of how to use the container as a host forwarder.
from docker-dnsmasq.
andyshinn
commented on July 18, 2024
I guess you'd have to heed the advice of the Stack Overflow article and disable systemd-resolved listener or run the container on a different external port with something like -p 5353:53/tcp -p 5353:53/udp. But neither of these are really something we can solve in the container or this image.
Is there something you are proposing we change in this image or documentation to help with this?
from docker-dnsmasq.
RyanRamchandar
commented on July 18, 2024
There still exists an issue after disabling systemd-resolved or setting DNSStubListener=no since now DNS lookups don't seem to be happening at all. For example, I can ping 8.8.8.8 but not ping google.com.
Is the container missing a config like --listen-address, a mount like /etc/resolv.conf or something else to allow DNS lookups?
from docker-dnsmasq.
andyshinn
commented on July 18, 2024
For starts, how are you running the container and what is the output of ss -ntu on the host? The dnsmasq inside the container listens on 0.0.0.0 TCP and UDP by default. Assuming the container is mapping the host ports correctly, I don't see why it wouldn't work. Might be worth checking iptables and the NAT table specifically to see where port 53 is being sent.
from docker-dnsmasq.
RyanRamchandar
commented on July 18, 2024
Okay I think I figured out what was wrong... I was running the container with --network=host:
docker run \
--network=host \
--cap-add=NET_ADMIN \
-d \
--restart=always \
andyshinn/dnsmasq:2.78 \
--interface=eth0 \
--dhcp-range=10.10.10.11,10.10.10.254,12h \
--log-facility=-
And switching to -p port mapping seems to have fixed it. Though I don't entirely know why. It might have something to do with the container network being isolated from the host now.
docker run \
-p 53:53/tcp \
-p 53:53/udp \
--cap-add=NET_ADMIN \
-d \
--restart=always \
andyshinn/dnsmasq:2.78 \
--interface=eth0 \
--dhcp-range=10.10.10.11,10.10.10.254,12h \
--log-facility=-
Now the log seems happy, and ping google.com resolves.
# docker logs dnsmasq
dnsmasq[1]: started, version 2.78 cachesize 150
dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp[1]: DHCP, IP range 10.10.10.11 -- 10.10.10.254, lease time 12h
dnsmasq[1]: reading /etc/resolv.conf
dnsmasq[1]: using nameserver 8.8.8.8#53
dnsmasq[1]: using nameserver 8.8.4.4#53
dnsmasq[1]: read /etc/hosts - 7 addresses
from docker-dnsmasq.
RyanRamchandar
commented on July 18, 2024
Thanks Andy.
from docker-dnsmasq.
RyanRamchandar
commented on July 18, 2024
An unfortunate result of using the port mapping instead of --network=host is that the container can no longer see the interfaces of the host and the following commands no longer work:
--interface=eth0 \
--dhcp-range=10.10.10.11,10.10.10.254,12h \
from docker-dnsmasq.
Related Issues (20)
- Update to 2.78 HOT 3
- Can't resolve name when the dockerized app and dockerized dnsmasq on the same host HOT 2
- inotifywait dnsmasq.conf althosts -> HUP HOT 1
- Feature: Multiple architectures using manifest HOT 6
- Error starting userland proxy HOT 2
- `cname` not working HOT 4
- Isn't a issue, but it's a question about this image. HOT 1
- Some lookups fail. Dockerized dnsmasq unusable. HOT 1
- provide updated images on dockerhub HOT 1
- Root user has no password HOT 1
- Stopped working in docker desktop for mac v2.1.0.0 HOT 3
- Maximum number of concurrent DNS queries reached HOT 6
- Provide dnssec capabilities HOT 4
- Don't work in swarm but in docker-compose HOT 4
- Up for adoption HOT 13
- docker-compose does not work HOT 1
- how can i user this image HOT 1
- push to quay.io HOT 1
- Can't get it to work as DHCP server HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-dnsmasq.