search

HolgerHees / smartserver

SmartHome Server deployment setup
http://www.intranet-of-things.com/smarthome/infrastructure/server/setup/
GNU General Public License v3.0
27 stars 5 forks source link

Docker using local DNS #18

Closed toffee closed 4 months ago

toffee commented 4 months ago

My ISP offer a parental control service (that I have it enabled). When this feature is enabled, I guess all DNS requests to other servers (like Google DNS 8.8.8.8) than local one are drop.

With parental control enabled on ISP side:

jupiter:~/git/smartserver # nslookup www.google.com 8.8.8.8
;; connection timed out; no servers could be reached

Without parental control enabled:

jupiter:~ # nslookup www.google.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   www.google.com
Address: 142.250.180.228
Name:   www.google.com
Address: 2a00:1450:400d:80c::2004

Sometimes the smartserver ansible scripts fail because of that. For example, now, when you updated the alpine version the creation of dnsmasq container failed. The names are not resolved because the 8.8.8.8 (that is used by docker) on 53 port is not accessible.

#5 [2/2] RUN apk --no-cache add dnsmasq tzdata\n
#5 0.081 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz\n
#5 5.085 WARNING: fetching https://dl-cdn.alpinelinux.org/alpine/v3.20/main: temporary error (try again later)\n
#5 5.085 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz\n
#5 10.09 WARNING: fetching https://dl-cdn.alpinelinux.org/alpine/v3.20/community: temporary error (try again later)\n
#5 10.09 ERROR: unable to select packages:\n
#5 10.09   dnsmasq (no such package):\n
#5 10.09     required by: world[dnsmasq]\n
#5 10.09   tzdata (no such package):\n
#5 10.09     required by: world[tzdata]\n

After I disabled the parental control on ISP then the ansible scripts works as expected.

It's nothing critical, but I just let you know - maybe there is an easy fix.

For the moment, my workarounds are:

  1. to disable the parental control on ISP (I want to avoid that);
  2. before running ansible script to modify the /etc/resolver.conf - replace 127.0.0.1 with gateway IP (where a DNS is running, which forwards to ISP DNS)
HolgerHees commented 4 months ago

currently the dns forwarding flow is like below,

client => pihole => dnsmasq => dns_forward_ip_addresses

and dns_forward_ip_addresses has a default value of [ "8.8.8.8", "8.8.4.4" ]

just change dns_forward_ip_addresses to

dns_forward_ip_addresses: [ "<your_gateway_ip>" ]

in your env.yml and redeploy dnsmasq

my config is

dns_forward_ip_addresses: [ "{{default_server_gateway}}" ]

toffee commented 4 months ago

Thank you for your answer.

It's strange because my config was

dns_forward_ip_addresses: [ "{{default_server_gateway}}", "8.8.8.8", "8.8.4.4" ]

I removed now the google DNS IPs from my config. I will check to see if this behavior will be reproducible with next alpine update.