search

alibaba / havenask

Apache License 2.0
1.6k stars 302 forks source link

Ubuntu下,启动docker后,DNS不生效,主机和容器都无法访问域名,关闭容器后恢复 #178

Open Joyed-ZHTX opened 1 year ago

Joyed-ZHTX commented 1 year ago

因为Ubuntu(22.04 LTS)的骚操作,systemd-resolved在本地自建了一个本地DNS服务器,提供127.0.0.53作为DNS服务以供访问 关闭systemd-resolved,改用unbound之后就不会出现此问题。 参考链接:https://blog.csdn.net/qq_43111963/article/details/124998719

以下是使用systemd-resolved时的错误记录

创建容器之前(主机)

(base) model@ChatGLM--Q35-ICH9-2009:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
       valid_lft forever preferred_lft forever
    inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~$ resolvectl
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp6s18)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
       DNS Servers: 202.99.160.68

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~$ nslookup www.baidu.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 110.242.68.3
Name:   www.a.shifen.com
Address: 110.242.68.4
Name:   www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237
Name:   www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d

创建容器

(base) model@ChatGLM--Q35-ICH9-2009:~$ cd havenask/docker/havenask/
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ./create_container.sh havenask
Start to run scrip
Info: Repo locatation: /home/model/havenask/docker
Info: Container entry: /home/model/havenask/docker/havenask/havenask
Begin pull image: registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
1.0.0: Pulling from havenask/ha3_runtime
Digest: sha256:77e4a1f0a12b96517252c3a86cc87fca647cbcd2dffed63927600a15187e7810
Status: Image is up to date for registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
Begin initialize container:
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
INFO start container success

创建容器之后(主机)

(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ resolvectl
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp6s18)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
       DNS Servers: 202.99.160.68

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ nslookup www.baidu.com
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find www.baidu.com: SERVFAIL
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
       valid_lft forever preferred_lft forever
    inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

创建容器之后(容器)

(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ./havenask/sshme
model@ChatGLM--Q35-ICH9-2009:~$ resolvectl
Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
          DNS Domain: ~.
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes

Link 2 (enp6s18)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
model@ChatGLM--Q35-ICH9-2009:~$ nslookup www.baidu.com
bash: nslookup: command not found
model@ChatGLM--Q35-ICH9-2009:~$ curl https://www.baidu.com/
curl: (6) Could not resolve host: www.baidu.com
model@ChatGLM--Q35-ICH9-2009:~$ ping baidu.com
ping: baidu.com: Name or service not known
model@ChatGLM--Q35-ICH9-2009:~$ ping 110.242.68.66
PING 110.242.68.66 (110.242.68.66) 56(84) bytes of data.
64 bytes from 110.242.68.66: icmp_seq=1 ttl=55 time=14.5 ms
64 bytes from 110.242.68.66: icmp_seq=2 ttl=55 time=14.4 ms
^C
--- 110.242.68.66 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 14.435/14.468/14.501/0.033 ms
model@ChatGLM--Q35-ICH9-2009:~$ ip addr
bash: ip: command not found
model@ChatGLM--Q35-ICH9-2009:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:3a:f9:fa:1b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp6s18: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.101.122  netmask 255.255.255.0  broadcast 192.168.101.255
        inet6 fe80::dc8a:5328:9004:eca8  prefixlen 64  scopeid 0x20<link>
        ether fa:e4:6b:68:21:f2  txqueuelen 1000  (Ethernet)
        RX packets 103452  bytes 127144831 (121.2 MiB)
        RX errors 0  dropped 355  overruns 0  frame 0
        TX packets 48886  bytes 3896690 (3.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 139171  bytes 123704669 (117.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 139171  bytes 123704669 (117.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

关闭容器

(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ docker ps -a
CONTAINER ID   IMAGE                                                          COMMAND        CREATED          STATUS          PORTS     NAMES
7d9e0008c92b   registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0   "/sbin/init"   12 minutes ago   Up 12 minutes             havenask
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ docker stop 7d9e
7d9e

关闭容器之后(主机)

(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ nslookup www.baidu.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 110.242.68.4
Name:   www.a.shifen.com
Address: 110.242.68.3
Name:   www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237
Name:   www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d

(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ resolvectl
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp6s18)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
       DNS Servers: 202.99.160.68

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
       valid_lft forever preferred_lft forever
    inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
Joyed-ZHTX commented 1 year ago

另: 创建容器的脚本create_container.sh中增加参数--dns=XXX后,创建容器不会导致DNS失效,但是执行hape start havenask后依旧会导致DNS失效,可能是hape又重新创建其它容器导致的

使用unbound可以解决,是否需要在哪里提醒一下用户,防止踩坑

dyuyang commented 1 year ago

为什么创建容器会导致宿主机使用systemd-resolved的dns服务?

Joyed-ZHTX commented 1 year ago

不是创建容器导致宿主机使用这个服务的,Ubuntu 22.04 LTS默认使用的就是这个服务,但是该服务会导致上述问题。