DNS connectivity issues, HTTP works

[fulgerul]

Hi, I am new to Docker so it took me many days to even get the HTTPD server working so bear with me please :)

Basically, the whole network can see the webserver inside the Docker container, but I can only run local (127.0.0.1) nslookups to the container.

I have dabbled with macvlan (no inet connectivity at all, and no inbound ports), fixed container IP, custom bridge with the network subnet and still I cannot make this work.

Can you help?

Thanks in advance

Config 7Host = Windows 10 - IP 192.168.1.7

Worked after I killed a webserver service occupying port 80!

Nothing occupies port 53

Firewall turned off/on did no difference

172Pi-hole = diginc/docker-pi-hole - IP 172.x.x.x

started with "docker run -e ServerIP="192.168.1.7" --restart=always --name=pi-hole -p 53:53/udp -p 53:53/tcp -p 80:80/tcp -d diginc/pi-hole"

Debug looks ok, dnsmasq and ngnix started and blocklists are getting downloaded (internet connectivity works). iptables is simply not there

10Mac = Mac with 192.168.1.10

Tests 10Mac --> 7Host:80 OK 10Mac --> 7Host:53 NOT OK - nslookup times out, no logs anywhere

7Host --> 7Host:80 OK 7Host --> 127.0.0.1:53 OK > nslookup > server 127.0.0.1 7Host --> 7Host:53 NOT OK - nslookup times out, no logs anywhere

172Pi-hole --> 172Pi-hole:80 OK 172Pi-hole --> 172Pi-hole:53 OK

[diginc]

First impression is it maybe something weird with windows docker. Is this a windows docker toolbox setup or the official new hyper-v based docker (windows 10 pro only I think)?

You could try explicitely binding to your 7Host's IP address with your docker run (destroy the container and re-run it)

the -p port:port part can also be in the format -p IP:port:port where IP is the external host IP address network address you want to use.

docker run -e ServerIP="192.168.1.7" -restart=always --name=pi-hole -p 192.168.1.7:53:53/udp -p 192.168.1.7:53:53/tcp -p 192.168.1.7:80:80/tcp -d diginc/pi-hole

[fulgerul]

Hi, Thanks for replying!

I am running Docker version 17.09.1-ce, build 19e2cf6 on Windows Pro (had to double check).

Running the above, I can see HTTP still working on the container from the 10Mac and 7Host but now it doesnt respond to any DNS, nslookup 127.0.0.1 nor nslookup 192.168.1.7!

It definitely smells like a bridge bug/feature in docker, so I have x-posted this over in the docker forums as well.

Again, thank you, if you have further suggestions I will be happy to test them out as I am stumped after days and days of googling and trying :)

A

[diginc]

Good call cross posting to the docker forum, I agree it seems like a networking issue of some sort.

I don't have Win Pro to run the Hyper-V latest docker CE to test on unfortunately. One other suggestion is try running a plain non pi-hole dnsmasq docker image on 53/tcp + 53/udp and see if that one works for you.

[diginc]

https://docs.docker.com/docker-for-windows/troubleshoot/#networking-issues maybe helpful too.

[fulgerul]

I ran into the exact same issue with "docker run -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN -d andyshinn/dnsmasq" as well as bind and others.

53 is a big nono, but i can see the webmin and other ports.

[fulgerul]

Solved it by disabling/renabling the "DoS Protection"/Firewall on my Asus router RT-AC68U! I had NO idea it was also an internal firewall. Will do a bug report to them!

Thanks so much!