search

sameersbn / docker-bind

Dockerize BIND DNS server with webmin for DNS administration
MIT License
913 stars 333 forks source link

Able to Resolve Internal Hosts but not Internet as a Whole #107

Open samuelkneppel opened 3 years ago

samuelkneppel commented 3 years ago

Hello,

I trust all is well. Firstly, I would like to thank you for your work setting BIND in a Docker container and sharing your project with the rest of us. That being said, I am running into an issue that I am hoping someone would be able to assist me with.

I was able to successfully build and run this Docker container within my Ubuntu 20.04 VM hosted on my ESXi server. I then connected to the Webmin portal and setup my master/reverse zones for my internal hosts. I also set up global forwarding to external DNS servers of internet resolution.

However, as of right now, on my test VM pointed to my Docker host, I am only able to resolve internal hosts and not hosts on the Internet. As far as I can tell, my configuration is correct. I have tried restarting the container and recreating it from scratch and tried on a different test system. I received the same result each time.

Below is the relevant information:

Docker Version

samuelkneppel@docker:~$ docker version
Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:02:52 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:01:20 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Docker Info

samuelkneppel@docker:~$ docker info
Client:
 Debug Mode: false

Server:
 Containers: 8
  Running: 8
  Paused: 0
  Stopped: 0
 Images: 24
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-54-generic
 Operating System: Ubuntu 20.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.843GiB
 Name: docker
 ID: YCMM:FNPR:SPIH:3GVD:U5HE:RKZU:S2VT:OTSS:V4F5:QY7Q:YBP2:6BA6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

Docker Compose

samuelkneppel@docker:~/docker-compose/bind$ cat docker-compose.yml 
version: '2'

services:
  bind:
    restart: always
    image: sameersbn/bind
    ports:
    - "192.168.1.102:53:53/udp"
    - "192.168.1.102:53:53/tcp"
    - "192.168.1.102:10000:10000/tcp"
    volumes:
    - /home/samuelkneppel/config/bind:/data

/etc/bind/named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf/options

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    // forwarders {
    //  0.0.0.0;
    // };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    listen-on-v6 { any; };
    forwarders {
        1.1.1.1;
        1.0.0.1;
        208.67.222.222;
        208.67.220.220;
        };
};

/etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "lab.localdomain" {
    type master;
    file "/var/lib/bind/lab.localdomain.hosts";
    };
zone "1.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/192.168.1.rev";
    };

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

Replication of Issue 2020-11-29 22_09_20-FLARE VM - VMware Remote Console 2020-11-29 22_00_00-FLARE VM - VMware Remote Console

I will admit, I am fairly new to BIND so it is possible that I missed something obvious. Any ideas? I appreciate any help you can give me!

DahliaWitt commented 3 years ago

I'm having the same issue.

chinzi14 commented 3 years ago

Hi guys, I had the same issues, but I was able to solve it by adding the following lines in /etc/bind/named.conf.options

forwarders { 1.1.1.1; 9.9.9.9; }; recursion yes; allow-recursion { 10.x.x.x/24; //your internal network };