Problem bind server usage / docker network access

[protvis74]

Hello, I successfully created the bind container on my raspberry pi. I have setup a domain and zones as shown in the blog post http://www.damagehead.com/blog/2015/04/28/deploying-a-dns-server-using-docker/

docker compose.yml file:

version: '3' services: bind: container_name: rpi-bind9-svr image: sameersbn/bind:latest dns: 127.0.0.1 environment:

• ROOT_PASSWORD=password ports:
• 192.168.0.70:10000:10000/tcp
• 192.168.0.70:10053:10053/udp volumes:
• /srv/docker/bind:/data

My raspberry host has the ip address 192.168.0.70. I can access the webmin interface via webrowser https://192.168.0.70:10000. Client has Ip 192.168.0.x.

The bind server in the docker container has the ip address 172.18.0.3. From my Raspberry host (192.168.0.70) ssh session I can ping the bind server.

ping 172.18.0.3 PING 172.18.0.2 (172.18.0.3) 56(84) bytes of data. 64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.276 ms 64 bytes from 172.18.0.3: icmp_seq=2 ttl=64 time=0.199 ms

Querying the bind server is also working.

pi@pi:~ $ host wp.int.acme.com 172.18.0.3 Using domain server: Name: 172.18.0.3 Address: 172.18.0.3#53 Aliases: wp.int.acme.com is an alias for wordpress.int.acme.com. wordpress.int.acme.com has address 192.168.0.40

pi@pi:~ $ host ns.int.acme.com 172.18.0.3 Using domain server: Name: 172.18.0.3 Address: 172.18.0.3#53 Aliases: ns.int.acme.com has address 172.18.0.3

I can also ping the wp client (192.168.0.40).

ping 192.168.0.40 PING 192.168.0.40 (192.168.0.40) 56(84) bytes of data. 64 bytes from 192.168.0.40: icmp_seq=1 ttl=64 time=0.725 ms 64 bytes from 192.168.0.40: icmp_seq=2 ttl=64 time=1.13 ms 64 bytes from 192.168.0.40: icmp_seq=3 ttl=64 time=1.27 ms

From the wp maschine i can't reach the bind server.

wordpress@wordpress-vm:~$ ping 172.18.0.3 PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data. From 62.155.246.85 icmp_seq=1 Destination Net Unreachable From 62.155.246.85 icmp_seq=2 Destination Net Unreachable From 62.155.246.85 icmp_seq=3 Destination Net Unreachable From 62.155.246.85 icmp_seq=4 Destination Net Unreachable

Also from another client in the 192.168.0.x range i can't ping / reach the bind server.

Network interfaces on the raspberry host / docker maschine:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 192.168.0.70/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2003:/64 scope global mngtmpaddr noprefixroute dynamic valid_lft 6925sec preferred_lft 981sec inet6 fe80:/64 scope link valid_lft forever preferred_lft forever 3: br-d19688963577: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-d19688963577 valid_lft forever preferred_lft forever inet 169.254.45.122/16 brd 169.254.255.255 scope global br-d19688963577 valid_lft forever preferred_lft forever inet6 fe80::/64 scope link valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever

Docker network:

docker network inspect pi_default [ { "Name": "pi_default", "Id": "d196889635776d9ce8f77240b3b9f3bee89d627f653767cf6383dcf1163a347a", "Created": "2018-09-01T12:09:51.358328354+02:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb": { "Name": "portainer", "EndpointID": "1axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4b", "MacAddress": "xx:xx:xx:xx:xx:xx", "IPv4Address": "172.18.0.4/16", "IPv6Address": "" }, "fdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb2": { "Name": "rpi-bind9-svr", "EndpointID": "39xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxdc", "MacAddress": "xx:xx:xx:xx:xx:xx", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" }, "fexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5d": { "Name": "pihole", "EndpointID": "19xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6e", "MacAddress": "xx:xx:xx:xx:xx:xx", "IPv4Address": "172.18.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]

[ { "Name": "bridge", "Id": "73b6adf8ab87fc1f92a97b2176ecb0066f67ac252ec52339de3be7be8125aff5", "Created": "2019-05-26T17:02:40.598542052+02:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ]

Can someone give me a hint what's wrong with my network configuration? What must I do that I can use the nameserver from the other clients and not only from my Raspberry with the docker containers?

Thank you.

[snspinn]

The bind server in the docker container has the ip address 172.18.0.3.

From my understanding, the docker ip range 172.xx.0.0/16 is available to the host machine itself. I do not think you should expect it to be reachable from any 192.168.0.0/24 address (different subnets entirely).

I think you have an error in your docker-compose: 192.168.0.70:10053:10053/udp should be 192.168.0.70:10053:53/udp? After this change I would expect the DNS to be available on 192.168.0.70:10053.

I know this is a late response. Have you solved this already? If so, maybe update this issue to reflect that.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.