search

tianon / rawdns

a direct, raw DNS interface to the Docker API
https://hub.docker.com/r/tianon/rawdns/
GNU General Public License v3.0
204 stars 24 forks source link

TLS support #7

Closed tombee closed 9 years ago

tombee commented 9 years ago

Hey @tianon, let me know what you think of this :) Would appreciate your feedback! :whale:

tianon commented 9 years ago

A few minor nits, but otherwise looking good! :+1:

tianon commented 9 years ago

Would you mind also testing this against a TLS-enabled Docker daemon, just to make sure we cover our bases?

tombee commented 9 years ago

Will do, thanks for the comments! :smile:

tombee commented 9 years ago

I just tested against a TLS-enabled Docker daemon using the following configuration:

{
    "dockertls.": {
        "type": "containers",
        "socket": "tcp://192.168.99.102:2376",
        "tlsverify": true,
        "tlscacert": "/var/lib/boot2docker/ca.pem",
        "tlscert": "/var/lib/boot2docker/server.pem",
        "tlskey": "/var/lib/boot2docker/server-key.pem"
    },
    "local.": {
        "type": "forwarding",
        "nameservers": [ "172.17.42.1" ]
    },
    ".": {
        "type": "forwarding",
        "nameservers": [ "8.8.8.8", "8.8.4.4" ]
    }
}

Works fine:

; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> @172.17.42.1 dns.dockertls
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23827
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dns.dockertls.         IN  A

;; ANSWER SECTION:
dns.dockertls.      0   IN  A   172.17.0.5

;; Query time: 26 msec
;; SERVER: 172.17.42.1#53(172.17.42.1)
;; WHEN: Tue Sep 15 22:00:20 UTC 2015
;; MSG SIZE  rcvd: 60
tianon commented 9 years ago

Nice, LGTM thanks! :+1: