DNS resolution does not work in docker container

[drbogar]

PassCore Server

• OS: Linux (Docker)
• Provider: Active Directory
• DNS server: pihole in a docker container
• Settings file (without sensitive information): appsettings.json.txt
• Log file (without sensitive information): passwordChangeLog.log
• Docker compose file: docker-compose.yml.txt
• Dockerfile: Dockerfile.txt

Describe the bug The PassCore backend cannot connect to AD LDAP. I think it is because DNS resolution is not working inside the container. The apt-get update command also returns with an error:

root@passcore-container:/app# apt-get update
Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease  Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

The above command works fine from other containers, so the problem is not with the DNS server.

To Reproduce Steps to reproduce the behavior:

1. Clone the repo
2. Copy my docker-compose.yml.txt to the passcore directory
3. Rename the docker-compose.yml.txt to docker-compose.yml
4. Change the dns option in the docker-compose.yml
5. Copy my Dockerfile.txt to the passcore directory
6. Rename the Dockerfile.txt to Dockerfile
7. Create a volumes directory
8. Create a config directory in the volumes directory
9. Copy my appsettings.json.txt to the config directory
10. Rename the appsettings.json.txt to appsettings.json
11. Edit the appsettings.json file according to your Active Directory settings
12. Run the docker-compose up command and leave open the console
13. Try change change a password
14. See the error in the console

Expected behavior Passcore can resolve domain names and can connect to Active Directory LDAP. The user can change its password using passcore.

Screenshots I don't know what screenshot would help solve the problem.

Desktop:

• OS: Windows 10 Pro
• Browser: Chrome
• Version: 98.0.4758.102

Smartphone: We have not tested the website from smartphones.

Additional context Feel free to ask if I missed anything.

[drbogar]

I solved it! 🎉

In the meantime, I found out that DNS resolution does not work only in containers where I have specified the ip address of the docker host as DNS server in the docker-compose file. If I specify the ip address 8.8.8.8, the apt-get update command works fine.

This is because the DNS server communicates via UDP. When Passcore sends the DNS request, the source ip address of the response starts with 172... . This causes Passcore to not accept the DNS response because it came from an unexpected IP address. This can be solved by adding the host ip address to the ports in the pihole docker-compose file:

ports: 
- "<docker-host-ip-address>:53:53/tcp" 
- "<docker-host-ip-address>:53:53/udp"