Docker无法解析专用网络上的DNS [英] Docker cannot resolve DNS on private network

问题描述

我的机器位于具有专用DNS服务器和用于DNS解析的专用区域的专用网络上.我可以从主机上解析此区域中的主机，但是不能从主机上运行的容器中解析主机.

My machine is on a private network with private DNS servers, and a private zone for DNS resolution. I can resolve hosts on this zone from my host machine, but I cannot resolve them from containers running on my host machine.

主机:

root@host:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1

root@host:~# ping privatedomain.io
PING privatedomain.io (192.168.0.101) 56(84) bytes of data.

容器:

root@container:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 8.8.8.8
nameserver 8.8.4.4

root@container:~# ping privatedomain.io
ping: unknown host privatedomain.io

很明显，Google的公共DNS服务器不会解决我的私有DNS请求.我知道可以用docker --dns 192.168.0.1强制设置，也可以在/etc/default/docker中设置DOCKER_OPTS="--dns 192.168.0.1"，但是我的笔记本电脑经常切换网络.似乎应该有系统的方法来解决此问题.

It's fairly obvious that Google's public DNS servers won't resolve my private DNS requests. I know I can force it with docker --dns 192.168.0.1, or set DOCKER_OPTS="--dns 192.168.0.1" in /etc/default/docker, but my laptop frequently switches networks. It seems like there should be a systematic way of solving this problem.

推荐答案

Docker通过复制主机的/etc/resolv.conf并过滤掉任何本地名称服务器(例如127.0.1.1)来填充/etc/resolv.conf.如果此后没有剩余的名称服务器，则Docker将添加Google的公共DNS服务器(8.8.8.8和8.8.4.4).

Docker populates /etc/resolv.conf by copying the host's /etc/resolv.conf, and filtering out any local nameservers such as 127.0.1.1. If there are no nameservers left after that, Docker will add Google's public DNS servers (8.8.8.8 and 8.8.4.4).

根据 Docker文档:

注意:如果需要访问主机的localhost解析器，则必须修改主机上的DNS服务，以侦听容器内可访问的非localhost地址.

Note: If you need access to a host’s localhost resolver, you must modify your DNS service on the host to listen on a non-localhost address that is reachable from within the container.

主机上的DNS服务是dnsmasq，因此，如果您使dnsmasq监听您的docker IP，并将其添加到resolv.conf中，则docker将配置容器以将其用作名称服务器.

The DNS service on the host is dnsmasq, so if you make dnsmasq listen on your docker IP and add that to resolv.conf, docker will configure the containers to use that as the nameserver.

1 .创建/编辑/etc/dnsmasq.conf ^†并添加以下行:

1 . Create/edit /etc/dnsmasq.conf^† and add these lines:

interface=lo
interface=docker0

2 .查找您的Docker IP(在本例中为172.17.0.1):

2 . Find your docker IP (in this case, 172.17.0.1):

root@host:~# ifconfig | grep -A2 docker0
docker0   Link encap:Ethernet  HWaddr 02:42:bb:b4:4a:50  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0

3 .创建/编辑/etc/resolvconf/resolv.conf.d/tail并添加以下行:

3 . Create/edit /etc/resolvconf/resolv.conf.d/tail and add this line:

nameserver 172.17.0.1

4 .重新启动网络，更新resolv.conf，重新启动docker:

4 . Restart networking, update resolv.conf, restart docker:

sudo service network-manager restart
sudo resolvconf -u
sudo service docker restart

您的容器现在将能够从主机使用的任何DNS服务器解析DNS.

Your containers will now be able to resolve DNS from whatever DNS servers the host machine is using.

^{†路径可能是/etc/dnsmasq.conf，/etc/dnsmasq.conf.d/docker.conf，/etc/NetworkManager/dnsmasq.conf或/etc/NetworkManager/dnsmasq.d/docker.conf，具体取决于您的系统和个人偏好.}

^{† The path may be /etc/dnsmasq.conf, /etc/dnsmasq.conf.d/docker.conf, /etc/NetworkManager/dnsmasq.conf, or /etc/NetworkManager/dnsmasq.d/docker.conf depending on your system and personal preferences.}

这篇关于Docker无法解析专用网络上的DNS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！