Docker 无法解析专用网络上的 DNS [英] Docker cannot resolve DNS on private network

问题描述

我的机器位于具有私有 DNS 服务器和用于 DNS 解析的私有区域的私有网络上.我可以从我的主机解析这个区域上的主机，但我无法从我的主机上运行的容器解析它们.

My machine is on a private network with private DNS servers, and a private zone for DNS resolution. I can resolve hosts on this zone from my host machine, but I cannot resolve them from containers running on my host machine.

主持人:

root@host:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1

root@host:~# ping privatedomain.io
PING privatedomain.io (192.168.0.101) 56(84) bytes of data.

容器:

root@container:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 8.8.8.8
nameserver 8.8.4.4

root@container:~# ping privatedomain.io
ping: unknown host privatedomain.io

很明显，Google 的公共 DNS 服务器无法解析我的私有 DNS 请求.我知道我可以用 docker --dns 192.168.0.1 强制它，或者在 /etc/default/中设置 DOCKER_OPTS="--dns 192.168.0.1"docker，但我的笔记本电脑经常切换网络.似乎应该有一个系统的方法来解决这个问题.

It's fairly obvious that Google's public DNS servers won't resolve my private DNS requests. I know I can force it with docker --dns 192.168.0.1, or set DOCKER_OPTS="--dns 192.168.0.1" in /etc/default/docker, but my laptop frequently switches networks. It seems like there should be a systematic way of solving this problem.

推荐答案

Docker 通过复制主机的 /etc/resolv.conf 来填充 /etc/resolv.conf，并过滤掉任何本地名称服务器，例如 127.0.1.1.如果之后没有域名服务器，Docker 将添加 Google 的公共 DNS 服务器(8.8.8.8 和 8.8.4.4).

Docker populates /etc/resolv.conf by copying the host's /etc/resolv.conf, and filtering out any local nameservers such as 127.0.1.1. If there are no nameservers left after that, Docker will add Google's public DNS servers (8.8.8.8 and 8.8.4.4).

根据Docker 文档:

注意:如果您需要访问主机的本地主机解析器，则必须修改主机上的 DNS 服务以侦听可从容器内访问的非本地主机地址.

Note: If you need access to a host’s localhost resolver, you must modify your DNS service on the host to listen on a non-localhost address that is reachable from within the container.

主机上的 DNS 服务是 dnsmasq，因此如果您让 dnsmasq 监听您的 docker IP 并将其添加到 resolv.conf，docker 将配置容器以将其用作名称服务器.

The DNS service on the host is dnsmasq, so if you make dnsmasq listen on your docker IP and add that to resolv.conf, docker will configure the containers to use that as the nameserver.

1 . 创建/编辑 /etc/dnsmasq.conf^† 并添加以下几行:

1 . Create/edit /etc/dnsmasq.conf^† and add these lines:

interface=lo
interface=docker0

2 . 找到您的 docker IP(在本例中为 172.17.0.1):

2 . Find your docker IP (in this case, 172.17.0.1):

root@host:~# ifconfig | grep -A2 docker0
docker0   Link encap:Ethernet  HWaddr 02:42:bb:b4:4a:50  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0

3 . 创建/编辑 /etc/resolvconf/resolv.conf.d/tail 并添加这一行:

3 . Create/edit /etc/resolvconf/resolv.conf.d/tail and add this line:

nameserver 172.17.0.1

4 . 重启网络，更新resolv.conf，重启docker:

4 . Restart networking, update resolv.conf, restart docker:

sudo service network-manager restart
sudo resolvconf -u
sudo service docker restart

您的容器现在可以从主机使用的任何 DNS 服务器解析 DNS.

Your containers will now be able to resolve DNS from whatever DNS servers the host machine is using.

^{† 路径可能是/etc/dnsmasq.conf、/etc/dnsmasq.conf.d/docker.conf、/etc/NetworkManager/dnsmasq.conf 或 /etc/NetworkManager/dnsmasq.d/docker.conf 取决于您的系统和个人偏好.}

^{† The path may be /etc/dnsmasq.conf, /etc/dnsmasq.conf.d/docker.conf, /etc/NetworkManager/dnsmasq.conf, or /etc/NetworkManager/dnsmasq.d/docker.conf depending on your system and personal preferences.}

这篇关于Docker 无法解析专用网络上的 DNS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！