Question

Dnsmasq and local docker container

Hi everyone,

I have my first droplet up and running and now have to deploy multiple docker container.

Situation:

The docker container have their own DNS Server (which is needed for the applications being deployed and can’t be changed). Per default systemd-resolved occupies UDP 53 as it listens on 127.0.0.53.

Solution(?):

My idea is to disable systemd-resolved and replace it with dnsmasq. dnsmasq should provide local DNS resolution for the host but also distribute incoming DNS requests to the various docker container. I have various local docker networks at 172.17.0.1/16 and 172.18.0.1/16. I can start my containers like -p 172.17.0.1:53:53/udp.

This would allow me to have dnsmasq on the public interface of the droplet and forward incoming requests to the local docker IPs, based on subdomains.

Would that be possible or am I totally wrong here?

Any suggestions, remarks are highly appreciated.

Cheers, Tom

PS: DigitalOcean is the main spot where I maintain my domains.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I just ran into another issue in regards to systemd-resolved (who came actually up with this complex setup, the whole internet is full of trouble in regards to this).

Even though I configured /etc/systemd/resolved.conf to contain this:

  [Resolve]
  DNS=127.0.0.1
  FallbackDNS=127.0.0.1
  DNSStubListener=no

The /etc/resolv.conf gets always overwritten with 127.0.0.53 as DNS server.

nameserver 127.0.0.53
options edns0

Why is that? When I change it to 127.0.0.1 everything name resolution works again.

Greetings!

Excellent question, thanks for posting it here. I welcome anyone else weighing in on this, but I wanted to answer it to the best of my ability as well.

From where I sit, what you’re talking about sounds sane. It isn’t a setup I’ve tried, but it sounds sane. This is what I think you’re looking at:

To disable systemd binding to port 53, in /etc/systemd/resolved.conf:

DNSStubListener=no

Then in the dnsmasq config, something like this:

server=/domainone.tld/172.17.0.1
server=/domaintwo.tld/172.17.0.2

That way you’re redirecting DNS queries to the right docker container based on the zone being queried. I’m pretty sure this will work. Share with us and let us know if it did?

Jarland