Question

Dnsmasq and local docker container

Hi everyone,

I have my first droplet up and running and now have to deploy multiple docker container.

Situation:

The docker container have their own DNS Server (which is needed for the applications being deployed and can’t be changed). Per default systemd-resolved occupies UDP 53 as it listens on 127.0.0.53.

Solution(?):

My idea is to disable systemd-resolved and replace it with dnsmasq. dnsmasq should provide local DNS resolution for the host but also distribute incoming DNS requests to the various docker container. I have various local docker networks at 172.17.0.1/16 and 172.18.0.1/16. I can start my containers like -p 172.17.0.1:53:53/udp.

This would allow me to have dnsmasq on the public interface of the droplet and forward incoming requests to the local docker IPs, based on subdomains.

Would that be possible or am I totally wrong here?

Any suggestions, remarks are highly appreciated.

Cheers, Tom

PS: DigitalOcean is the main spot where I maintain my domains.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Tom HachimanMarch 27, 2019

I just ran into another issue in regards to systemd-resolved (who came actually up with this complex setup, the whole internet is full of trouble in regards to this).

Even though I configured /etc/systemd/resolved.conf to contain this:

  [Resolve]
  DNS=127.0.0.1
  FallbackDNS=127.0.0.1
  DNSStubListener=no

The /etc/resolv.conf gets always overwritten with 127.0.0.53 as DNS server.

nameserver 127.0.0.53
options edns0

Why is that? When I change it to 127.0.0.1 everything name resolution works again.

jarlandMarch 26, 2019

Greetings!

Excellent question, thanks for posting it here. I welcome anyone else weighing in on this, but I wanted to answer it to the best of my ability as well.

From where I sit, what you’re talking about sounds sane. It isn’t a setup I’ve tried, but it sounds sane. This is what I think you’re looking at:

To disable systemd binding to port 53, in /etc/systemd/resolved.conf:

DNSStubListener=no

Then in the dnsmasq config, something like this:

server=/domainone.tld/172.17.0.1
server=/domaintwo.tld/172.17.0.2

That way you’re redirecting DNS queries to the right docker container based on the zone being queried. I’m pretty sure this will work. Share with us and let us know if it did?

Jarland

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up