0
I’ve been using 3 servers with docker and docker swarm configured for a while, all the services I inserted into the swarm work correctly except one. I deployed a DNS server via compose by defining two internal zones using the Bind9 image. While I was running tests I noticed that both with dig and nslookup the DNS rejects queries (REFUSED) but only those towards the internal zones. If I execute a query towards internet domains everything works normally even using DOH. Here is the basic configuration used for testing:
docker-compose file
version: '3'
services:
bind9:
image: ubuntu/bind9
container_name: bind9
environment:
- BIND9_USER=root
- TZ=Europe/Madrid
ports:
- "53:53"
- "53:53/udp"
- "443:443/tcp"
volumes:
- ./config:/etc/bind
- ./cache:/var/cache/bind
- ./records:/var/lib/bind
- ./ssl:/etc/bind/ssl
- ./zones:/etc/bind/zones
- ./keys:/etc/bind/keys
- ./run:/var/run
restart: unless-stopped
named.conf.options (any for test)
tls local-tls {
key-file "/etc/bind/ssl/privkey.pem";
cert-file "/etc/bind/ssl/fullchain.pem";
};
acl internal {
10.0.1.0/24;
172.17.0.1/16;
172.18.0.1/16;
localhost;
localnets;
};
options {
listen-on port 53 {any; };
listen-on port 443 tls local-tls http default {any;};
forwarders {
127.0.0.1 port 5053;
};
allow-query { any;};
recursion yes;
};
named.conf.local
zone "neuromancer.loc" {
type primary;
file "/etc/bind/zones/db.office.loc";
allow-transfer { 10.0.1.99; };
};
zone "1.0.10.in-addr.arpa" {
type primary;
file "/etc/bind/zones/db1.0.10.in-addr.arpa";
allow-transfer { 10.0.1.99; };
};