Cannot connect from outside container?

General
1

Hello,

I am new to docker.
I created a cloudflared image for DNS-over-HTTPS.
I installed cloudflared and used port 5053 in the image and created a container from this image.
I attached the container and use dig command and confirmed it is working.
On the host (outside container), I used telnet and confirmed port 5053 is opened but the dig command is not working.
Do anyone have idea why it is not working outside container?
Thanks a lot!

Dockerfile used to build cloudflared image

FROM ubuntu:latest
MAINTAINER ohno
RUN apt-get update && apt-get install -y wget
RUN wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
RUN apt-get install -y ./cloudflared-stable-linux-amd64.deb
RUN rm -rf ./cloudflared-stable-linux-amd64.deb
RUN apt-get install -y dnsutils
RUN cloudflared -v
EXPOSE 5053
HEALTHCHECK --interval=2m --timeout=5s --retries=10 CMD ps -ef | grep cloudflared | grep -v grep || exit 1
CMD cloudflared proxy-dns --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

Command used to build the image

docker build --tag cloudflared:latest .

Command use to run the container:

docker run -d
ā€“name cloudflared
-p 5053:5053/tcp -p 5053:5053/udp
-p 37945:37945/tcp -p 37945:37945/udp
ā€“dns=127.0.0.1
ā€“restart=unless-stopped
cloudflared:latest

I attached the container and use dig command.

root@<container_ID>:/# dig @localhost -p 5053 www.google.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @localhost -p 5053 www.google.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33837
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
; PAD: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ("ā€¦")
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 53 IN A 216.58.199.4

;; Query time: 69 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Fri Dec 20 04:23:44 UTC 2019
;; MSG SIZE rcvd: 142

On the host, dig cannot resolve IP...

[root@centos7 cloudflared]# dig @localhost -p 5053 www.google.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @localhost -p 5053 www.google.com
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@centos7 cloudflared]#

On host port 5053 is opened, tried with telnet

[root@centos7 cloudflared]# telnet localhost 5053
Trying ::1ā€¦
Connected to localhost.
Escape character is ā€˜^]ā€™.
Connection closed by foreign host.
[root@centos7 cloudflared]#

2

There is no such thing as ā€œcreating a dockerā€.
Did you create your own image or did your start a container from an existing image?

Please share the command/compose.yml used to start the container.

3

Thank you for reply.
I built my own image and then run container from my image.
I attached the commands / Dockerfile in my first post.
Thanks.

4

I ran your image myself, and exec into container, found out your dns listen 127.0.0.1

5

I tried using change to this command to create container (without specify 127.0.0.1 as the DNS server):
docker run -d
ā€“name cloudflared
-p 5053:5053/tcp -p 5053:5053/udp
-p 37945:37945/tcp -p 37945:37945/udp
ā€“restart=unless-stopped

I got exactly the same issue.

6

CMD cloudflared proxy-dns --address 0.0.0.0 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

change CMD line like thisļ¼Œit works.

1 Like
7

Itā€™s working! Many thanks. :slight_smile:
Do you mind telling me how you figure this out?
I didnā€™t find much info on the cloudflared arguments.

8

Just exec into the container, and run cloudflared proxy-dns -h.

1 Like