DNS/DHCP server in docker container on NAS host: halp!

Hi. So, I’m creating problems to solve to a.) learn docker, and b.) work with what I’ve got here.

I have an ASUS WiFi router running my LAN’s DHCP server. But it doesn’t have a DNS server. And configuring my LARGE number of MAC address to IP address reservations using that router’s web interface is a pain.

Solution: run dnsmasq on my NAS. It can do both DNS and DHCP server duties.

Problem: my NAS is an Asustor AS5304T. It runs ADM (a flavor of Debian, I think). And its package manager has slim pickings. No dnsmasq. But it does have docker-ce!

Solution: Run dnsmasq in a docker container on my NAS.

Problem: Though DNS works like a charm with this solution, the DHCP server does not. Best I can tell, this has something to do with the container not getting any broadcast traffic. I’m using bridge mode networking. I tried host mode, but that doesn’t work, and in fact breaks the DNS side of things.

To be honest, this is where my lack of knowledge becomes a problem. I don’t know how to really troubleshoot this.

Any takers?

Since I have never tried this and well… I could be better at networking, I am guessing, but have you tried privileged mode or adding capabilities?

This might be helpful: Running dnsmasq in Docker - Chris Sainty

How did it breake the DNS? What happened?

I have tried tinkering with adding capabilities, including NET_ADMIN and NET_BROADCAST. I’ve also tried privileged mode. Nothing has worked so far.

How did it break DNS? Well, when I try to use jpillora/dnsmasq with host mode networking, the entire container becomes unreachable. I can’t access the web front end, and other clients on my network respond to “host xxxdomainname xxxNASIPaddress” commands with connection timeouts.

But when in the container is in bridged mode with -p 53:53 opened up, that command works fine, and, of course, using the dns names to say, access SMB volumes, etc., also works fine. But tcpdump commands run from inside the dnsmasq container show no DHCP traffic at all (and yes, I’m opening up port 67 in this case).