DNS issues with local resolver and containers on the same host

Hi again!

Tested installed locally (without Docker) and it worked, of course.

I found something more trying to resolve using dig from a sibling container dig @192.168.1.30 -p 53 google.com and it returned:

;; reply from unexpected source: 172.18.0.1#53, expected 192.168.1.30#53

;; reply from unexpected source: 172.18.0.1#53, expected 192.168.1.30#53

I searched a little bit more and found this answer at GitHub that suggests to use the full qualified IP on the docker port binding, so I changed my ports from:

---
version: '3.7'
services:
  unbound:
    image: mvance/unbound-rpi:1.13.0
    hostname: unbound
    restart: unless-stopped
    ports:
      - 53:53/udp
      - 53:53/tcp
    volumes: [...]

To:

---
version: '3.7'
services:
  unbound:
    image: mvance/unbound-rpi:1.13.0
    hostname: unbound
    restart: unless-stopped
    ports:
      - 192.168.1.30:53:53/udp
      - 192.168.1.30:53:53/tcp
    volumes: [...]

And then it worked.

Probably adding some mangling to iptables (when the request to here comes from there, change the IP of the response) could save us to specify the host. Also, I do not know any shortcut for that IP binding on the ports since by default is 0.0.0.0 and not the host IP.

Could you test this?

Edit: I’m now testing other things to avoid knowing the IP where the container will be placed.
Edit: Running with docker run ... --net=host did not work, same error, not translating the source from the response.

2 Likes