Docker Community Forums

Share and learn in the Docker community.

Network connect to docker container - HTTP works, DNS does not work

dns
docker

(Darkz0r) #1

Hi,
I am new to Docker so it took me many days to even get the HTTPD server working so bear with me please :slight_smile:

Basically, the whole network can see the webserver inside the Docker container, but I can only run local (127.0.0.1) nslookups to the container.

I have dabbled with macvlan (no inet connectivity at all, and no inbound ports), fixed container IP, custom bridge with the network subnet and still I cannot make this work.

Can you help?

Thanks in advance

Config
7Host = Windows 10 - IP 192.168.1.7

Worked after I killed a webserver service occupying port 80!

Nothing occupies port 53

Firewall turned off/on did no difference

172Pi-hole = diginc/docker-pi-hole - IP 172.x.x.x

started with “docker run -e ServerIP=“192.168.1.7” --restart=always --name=pi-hole -p 53:53/udp -p 53:53/tcp -p 80:80/tcp -d diginc/pi-hole”

Debug looks ok, dnsmasq and ngnix started and blocklists are getting downloaded (internet connectivity works). iptables is simply not there

10Mac = Mac with 192.168.1.10

Tests
10Mac --> 7Host:80 OK
10Mac --> 7Host:53 NOT OK - nslookup times out, no logs anywhere

7Host --> 7Host:80 OK
7Host --> 127.0.0.1:53 OK > nslookup > server 127.0.0.1
7Host --> 7Host:53 NOT OK - nslookup times out, no logs anywhere

172Pi-hole --> 172Pi-hole:80 OK
172Pi-hole --> 172Pi-hole:53 OK


(Darkz0r) #2

Based on pi-hole-container authors suggestion I ran

docker run -e ServerIP=“192.168.1.7” --restart=always --name=pi-hole -p 192.168.1.7:53:53/udp -p 192.168.1.7:53:53/tcp -p 192.168.1.7:80:80/tcp -d diginc/pi-hole

Running the above, I can see HTTP still working on the container from the 10Mac and 7Host but now it doesnt respond to any DNS, nslookup 127.0.0.1 nor nslookup 192.168.1.7!

I am running Docker version 17.09.1-ce, build 19e2cf6 on Windows Pro.


(Darkz0r) #3

I ran into the exact same issue with “docker run -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN -d andyshinn/dnsmasq” as well as bind and others.

53 is a big nono, but I can see the webmin and other ports.


(Darkz0r) #4

Solved it by disabling/renabling the “DoS Protection”/Firewall on my Asus router RT-AC68U! I had NO idea it was also an internal firewall. Will do a bug report to them!

Thanks so much!