[RESOLVED] Change of DNS Server in networks settings messes up docker

[rorton]

Ive configured a new DNS server on my network  - old server ip 192.168.1.14 - new one is 192.168.1.11. 

 

I stopped the array, changed the ipv4 DNS Server in the NIC to the new address, restarted the array, and now docker containers that are using the bridged network connection (serverIP:port number, such as sonaar, nzbhydra etc) can no longer perform DNS lookups. 

 

Ive rebooted the server, no difference, if I stop the array, and change the DNS Server back to the old address, start the array, it all works perfectly again. 

 

I tried deleting one of the offending docker containers, and reloaded it, along with a new config directory, still the same. 

 

Any ideas - have I missed a setting somewhere? 

Thanks

Edited July 25, 2022 by rorton

[Frank1940]

What happens if you ping (via the GUI Terminal) cnn.com or google.com?

[rorton]

hi, all seems to be fine from Unraid OS itself, nslookups happen from the CLI and reference the new DNS Server, and the docker containers im running that have dedicated IP's also seem to resolve OK, it just seems to be an issue with the containers sharing the Unraid IP with separate port numbers

[rorton]

sorry, did you mean from inside Unraid or the docker container itself?

[Frank1940]

4 minutes ago, rorton said:

sorry, did you mean from inside Unraid or the docker container itself?

From the Unraid GUI toolbar as shown below:

[rorton]

Yep thats looks fine from the GUI toolbar, same as an ssh session to the Unraid box itself. , can ping out to bbc.co.uk, and can also nslookup bcc.co.uk and it talks to the new DNS Server I have setup and resolves the name ok

 

 

I tried from inside on of the dockers consoles and cant get a resolution...

 

root@7d549749badd:/# ping bbc.co.uk
ping: bad address 'bbc.co.uk'
root@7d549749badd:/# nslookup bbc.co.uk
;; connection timed out; no servers could be reached

root@7d549749badd:/# 
 

 

 

[rorton]

Done a bit more testing. For info, my unraid is in 192.168.10.0/25 and DNS Server 192.168.1.0/25, thus my traffic has to go via my router/firewall (which is a USG) to get between the networks. 

 

As such, I can do a tcpdump on the dest subnet interface (the 192.168.1.0 network) and if I do an NSLOOKUP from inside the docker container for something like Amazon .co.uk, I can see the request...

 

14:40:27.089533 IP 192.168.10.8.56750 > 192.168.1.11.domain: 23259+ A? amazon.co.uk. (30)

14:40:27.090166 IP 192.168.10.8.56750 > 192.168.1.11.domain: 23259+ A? amazon.co.uk. (30)

14:40:27.115705 IP 192.168.1.11.domain > 192.168.10.8.34893: 23259 3/0/0 A 54.239.34.171, A 178.236.7.220, A 54.239.33.58 (78)

 

my 192.168.10.8 address is the unraid box, so I see unraid make a DNS request to my DNS Server 192.168.1.11, and I see my DNS Server respond back with the IPs, so the docker container is making the request by the look of it. 

 

if I then tcp dump by interface in the 192.168.10.0 subnet, where the unraid box is, I see the initial request go out (good, we see that also on the vlan where the DNS Server is) but I dont see the reply. 

[rorton]

Also, forgot to add that my previous dns server was not a docker container, it was a rasp pi running pi hole, in the same subnet, it had an ip of 192.168.1.14. 
 

I think maybe I have something wrong with how my docker is setup for networking 

[rorton]

thinking about this then....

 

I have an Unraid Server in 192.168.10.8 with a number of docker containers running on separate ports. 

 

One of these docker containers needs to make a DNS request, so another docker container in a different subnet 192.168.1.11

 

The request leaves 192.168.10.8, I see this in a tcp dump, gets to the router/firewall, and then leave the router/firewall on the 192.168.1.11 interface, dns does its thing, gives an IP address back, this gets to the firewall, then nothing happens, I dont see the packet again at the firewall.

 

Now, if I have a host in the 192.168.10.0/25 network, like my Mac for example, I can make and resolve dns no problem at all with the docker container. 

[rorton]

Ive resorted to giving each of my docker containers a dedicated static IP address instead of sharing the hosts address and it all works now so will mark this as resolved