KeyBoardDabbler Posted February 6 Share Posted February 6 I'm hoping someone can help me because I feel I am seriously missing the concept of DNS and what I am trying to achieve. Short version I have a VLAN80 network for the dedicated game servers containers I am hosting on unraid, this network has restricted access to the rest of the network, quite standard. In opnsense i have set networks to use different DNS servers set via the DHCP settings for the related network. For some reason that i do not understand VLAN80 needs a rule to allow 53 to LAN. I suspect unraid Containers use host’s DNS settings? Long version I read that using the same DNS servers for each network could expose the internal network structure. So with that in mind, I have configured VLAN80 to use Cloudflare as an external DNS resolver. To clarify SYSTEM: SETTINGS: GENERAL: DNS servers = 9.9.9.9, 149.112.112.112 SERVICES: DHCPV4: [VLAN80_DMZ]: DNS servers = 1.1.1.1, 1.0.0.1 Services: Unbound DNS: General Network Interfaces = LAN Outgoing Network Interfaces = WAN Using `dig` devices on LAN use the default DNS. Using `dig` devices on VLAN80 use the CloudFlare DNS. Devices on VLAN80 have internet access but can't access LAN network. Devices on VLAN80 are assigned the correct IP, I.e. 10.0.80.23 Here is the problem unraid containers using the bond0.80 network (VLAN80) do not have internet ` # docker run --rm --network bond0.80 busybox nslookup www.google.com ;; connection timed out; no servers could be reached` Starting the game server containers fail to load, and using packet capture I can see requests to LAN port 53. ethertype IPv4 (0x0800), length 79: (tos 0x0, ttl 64, id 11339, offset 0, flags [DF], proto UDP (17), length 65) 10.0.80.25.59421 > 192.168.1.1.53: [udp sum ok] 6081+ A? cdn.steamstatic.com. (37) ethertype IPv4 (0x0800), length 79: (tos 0x0, ttl 64, id 16259, offset 0, flags [DF], proto UDP (17), length 65) 10.0.80.25.49361 > 192.168.1.1.53: [udp sum ok] 6081+ A? cdn.steamstatic.com. (37) So I created an `Allow Port 53 from VLAN80 net to Lan net`. Sure enough the game server containers start up. Why is it needing access to LAN, going back to the start wasn't the point to not expose the internal network? Quote Link to comment
Solution Vr2Io Posted February 6 Solution Share Posted February 6 2 hours ago, KeyBoardDabbler said: unraid containers Docker are use Unraid DNS setting, it won't use LAN DHCP even allocate IP. Quote Link to comment
KeyBoardDabbler Posted February 6 Author Share Posted February 6 6 hours ago, Vr2Io said: Docker are use Unraid DNS setting, it won't use LAN DHCP even allocate IP. Ahh this explains the need for a rule allowing port 53 traffic from VLAN80 to LAN for the containers to function properly. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.