Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Docker container on second bridge but DNS not working

Featured Replies

Complete noob to unRaid here and testing this out to replace my other NAS.  Thanks for bearing with me.

 

  • I have a server with 2 nics (eth0, eth2).
  • Each nic is attached a separate physical subnet.
  • I have created 2 bridges in unraid (br0, br2) and assigned each nic accordingly.
  • When I am creating a docker app, I am selecting `Custom: br2` for network type.
  • The container creates correctly and I am able to access it, but for some reason the dns is wrong and it cannot access other devices on that subnet by hostname.
  • From the host itself (like via console) I see the DNS is correctly set and I can access other devices

 

From inside the docker container:

 

# cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

 

On the host:

# cat /etc/resolv.conf
# Generated by dhcpcd from br0.dhcp
domain local
nameserver 8.8.8.8
nameserver 1.1.1.1

 

 

I have tried adding the `--dns='xxx.xxx.xxx.xxx'` to the extra parameters section.  Does not work.

Furthermore it seems like it is not supposed to work as per the docker network documentation.

It seems like it should just adopt the host dns settings.

It would seem like `br2` is not configured correctly with my networks dns.

 

What I effectively want is that this container should only connect on the eth2 subnet and that it should have the DNS properly configured so that it can access other devices via hostname.

 

How can I achieve this?

 

 

 

Solved by elatedgoat

  • Community Expert

looks like ip router and vlan trunking issues. Please post daig file

 

  • Community Expert

To resolve the networking issue where Docker containers using Custom: br2 are not receiving proper DNS configuration, here’s a step-by-step guide:

Understanding the Issue:

 

DNS in Docker Containers:

Docker uses an embedded DNS server (127.0.0.11) for container name resolution. This server forwards requests to the DNS servers configured on the Docker host.

If the br2 bridge is not correctly set up with DNS settings, containers may fail to resolve hostnames.

 

NIC and VLAN Setup:

You’ve assigned two NICs to separate subnets using two bridges (br0 and br2).

Containers using br2 are likely isolated from the host’s DNS configuration due to incorrect network or VLAN trunking setup.

 

Main Solution delete and make a docker netwrok..
 

Verify Bridge Setup in Unraid

Go to Settings > Network Settings and ensure:

br0 and br2 are correctly assigned to the corresponding NICs (eth0 and eth2).

The correct subnet and gateway are configured for br2.

If using VLANs, ensure VLANs are correctly assigned to the appropriate NICs.

 

Check Docker Network Configuration

docker network inspect br2

Look for:

Correct gateway and subnet.

DNS settings (e.g., 8.8.8.8 and 1.1.1.1 should be listed under IPAM.Config).

 

Manually Configure DNS for br2

To ensure br2 uses the correct DNS servers:

Add the DNS settings for br2 in Unraid:

Go to Settings > Docker.

Add --dns=8.8.8.8 --dns=1.1.1.1 in the Docker Custom Network Settings field.

Apply changes and restart the Docker service.

 

Alternatively, configure the DNS directly on br2

*remove old netowrk and create new...

docker network create \
  --driver=bridge \
  --subnet=192.168.2.0/24 \
  --gateway=192.168.2.1 \
  --dns=8.8.8.8 \
  --dns=1.1.1.1 \
  custom_br2

Replace 192.168.2.0/24 and 192.168.2.1 with the actual subnet and gateway for br2.

 

set dockers to use custom_br2

*giving terminal but can be done in webui...
 

Configure the Docker Container

Ensure the container is using the correct network (custom_br2):

docker run --network=custom_br2 ...

 

Test Name Resolution

Enter the container's shell

docker ps
docker exec -it <container_name> /bin/bash


then test dns:

nslookup <hostname>
ping <hostname>
dig google.com



regardless you have a network misconfiguration...

How is this ever going to resolve private host names ("other devices on the subnet by hostname" - not mDNS) when the container is pointing directly to outside upstreams instead of a local resolver? I'm no expert, but IMO that won't (shouldn't) work.

 

IMO, devices and hosts on the LAN should only point to a single LAN-based address. The device/service at that address can then be responsible for upstream forwarding to any of n-number of external resolvers, while handling private addresses via its own hosts populated by dhcp and/or some manual list (like Unbound overrides, PiHole A-records, etc.)

 

 

 

 

Edited by Espressomatic

  • Author

@bmartino1 - thank you for the detailed solution.  Though I am struggling to find some things.  Where on the host do I configure `br2` correctly?  I don't see anything in the GUI that allows setting DNS for that bridge (Settings > Network).  I also don't see anything under `/etc/network/interfaces` where they would be set in other flavors of linux.  Below is my output from the `docker network inspect` command:

 

# docker network inspect br2
[
    {
        "Name": "br2",
        "Id": "753d54cbc6b6428486e96892c751391df0408b3b39e5270668f0000000000000",
        "Created": "2024-11-27T20:11:42.502122994-00:00",
        "Scope": "local",
        "Driver": "ipvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.10.0/24",
                    "Gateway": "192.168.10.1",
                    "AuxiliaryAddresses": {
                        "server": "192.168.10.150"
                    }
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "parent": "br2"
        },
        "Labels": {}
    }
]

 

 

I do not see any field called "Docker Custom Network Settings" under Settings > Docker to add the DNS.  The below are the only fields I see.

 

Screenshot2024-11-27225903.thumb.png.f1c3038c33a12813ef187c6fbfe94545.png

 

Below are the settings for `eth2` of which there is no DNS fields like there is for `eth0`.

 

Screenshot2024-11-27231246.thumb.png.a94d7a2a18effb413c25e59e4cc0bcb5.png

 

If I am creating a new network, how am I ensuring it only uses eth2 which is physically connected to the subnet?

 

Also, I tried to test out your create command to see if maybe I could create a new one and it seems that the `--dns` option isnt recognized.  Also as per the docs.

 

# docker network create \
  --driver=bridge \
  --subnet=192.168.10.0/24 \
  --gateway=192.168.10.1 \
  --dns=8.8.8.8 \
  --dns=1.1.1.1 \
  custom_test
unknown flag: --dns
See 'docker network create --help'.

 

Edited by elatedgoat

  • Author

@Espressomatic - you are right.  I do have a local resolver and the paste above was from a different one, but the concept is the same.

  • Community Expert

Not enoth info to assist...

appologies your right, docker network create settings for dns settings if different and are set at the container lever not docker network level.
the docker network level needs router info and parent interface info if not doing a bridge as seen in the docs. My bad I over looked that.

in terms of web ui,
Hard to say with web UI due to defautl brdige is br0 not sure how you made ahve or created br2
if you made br2 via ip/ifconfi/bridge tools... It may not show up in the web ui. you will have to make and do theres things via some user scripts at first boot or terminal. at the bottom of the webui in netwroks is the ip routes you may need one for br2. otherwise a different network aproach may be need.

Here is other docker dns solution as is replace internal resolve.conf... with a 1 to 1 file replacment...

*this may be a temp fix/workaround but doesn't fix the network misconfigurations.

still no diag to further asist. not sure is in syslog at boot if interfaces are chaing as example. What nics or network issues you may have outside of current setup.
not sure eth2 conection and how taht is talking to other interfaces on netwrok or if you have a adhock setup to antoehr device.

I need netwrok layout
example 

ISP Modem(fiber) media convertor  > unif/?isp/3rdparty router > switch? > device por 1 device port 2
?vlans?

try 1 to 1 replacement as outlined in the other fourm to force internal docker dns settings...

  • Author

What do you mean by "no diag to further assist"?

 

I created the second bridge `br2` via the GUI and as described in this post.

 

 

Then I saw that `custom br2` docker network show up as an option when creating the container. So I chose that when configuring the container. I am able to reach other devices by using the IP address.

 

My setup is ISP Modem > opnsense > sub network 1 switch > unraid eth0 > br0

                                                      > sub network 2 switch > unraid eth2 > br2

                                                                                    > device 1

                                                                                    > device 2

                                                                                    > ... device n

 

I am not using vlans.

 

How can I get a container to use eth2 and be able to communicate to other devices via hostname on sub network 2?

 

If there are some commands you need me to run just let me know and I can share the output.

 

  • Community Expert

Thank you for the additional information...

again I don't know how you made br2

enable bridging tells unraid to make br0 and the setting in the web ui tell you want interface you wanted to connect to br0

in this case confirm you unraid networking tab and make suer br0 is attached to eth0

we may need to use terminal comand to fix this if br2 doen't show in the Web UI.

Since your subnetting not using vlans and apear to have and are using 2 nic to a differnet ip address via subnet

I'd recomend turn off bridging and setup a docker network create to eth2 as a custom network:

example on lmy test machine.
image.thumb.png.82f980121b50922c63abbffec0c5cc3a.png

 

by default unraid vhost may try to duplicate if eth0 has a static set ip address
 

#!/bin/bash
# Reset and configure vhost0 interface
ip link set vhost0 down                       # Bring vhost0 down
ip addr flush dev vhost0                      # Remove any existing IPs
ip addr add 192.168.2.150/24 dev vhost0       # Assign the desired IP
ip link set vhost0 up                         # Bring vhost0 up

So I run the above to not have 2 seperate macs having the same ip address.

In your case your br0 may be tied to other interfaceing causing issues or br2 not tied to a interface and thus doesn't have a parent interface for its traffic.

since your subnetting the dhcp ip group needs to be different. meaning switch 1 give out 192.168.1.x/24 and siwtch 2 needs to give out 192.168.2.x/24

your diagram:

sub network 1 switch > unraid eth0 > br0

sub network 2 switch > unraid eth2 > br2

sub network switch 1 DHCP ip is ?

sub network switch 2 DHCP ip is ?

 

if they are both 192.168.1.x /24
they will not be able to communicate due to ip route in unraid using 192.168.1.x on eth0
as a netowrk layer 2 route won't exisit for them to talk onthe smae machine if shaing the sambe ip domain group 192.168.1.x 

This can be Complicated more due to br0 and its potential default unraid configurations/misconfigurations.

Based on the info you have presented as the diag file is only a part of the picture and didn't capture this other data to help explain and give solutions to your problem.

Id recommend

1. Disable all auto strats to any VM,Docker, LXC.
2. Turn off vms,docker, lxc in settings
3. turn off array to edit webui network settings.
4. Disable bridging (as far as i can tell you don't need it unless you have eth1 sharing network wiht eth0 etc..)
*potentail reboot...

4.5 - reset netowrk settings for what you want per your digram
set a static ip on eth0 and a static ip on eth2 in the switches subnet.

 

5. enable docker (no Dockers should be running)
5.5 - delete and reset the docker network settings...
so you should only have the default docker network when running 

6. edit each docker to use the new custum eth0 if they are assgined a staic ip
7. enable and fix any netowrking settings for VM / LXC:

VM setting may need updating settings like:

image.png.4095427f43a1be1282b35d7173177083.png

lxc:
image.png.4db67ffecbb2c734469d898ff51ef260.png


Step 5 more information:
may need to change settings... I recommend using macvlan for easier troubleshooting and device finding with misaddress..
image.png.9d1d49434f45dc5227b119b1242d04bf.png

^- set docekr settign to use macvlan...

Then check what docker configurations/misconfigruation you have:

docker network ls

*Your network IDs will be different:
 

root@BMM-Unraid:~# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
9cbd343c82a0   bridge    bridge    local
0302aa0c1e94   eth0      macvlan   local
99ab079461ad   host      host      local
05b15108e8ce   none      null      local
root@BMM-Unraid:~# 

if you don't have a bridge, eth0 to macvlanb/ipvlan, host, none network as shown above

we need to reset your docker netowrking by removing the docker db file and running docker network remove
as latter we need to add a eth2 macvlan/ipvlan network via terminal...

*I prefer macvlan for reason (mainly each docker gets it own unique mac address) where as unraid has moved to the new standard of ipvaln (where each docker shares the paretns interface mac addresss.

review:


the create a docker netowrk macvlan or ipvlan... for eth2
 

docker network create \
  -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth2 \
  mcavlan


 

Explanation of the Flags:

-d macvlan: Specifies that the network driver is macvlan.

--subnet: The subnet for the macvlan network (replace 192.168.1.0/24 with your actual network range).

--gateway: The gateway IP for your network (replace 192.168.1.1 with your actual gateway).

-o parent=eth2: Sets the physical interface to eth2 for the macvlan network.

mcavlan: The name of the Docker network you're creating.

setting your switch 2 subnet information...

then move to step 6...

as you have a network misconfiguration on unraid. Potential network configuration need on your subnets.

  • Author

Sorry to be a pain.  But I followed your steps above and I am still not able to get DNS working in that network. I even deleted the existing network and recreated it with your command above. I am at a loss of what to do at this point.  I can believe it is this complicated to get a docker network to work on a second nic.

Did you by any chance see the custom network at the bottom of your Docker settings and configure the subnet and gateway there?

 

Screenshot2024-12-06at1_29_30PM.thumb.png.ffabab6e15a1ba11002fa164ea1e37e7.png

 

I played around a bit just to see if I was able to create and assign the network - which I was. But I'd have to make additional changes to allow connecting to a different subnet from the first to then properly test the docker's DNS - which I haven't done.

 

 

  • Author

I do see both networks and they seem to be configured correctly.  To reiterate, the container gets an IP address on that second subnet and I am able to access it.  Though that container does not have DNS properly configured to use my local resolver to access other devices on that subnet by hostname.

  • Author
  • Solution

So, maybe I should have realized this noob mistake but it seems like I need to use the FQDN for local resolution and that it is working now.  So I needed to use something like `hostname.local` and not just `hostname`.  Thanks for all the help!

.local is a special case advertised by mDNS. If you want to test regular DNS, you can try resolving outside hosts or internal hosts that don't use mDNS. If everything's using mDNS then no worries for all internal traffic.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.