November 27, 20241 yr Complete noob to unRaid here and testing this out to replace my other NAS. Thanks for bearing with me. I have a server with 2 nics (eth0, eth2). Each nic is attached a separate physical subnet. I have created 2 bridges in unraid (br0, br2) and assigned each nic accordingly. When I am creating a docker app, I am selecting `Custom: br2` for network type. The container creates correctly and I am able to access it, but for some reason the dns is wrong and it cannot access other devices on that subnet by hostname. From the host itself (like via console) I see the DNS is correctly set and I can access other devices From inside the docker container: # cat /etc/resolv.conf nameserver 127.0.0.11 options ndots:0 On the host: # cat /etc/resolv.conf # Generated by dhcpcd from br0.dhcp domain local nameserver 8.8.8.8 nameserver 1.1.1.1 I have tried adding the `--dns='xxx.xxx.xxx.xxx'` to the extra parameters section. Does not work. Furthermore it seems like it is not supposed to work as per the docker network documentation. It seems like it should just adopt the host dns settings. It would seem like `br2` is not configured correctly with my networks dns. What I effectively want is that this container should only connect on the eth2 subnet and that it should have the DNS properly configured so that it can access other devices via hostname. How can I achieve this?
November 27, 20241 yr Community Expert looks like ip router and vlan trunking issues. Please post daig file
November 27, 20241 yr Community Expert To resolve the networking issue where Docker containers using Custom: br2 are not receiving proper DNS configuration, here’s a step-by-step guide: Understanding the Issue: DNS in Docker Containers: Docker uses an embedded DNS server (127.0.0.11) for container name resolution. This server forwards requests to the DNS servers configured on the Docker host. If the br2 bridge is not correctly set up with DNS settings, containers may fail to resolve hostnames. NIC and VLAN Setup: You’ve assigned two NICs to separate subnets using two bridges (br0 and br2). Containers using br2 are likely isolated from the host’s DNS configuration due to incorrect network or VLAN trunking setup. Main Solution delete and make a docker netwrok.. Verify Bridge Setup in Unraid Go to Settings > Network Settings and ensure: br0 and br2 are correctly assigned to the corresponding NICs (eth0 and eth2). The correct subnet and gateway are configured for br2. If using VLANs, ensure VLANs are correctly assigned to the appropriate NICs. Check Docker Network Configuration docker network inspect br2 Look for: Correct gateway and subnet. DNS settings (e.g., 8.8.8.8 and 1.1.1.1 should be listed under IPAM.Config). Manually Configure DNS for br2 To ensure br2 uses the correct DNS servers: Add the DNS settings for br2 in Unraid: Go to Settings > Docker. Add --dns=8.8.8.8 --dns=1.1.1.1 in the Docker Custom Network Settings field. Apply changes and restart the Docker service. Alternatively, configure the DNS directly on br2 *remove old netowrk and create new... docker network create \ --driver=bridge \ --subnet=192.168.2.0/24 \ --gateway=192.168.2.1 \ --dns=8.8.8.8 \ --dns=1.1.1.1 \ custom_br2 Replace 192.168.2.0/24 and 192.168.2.1 with the actual subnet and gateway for br2. set dockers to use custom_br2 *giving terminal but can be done in webui... Configure the Docker Container Ensure the container is using the correct network (custom_br2): docker run --network=custom_br2 ... Test Name Resolution Enter the container's shell docker ps docker exec -it <container_name> /bin/bash then test dns: nslookup <hostname> ping <hostname> dig google.com regardless you have a network misconfiguration...
November 27, 20241 yr How is this ever going to resolve private host names ("other devices on the subnet by hostname" - not mDNS) when the container is pointing directly to outside upstreams instead of a local resolver? I'm no expert, but IMO that won't (shouldn't) work. IMO, devices and hosts on the LAN should only point to a single LAN-based address. The device/service at that address can then be responsible for upstream forwarding to any of n-number of external resolvers, while handling private addresses via its own hosts populated by dhcp and/or some manual list (like Unbound overrides, PiHole A-records, etc.) Edited November 27, 20241 yr by Espressomatic
November 28, 20241 yr Author @bmartino1 - thank you for the detailed solution. Though I am struggling to find some things. Where on the host do I configure `br2` correctly? I don't see anything in the GUI that allows setting DNS for that bridge (Settings > Network). I also don't see anything under `/etc/network/interfaces` where they would be set in other flavors of linux. Below is my output from the `docker network inspect` command: # docker network inspect br2 [ { "Name": "br2", "Id": "753d54cbc6b6428486e96892c751391df0408b3b39e5270668f0000000000000", "Created": "2024-11-27T20:11:42.502122994-00:00", "Scope": "local", "Driver": "ipvlan", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.10.0/24", "Gateway": "192.168.10.1", "AuxiliaryAddresses": { "server": "192.168.10.150" } } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "parent": "br2" }, "Labels": {} } ] I do not see any field called "Docker Custom Network Settings" under Settings > Docker to add the DNS. The below are the only fields I see. Below are the settings for `eth2` of which there is no DNS fields like there is for `eth0`. If I am creating a new network, how am I ensuring it only uses eth2 which is physically connected to the subnet? Also, I tried to test out your create command to see if maybe I could create a new one and it seems that the `--dns` option isnt recognized. Also as per the docs. # docker network create \ --driver=bridge \ --subnet=192.168.10.0/24 \ --gateway=192.168.10.1 \ --dns=8.8.8.8 \ --dns=1.1.1.1 \ custom_test unknown flag: --dns See 'docker network create --help'. Edited November 28, 20241 yr by elatedgoat
November 28, 20241 yr Author @Espressomatic - you are right. I do have a local resolver and the paste above was from a different one, but the concept is the same.
November 29, 20241 yr Community Expert Not enoth info to assist... appologies your right, docker network create settings for dns settings if different and are set at the container lever not docker network level. the docker network level needs router info and parent interface info if not doing a bridge as seen in the docs. My bad I over looked that. in terms of web ui, Hard to say with web UI due to defautl brdige is br0 not sure how you made ahve or created br2 if you made br2 via ip/ifconfi/bridge tools... It may not show up in the web ui. you will have to make and do theres things via some user scripts at first boot or terminal. at the bottom of the webui in netwroks is the ip routes you may need one for br2. otherwise a different network aproach may be need. Here is other docker dns solution as is replace internal resolve.conf... with a 1 to 1 file replacment... *this may be a temp fix/workaround but doesn't fix the network misconfigurations. still no diag to further asist. not sure is in syslog at boot if interfaces are chaing as example. What nics or network issues you may have outside of current setup. not sure eth2 conection and how taht is talking to other interfaces on netwrok or if you have a adhock setup to antoehr device. I need netwrok layout example ISP Modem(fiber) media convertor > unif/?isp/3rdparty router > switch? > device por 1 device port 2 ?vlans? try 1 to 1 replacement as outlined in the other fourm to force internal docker dns settings...
November 29, 20241 yr Author What do you mean by "no diag to further assist"? I created the second bridge `br2` via the GUI and as described in this post. Then I saw that `custom br2` docker network show up as an option when creating the container. So I chose that when configuring the container. I am able to reach other devices by using the IP address. My setup is ISP Modem > opnsense > sub network 1 switch > unraid eth0 > br0 > sub network 2 switch > unraid eth2 > br2 > device 1 > device 2 > ... device n I am not using vlans. How can I get a container to use eth2 and be able to communicate to other devices via hostname on sub network 2? If there are some commands you need me to run just let me know and I can share the output.
November 30, 20241 yr Community Expert Thank you for the additional information... again I don't know how you made br2 enable bridging tells unraid to make br0 and the setting in the web ui tell you want interface you wanted to connect to br0 in this case confirm you unraid networking tab and make suer br0 is attached to eth0 we may need to use terminal comand to fix this if br2 doen't show in the Web UI. Since your subnetting not using vlans and apear to have and are using 2 nic to a differnet ip address via subnet I'd recomend turn off bridging and setup a docker network create to eth2 as a custom network: example on lmy test machine. by default unraid vhost may try to duplicate if eth0 has a static set ip address #!/bin/bash # Reset and configure vhost0 interface ip link set vhost0 down # Bring vhost0 down ip addr flush dev vhost0 # Remove any existing IPs ip addr add 192.168.2.150/24 dev vhost0 # Assign the desired IP ip link set vhost0 up # Bring vhost0 up So I run the above to not have 2 seperate macs having the same ip address. In your case your br0 may be tied to other interfaceing causing issues or br2 not tied to a interface and thus doesn't have a parent interface for its traffic. since your subnetting the dhcp ip group needs to be different. meaning switch 1 give out 192.168.1.x/24 and siwtch 2 needs to give out 192.168.2.x/24 your diagram: sub network 1 switch > unraid eth0 > br0 sub network 2 switch > unraid eth2 > br2 sub network switch 1 DHCP ip is ? sub network switch 2 DHCP ip is ? if they are both 192.168.1.x /24 they will not be able to communicate due to ip route in unraid using 192.168.1.x on eth0 as a netowrk layer 2 route won't exisit for them to talk onthe smae machine if shaing the sambe ip domain group 192.168.1.x This can be Complicated more due to br0 and its potential default unraid configurations/misconfigurations. Based on the info you have presented as the diag file is only a part of the picture and didn't capture this other data to help explain and give solutions to your problem. Id recommend 1. Disable all auto strats to any VM,Docker, LXC. 2. Turn off vms,docker, lxc in settings 3. turn off array to edit webui network settings. 4. Disable bridging (as far as i can tell you don't need it unless you have eth1 sharing network wiht eth0 etc..) *potentail reboot... 4.5 - reset netowrk settings for what you want per your digram set a static ip on eth0 and a static ip on eth2 in the switches subnet. 5. enable docker (no Dockers should be running) 5.5 - delete and reset the docker network settings... so you should only have the default docker network when running 6. edit each docker to use the new custum eth0 if they are assgined a staic ip 7. enable and fix any netowrking settings for VM / LXC: VM setting may need updating settings like: lxc: Step 5 more information: may need to change settings... I recommend using macvlan for easier troubleshooting and device finding with misaddress.. ^- set docekr settign to use macvlan... Then check what docker configurations/misconfigruation you have: docker network ls *Your network IDs will be different: root@BMM-Unraid:~# docker network ls NETWORK ID NAME DRIVER SCOPE 9cbd343c82a0 bridge bridge local 0302aa0c1e94 eth0 macvlan local 99ab079461ad host host local 05b15108e8ce none null local root@BMM-Unraid:~# if you don't have a bridge, eth0 to macvlanb/ipvlan, host, none network as shown above we need to reset your docker netowrking by removing the docker db file and running docker network remove as latter we need to add a eth2 macvlan/ipvlan network via terminal... *I prefer macvlan for reason (mainly each docker gets it own unique mac address) where as unraid has moved to the new standard of ipvaln (where each docker shares the paretns interface mac addresss. review: the create a docker netowrk macvlan or ipvlan... for eth2 docker network create \ -d macvlan \ --subnet=192.168.1.0/24 \ --gateway=192.168.1.1 \ -o parent=eth2 \ mcavlan Explanation of the Flags: -d macvlan: Specifies that the network driver is macvlan. --subnet: The subnet for the macvlan network (replace 192.168.1.0/24 with your actual network range). --gateway: The gateway IP for your network (replace 192.168.1.1 with your actual gateway). -o parent=eth2: Sets the physical interface to eth2 for the macvlan network. mcavlan: The name of the Docker network you're creating. setting your switch 2 subnet information... then move to step 6... as you have a network misconfiguration on unraid. Potential network configuration need on your subnets.
December 6, 20241 yr Author Sorry to be a pain. But I followed your steps above and I am still not able to get DNS working in that network. I even deleted the existing network and recreated it with your command above. I am at a loss of what to do at this point. I can believe it is this complicated to get a docker network to work on a second nic.
December 6, 20241 yr Did you by any chance see the custom network at the bottom of your Docker settings and configure the subnet and gateway there? I played around a bit just to see if I was able to create and assign the network - which I was. But I'd have to make additional changes to allow connecting to a different subnet from the first to then properly test the docker's DNS - which I haven't done.
December 6, 20241 yr Author I do see both networks and they seem to be configured correctly. To reiterate, the container gets an IP address on that second subnet and I am able to access it. Though that container does not have DNS properly configured to use my local resolver to access other devices on that subnet by hostname.
December 6, 20241 yr Author Solution So, maybe I should have realized this noob mistake but it seems like I need to use the FQDN for local resolution and that it is working now. So I needed to use something like `hostname.local` and not just `hostname`. Thanks for all the help!
December 6, 20241 yr .local is a special case advertised by mDNS. If you want to test regular DNS, you can try resolving outside hosts or internal hosts that don't use mDNS. If everything's using mDNS then no worries for all internal traffic.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.