[solved] No DNS or DHCP lease?


Recommended Posts

Hi so my dockers are getting IPs the way they're supposed to, 172.17.0.2 for example. However they don't seem to be able to communicate with each other by hostname so I can't get sonarr to talk to sabnzbd by any other means than IP. The problem is when the dockers are restarted, be that the system or manually, they're given new IP addresses, reusing the old ones.  So say I tell sonarr to find sabnzbd on 172.17.0.2, after a reboot, it might be 172.17.0.3 and I have to manually reconfigure.

 

This sucks.  I've not used docker a lot, but I last time I did I recall being able to use host names.

 

I surely can't be the only one with this problem, so I figure I've missed something. Any ideas?

Edited by dgwharrison
solved
Link to comment
20 minutes ago, whipdancer said:

I don't have this problem.

Have you checked out any of @SpaceInvaderOne's videos?  It sounds like you didn't set up your dockers using (what I assume is) the common setup.

Pay special attention to the configuration section in this one for Sonarr for instance.

Yeah, I've done the same as he has. My problem is the IP isn't persistent, it's doled out 172.17.0.2, 172.17.0.3 etc in the order of the startup of the dockers. If you shut them all down then start them again in a different order they'll have different IP addresses. Which is obviously a pain...

Link to comment
10 minutes ago, whipdancer said:

Why are you giving your dockers their own IP addresses? I've watched almost all of his videos and I don't recall giving any of my dockers their own IP address.

Um, I didn't make my self clear I guess, because that's not what I'm doing.  What I said is that there appears to be no lease, not that there is no DHCP. DHCP is assigning 172.17.0.0/16 just fine the problem is it doesn't remember which docker (MAC address)  has which IP address.  This is generally referred to as the lease and for something like docker with a /16 subnet I would have thought that lease was forever in duration.

Link to comment

Given my limited knowledge of dockers....
For Unraid specifically...

I didn't create anything specific for my dockers when it comes to IP addresses.  All my dockers inherit my server's IP address.  My dockers are accessed via PORT number.

Did you change the default settings under settings > docker settings? (I think it's under settings for the docker engine)?

 

Edited by whipdancer
  • Like 1
Link to comment
5 hours ago, dgwharrison said:

Hi so my dockers are getting IPs the way they're supposed to, 172.17.0.2 for example. However they don't seem to be able to communicate with each other by hostname so I can't get sonarr to talk to sabnzbd by any other means than IP. The problem is when the dockers are restarted, be that the system or manually, they're given new IP addresses, reusing the old ones.  So say I tell sonarr to find sabnzbd on 172.17.0.2, after a reboot, it might be 172.17.0.3 and I have to manually reconfigure.

 

This sucks.  I've not used docker a lot, but I last time I did I recall being able to use host names.

 

I surely can't be the only one with this problem, so I figure I've missed something. Any ideas?

 

Is there any reason why you need to have the same ip assigned to a container or to connect through hostname each time it starts.

For most purposes you would use the servers ip address and the port which the container is using to access the container.

For example for me nzbget is on port 6789. So to access it i type the ip of my Unraid server (10.10.20.199) the the port

So 10.10.20.199:6789

1902673623_ScreenShot2018-11-08at17_53_19.thumb.png.d1d50642746bab495c01aa75f5947fff.png

 

So if i wanted to configure sonarr to talk to nzbget i would tell it to use that ip as that mapping will not change.

 

855570035_ScreenShot2018-11-08at17_45_52.thumb.png.d98ce87ce3dc3850998e46c408a64f35.png

 

However there may be use cases where by you might want to have containers talk by host name. For example using a reverse proxy

it is easier to use hostnames.

To do this you have to use a custom docker network. I showed how in the video i made on letsencypt reverse proxy here that you may want to check out.

https://youtu.be/I0lhZc25Sro?t=688

 

  • Like 1
Link to comment

Just to make things clear for everybody.

Docker networks do not have a real DHCP server in the the usual sense.

Docker networks do not interact with a DHCP server on that subnet either

What docker simply does is it grabs the next free IP in the docker network, and assign it to the container. If the container stops (or leaves the network), the IP is automatically marked as free and available for the next container that requests an IP.

 

The correct way to have DNS-like names is to do docker linking - which I don't like as its messy and doesn't persist across reboots

The other correct way that's persistent is to assign IP addresses to each container that needs it and add it into your LAN's DNS server.

  • Like 1
Link to comment

Hi @ken-ji, @SpaceinvaderOne & @whipdancer

 

Thanks for your help. I ended up solving this problem by switching the network of all my dockers back to host only and referring to each docker as localhost and using the port numbers. It works fine. 

 

@SpaceInvaderOne I was actually wondering about how to get an ssl certificate with lets encrypt so I will definitely watch that video thanks.

Link to comment
  • 1 year later...

Good job dgw!  I knew I ran across some blurb long ago about how to setup Radarr and Sonarr so that the IP did not have to be respecified for the dowload client(s) each and every time that the (host) system is rebooted... gets REAL tiresome after a while.

(AND, I don't quite understand why so many people didn't understand what you were talking about.)

Yea, I saw all of SpaceInvaderOne's videos (when I was new to unRaid) – he does a great job of providing pertinent info in a 'condensed' format in order to shortcut the 'learning curve' (to get up and running ASAP); BUT NO, I don't recall that he went over this one.

(Or, believe me, I would have done it.  Maybe an updated video is in order.)
So, in less than a minute, applied your resolve to see.  Yep, it works!

Just change specification of Network Type from "Bridge" (default) to "Host" in the docker's template and then in Settings for the Download Client(s) replace the "HARD-CODED" IP (that usually changes with every reboot of the system) with "localhost".  That combined with the correct Port number (in the next field) and VOILA! Hit "Test" and "successful" communication where it didn't work before (unless the proper, CURRENT IP for unRaid server was input).

(Spelled it all out here so that every one can follow what it takes to NEVER HAVE TO CHANGE THE IP ADDRESS AGAIN!)

Thanks for providing the answer – this is what the 'community' is all about!

 

  • Thanks 1
Link to comment

If you want your containers to be able to resolve other containers using their names, you have to use custom networks. It's easy, provides isolation and just works.

AFAIK, Unraid doesn't give you the option to create custom docker networks but it's easy to do from the command-line:

docker network create <your_net_name>

After you create a network, assign all the containers you want to communicate with each other using their names to this network. For example, you could put sonarr, radarr, sabnzbd in a network called "media". Those containers will then be able to communicate with the rest that are on the same network using just the container's name. If a container needs to contact another container that is on a different network (e.g. the default "bridge" network), it will have to use the server's IP.

 

If you try this and it works and you 're happy, you need to configure Unraid to remember custom docker networks across reboots. This is a yes/no option in the docker settings page (you need to stop the docker engine first and switch to advanced view to see the option IIRC - sorry not in front of Unraid UI atm).

 

HTH

Link to comment
  • 3 months later...
On 11/11/2018 at 2:00 AM, ken-ji said:

Just to make things clear for everybody.

Docker networks do not have a real DHCP server in the the usual sense.

Docker networks do not interact with a DHCP server on that subnet either

What docker simply does is it grabs the next free IP in the docker network, and assign it to the container. If the container stops (or leaves the network), the IP is automatically marked as free and available for the next container that requests an IP.

 

The correct way to have DNS-like names is to do docker linking - which I don't like as its messy and doesn't persist across reboots

The other correct way that's persistent is to assign IP addresses to each container that needs it and add it into your LAN's DNS server.

This is an old thread/post but I can't find accurate information anywhere. Can't dockers get IP addresses assigned by my DHCP server (which is my pfSense router) rather than having Unraid just giving them the first "free" address (which bypasses completely the DHCP server which can create IP duplicates if not configured in a separate subnet)? What if I would like to have my router (pfSense) in-between my dockers and the LAN? I guess it's just a limitation of the docker engine since it shares the host's ressources such as the NIC.

Link to comment
1 hour ago, dnLL said:

Can't dockers get IP addresses assigned by my DHCP server (which is my pfSense router) rather than having Unraid just giving them the first "free" address (which bypasses completely the DHCP server which can create IP duplicates if not configured in a separate subnet)?

This seems to be caused by the simple fact that there is no DHCPv4 client running in any container. Add to the fact that usually userland processes are not allowed to touch the network settings of the container, so the engine has to assign the IP (or the container specifies the IP to be assigned. I guess that its possible to have a DHCP-like plugin to the docker network system, but the developers were never interested in developing such a plugin.

 

In IPv6, the same is in effect with the exception of the fact that SLAAC is configured at the kernel level, so the container can auto learn and set IPv6 networking, but again, DHCPv6 also doesn't assign IPv6 addresses to containers.

 

1 hour ago, dnLL said:

What if I would like to have my router (pfSense) in-between my dockers and the LAN? I guess it's just a limitation of the docker engine since it shares the host's ressources such as the NIC.

Still won't work as the container engine does not actually consult with what's on the LAN and just obeys how the docker network has been configured.

Link to comment
40 minutes ago, ken-ji said:

This seems to be caused by the simple fact that there is no DHCPv4 client running in any container. Add to the fact that usually userland processes are not allowed to touch the network settings of the container, so the engine has to assign the IP (or the container specifies the IP to be assigned. I guess that its possible to have a DHCP-like plugin to the docker network system, but the developers were never interested in developing such a plugin.

 

In IPv6, the same is in effect with the exception of the fact that SLAAC is configured at the kernel level, so the container can auto learn and set IPv6 networking, but again, DHCPv6 also doesn't assign IPv6 addresses to containers.

 

Still won't work as the container engine does not actually consult with what's on the LAN and just obeys how the docker network has been configured.

Interesting. So static IPs that magically "fit" into my network design are the best option if I can't have DHCP reservations and do need fixed IPs for whatever reason, correct?

 

And if I want network isolation... well, that means I need hardware isolation which means dockers isn't adapted for that specific need and I should use VMs, correct?

 

I'm looking at Wireshark right now and when my dockers are talking to the WAN, they do go through my router and the firewall (ie. having a static IP, I could block communications of a specific docker to the WAN). They also go through pfSense if they have to talk to my desktop. However, they don't go through pfSense when they're talking to anything related to Unraid (host, VM or docker), it stays inside Unraid network. Is there any way to configure Unraid networks to actually go through my firewall? I made a separate thread for this: 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.