When I connect to a VPN using open connect, the docker containers that run afterwards have the ability to use DNS but the host machine itself does not.
If I look at the contents of /etc/resolv.conf in the containers, the file has the DNS servers in them, but the file on the host machine does not.
From Containers:
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.x.x.x
nameserver 10.x.x.x
search university.liberty.edu liberty.edu
(I have replaced the actual addresses)
From the host:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search university.liberty.edu liberty.edu
When I use anyconnect instead of openconnect, the containers do not have dns but the host machine does. Everyone on my development team has had identical results. We're on Linux Mint 19.
I added the DNS addresses in the IPv4 tab of the Network Manager in network settings.
Does anyone have any suggestions as to what I need to do to have DNS available to the host machine and the containers at the same time?
Update:
When I connect to VPN using Cisco AnyConnect, the link from /etc/resolv.conf to /run/resolvconf/resolv.conf is maintained. The result of this is that docker containers run afterward DO NOT have access to DNS. When I connect to VPN using Cisco's openconnect, the link from /etc/resolv.conf is broken and replaced, presumably by open connect. The result of this is that the docker containers are happy using DNS, but my host machine cannot.
Related
In AWS VPC, I am associating the following as DHCP
Domain name server: 10.*.*.2 (VPC DNS)
Domain Name: ec2.internal privatedomain_1.com privatedomain_2.com publicdomain.com
Due to which the hostname is getting set up as ip-10-5-*-*.privatedomain_1.comprivatedomain_2.compublicdomain.com
the above is the combination of all 3 Domains names given in DHCP.
The reason to add the domains to DHCP is to only effect /etc/resolv.conf and not the hostname but it is not working as expected, also it is adding a combination of these entries in `/etc/resolv.conf as well
# cat /etc/resolv.conf
# Generated by NetworkManager
search ec2.internal privatedomain_1.com privatedomain_2.com publicdomain.com
privatedomain_1.comprivatedomain_2.compublicdomain.com
nameserver 10.*.*.2
I have tried using the preserve hostname document provided by AWS and cloud-init
https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-rhel-centos-amazon/
How do I stop cloud-init from overwriting my hostname on AWS (CentOS)
https://cloudinit.readthedocs.io/en/latest/topics/modules.html#set-hostname.
but these didn't work out, Any suggestions?
Hello I have setup gitlab over docker and I created a repository then added simple readme file. I am trying to access to the repo from other computers in the same network but I cannot. I setup gitlab to this http://gitlab.local:30080/ url. What should I do to clone repo into other computers and work on local server ?
Where did you specify the dns entry for gitlab.local?
you need some DNS Server which is able to resolve gitlab.local to the IP of the host your docker container is running on.
Did you expose the Port from the container to the Host?
you must published the port from docker container to the one port from host.
after do this, if you use a linux OS add the record like this in /etc/hosts file.
192.168.1.10 gitlab.local
if you use a Windows OS add the record into the C:Windows\System32\drivers\etc HostFile
now you can access gitlab with this urlon the any network computer that edit host file an add record above:
http://gitlab.local:30080/
notice: the firewall must be off or add firewall-rule for gitlab and port on any computer that you use
I'm actually facing an issue which came up when using the proxy in Angular CLI.
But it's not related directly to Angular nor to node.js... it seems to have it's roots some levels deeper (namely on operating system level)
##Short version:
When I have a domain to IP mapping in my hosts file /etc/hosts and proxy it using node-http-proxy which is the underlying layer of the angular-cli proxy feature there's a delay of 5000ms before the request gets resolved and the response is provided.
Proxying is mandatory for backend communication to avoid cross origin errors in development because angular apps are served via port 4200.
##Longer version:
Operating System: OSX Catalina 10.15.4
Based on a deeper analysis it's not caused by Angular CLI and even not node.js.
It seems there's something going "wrong" with the system as I can reproduce the behavior in my terminal as well using the arp command
There's a mapping in the /etc/hosts file which looks like below:
127.0.0.1 service.company.local
When running then the command: arp service.company.local it won't resolve of course as this domain isn't known for DNS servers.
It finishes with the output: arp: service.company.local: Unknown host
Also when the computer is disconnected from internet/network (wifi of) the arp still takes 5000ms before it finishes with the Unknown host message, whereas it directly returns Unknown host for existing domains (then without delay).
The problem is pretty frustrating as it heavily slows down local development of an Angular app which is doing some cascading requests take so extremely long that a fluent work isn't possible.
Screenshot from Chrome Dev Tools:
Is there some known solution to get around this issue without moving away from the domain to ip mapping within the hosts file?
Addition (content of the hosts file)
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 service.company.local
# Added by Docker Desktop
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
I'm very thankful for any hints.
I try create docker container with custom network and dos settings.
docker network create --driver=bridge --opt "com.docker.network.bridge.enable_ip_masquerade"="true" --opt "com.docker.network.bridge.enable_icc"="true" --opt="com.docker.network.driver.mtu"="1500" --opt="com.docker.network.bridge.host_binding_ipv4"="0.0.0.0" net
--
docker run --dns 10.0.0.2 --network=net busybox cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0
Else if I use standard network all work fine
docker run --dns 10.0.0.2 --network=bridge busybox cat /etc/resolv.conf
nameserver 10.0.0.2
As of Docker 1.10, DNS is managed differently for user-defined networks. DNS for the default bridge network is unchanged for backwards compatibility. In a user-defined network, docker daemon uses the embedded DNS server. According to the documentation found here:
https://docs.docker.com/engine/userguide/networking/configure-dns/
--dns=[IP_ADDRESS...] The IP addresses passed via the --dns option is used by the embedded
DNS server to forward the DNS query if embedded DNS server is unable
to resolve a name resolution request from the containers. These
--dns IP addresses are managed by the embedded DNS server and will not
be updated in the container’s /etc/resolv.conf file.
So, the DNS nameserver will be used, it just is not visible in the container's /etc/resolv.conf.
How do I exclude DNS from the DHCP lease request on a Raspberry Pi?
I tried updating /etc/resolv.conf but it's reset after a while.
Reason: I am on a home network, and the home router uses itself as the DNS server, but the router's DNS service isn't working properly sometimes.
Most of the answers didn't work for me, but I found that this worked:
sudo vi /etc/dhcpcd.conf
Added a line (note that there is no comma):
static domain_name_servers=8.8.8.8 8.8.4.4
And unplugged and replugged my ethernet cable, which updates the resolver...
cat /etc/resolv.conf
Now shows:
# Generated by resolvconf
domain example.com
nameserver 8.8.8.8
nameserver 8.8.4.4
This also a better way to fix the problem where changes to /etc/resolv.conf are lost on reboot.
I asume the problem is, that the dhcpclient is getting new information about DNS servers with every dhcp-renewal. Add this line into /etc/dhcp/dhclient.conf:
option domain-name-servers 192.168.1.8, 8.8.8.8, 8.8.4.4
Of course you should replace the ip-addresses with the ones from your demanded DNS server. Probably restart the according service.