starred/dns-proxy-server-mageddo
1
0
Fork 0
mirror of https://github.com/mageddo/dns-proxy-server.git synced 2026-04-25 09:25:56 +03:00
Code Issues 10 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #347] Running in a container with DPS_NETWORK feature not working as expected #124

New issue
Closed
opened 2026-02-26 04:34:07 +03:00 by kerem · 8 comments
kerem commented 2026-02-26 04:34:07 +03:00
Owner
Copy link

Originally created by @Sajito on GitHub (Mar 8, 2023).
Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/347

Really cool to see this project being actively developed again.

What is Happening

I'm running the dns server in a docker container and want to use the DPS_NETWORK feature. This is my docker-compose.yml.

version: '3.6'

services:
  dns:
    image: defreitas/dns-proxy-server:3.8.1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc:/host/etc
    environment:
      MG_RESOLVCONF: /host/etc/resolv.conf
      MG_DPS_NETWORK: true
      MG_DPS_NETWORK_AUTO_CONNECT: true

When the container is started, the dns server is started listening on the container ip address and the container localhost ip address. Then the server connects it's own container to the dps network. Finally it writes the ip address from the dps network to the resolv.conf.
But because the server is not listening on the dps interface, the dns is not reachable. Have a look at this screenshot. If i'd use the initial ip address as dns server, then everything would be fine.

grafik

What is expected

Simply said, I'd only expect the automatic configuration to work. I can think of multiple ways to solve this.

  • Bind the tcp and udp server to 0.0.0.0 instead of specific interfaces
  • Start the tcp and udp server after attaching the container to the dps network
  • Write the initial network ip address into the resolv.conf

Specs

  • OS: EndeavourOS
  • Docker Version: 
    Client:
Version:           23.0.1
API version:       1.42
Go version:        go1.20
Git commit:        a5ee5b1dfc
Built:             Sat Feb 11 13:58:04 2023
OS/Arch:           linux/amd64
Context:           default

Server:
Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.20
  Git commit:       bc3805a0a0
  Built:            Sat Feb 11 13:58:04 2023
  OS/Arch:          linux/amd64
  Experimental:     false
containerd:
  Version:          v1.6.19
  GitCommit:        1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f.m
runc:
  Version:          1.1.4
  GitCommit:        
docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
  • DPS Version: Running /app/dns-proxy-server --version results in an error (Unmatched argument at index 0: '/app/dns-proxy-server'), but I've specified version 3.8.1 in my docker-compose.yml
  • The log is pretty short and visible in the screenshot. Hope that's enough.
Originally created by @Sajito on GitHub (Mar 8, 2023). Original GitHub issue: https://github.com/mageddo/dns-proxy-server/issues/347 Really cool to see this project being actively developed again. ### What is Happening I'm running the dns server in a docker container and want to use the DPS_NETWORK feature. This is my `docker-compose.yml`. ```yaml version: '3.6' services: dns: image: defreitas/dns-proxy-server:3.8.1 volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc:/host/etc environment: MG_RESOLVCONF: /host/etc/resolv.conf MG_DPS_NETWORK: true MG_DPS_NETWORK_AUTO_CONNECT: true ``` When the container is started, the dns server is started listening on the container ip address and the container localhost ip address. Then the server connects it's own container to the dps network. Finally it writes the ip address from the dps network to the resolv.conf. But because the server is not listening on the dps interface, the dns is not reachable. Have a look at this screenshot. If i'd use the initial ip address as dns server, then everything would be fine. ![grafik](https://user-images.githubusercontent.com/6151929/223832541-539f1b21-b1b0-4313-9b1f-8ffbd4139578.png) ### What is expected Simply said, I'd only expect the automatic configuration to work. I can think of multiple ways to solve this. - Bind the tcp and udp server to 0.0.0.0 instead of specific interfaces - Start the tcp and udp server *after* attaching the container to the dps network - Write the initial network ip address into the resolv.conf ### Specs - OS: EndeavourOS - Docker Version: ``` Client: Version: 23.0.1 API version: 1.42 Go version: go1.20 Git commit: a5ee5b1dfc Built: Sat Feb 11 13:58:04 2023 OS/Arch: linux/amd64 Context: default Server: Engine: Version: 23.0.1 API version: 1.42 (minimum version 1.12) Go version: go1.20 Git commit: bc3805a0a0 Built: Sat Feb 11 13:58:04 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.6.19 GitCommit: 1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f.m runc: Version: 1.1.4 GitCommit: docker-init: Version: 0.19.0 GitCommit: de40ad0 ``` - DPS Version: Running `/app/dns-proxy-server --version` results in an error (`Unmatched argument at index 0: '/app/dns-proxy-server'`), but I've specified version 3.8.1 in my docker-compose.yml - The log is pretty short and visible in the screenshot. Hope that's enough.
kerem 2026-02-26 04:34:07 +03:00
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 12, 2023):

Hey, thanks, you are are helping a lot here.

DPS Version: Running /app/dns-proxy-server --version results in an error (Unmatched argument at index 0: '/app/dns-proxy-server'), but I've specified version 3.8.1 in my docker-compose.yml

Yep the command to retrieve the version on docker image changed, I'm updating the docs right now

$ docker run --rm  defreitas/dns-proxy-server --version
<!-- gh-comment-id:1465283388 --> @mageddo commented on GitHub (Mar 12, 2023): Hey, thanks, you are are helping a lot here. > DPS Version: Running /app/dns-proxy-server --version results in an error (Unmatched argument at index 0: '/app/dns-proxy-server'), but I've specified version 3.8.1 in my docker-compose.yml Yep the command to retrieve the version on docker image changed, I'm updating the docs right now ``` $ docker run --rm defreitas/dns-proxy-server --version ```
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 12, 2023):

DPS is designed to prefer DPS network in all senses when it's available, it works great, I think the root cause here is DPS find 172.157.5.0, 0 is not a valid IP address, will take a look to find out what is hapenning.

<!-- gh-comment-id:1465283796 --> @mageddo commented on GitHub (Mar 12, 2023): DPS is designed to prefer DPS network in all senses when it's available, it works great, I think the root cause here is DPS find `172.157.5`**.0**, 0 is not a valid IP address, will take a look to find out what is hapenning.
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@Sajito commented on GitHub (Mar 12, 2023):

When I first saw the IP address ending on .0 I thought the same, but everything worked fine using the IP address. I can use the IP address for anything, even the API of the GUI.
I searched a bit and found this thread on serverfault (https://serverfault.com/questions/10985/is-x-y-z-0-a-valid-ip-address).
Having an IP address ending on .0 seems to be perfectly fine, depending on the subnet. The created dps network is a 172.157.0.0/16 subnet. So from my understanding the IP address 172.157.5.0 should be perfectly fine, as it is for most software involved.

I'm not sure, because I didn't really debug it, but I think the problem is not the IP address. I think the problem here is that the dns server is started before the dps network is created and the container attached.
If I create the dps network manually and attach the container to that network by myself, then the server will start listening on the 172.157.5.0 address. Unfortunately if I do that, then it'll again write a wrong ip address in the resolv.conf file.

Would there be any problems, if the udp and tcp servers were started listening on all interfaces (0.0.0.0), instead of only on specific, detected ip addresses?

<!-- gh-comment-id:1465290722 --> @Sajito commented on GitHub (Mar 12, 2023): When I first saw the IP address ending on `.0` I thought the same, but everything worked fine using the IP address. I can use the IP address for anything, even the API of the GUI. I searched a bit and found this thread on serverfault (https://serverfault.com/questions/10985/is-x-y-z-0-a-valid-ip-address). Having an IP address ending on `.0` seems to be perfectly fine, depending on the subnet. The created `dps` network is a `172.157.0.0/16` subnet. So from my understanding the IP address `172.157.5.0` should be perfectly fine, as it is for most software involved. I'm not sure, because I didn't really debug it, but I think the problem is not the IP address. I think the problem here is that the dns server is started before the dps network is created and the container attached. If I create the dps network manually and attach the container to that network by myself, then the server will start listening on the `172.157.5.0` address. Unfortunately if I do that, then it'll again write a wrong ip address in the resolv.conf file. Would there be any problems, if the udp and tcp servers were started listening on all interfaces (0.0.0.0), instead of only on specific, detected ip addresses?
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 12, 2023):

I'm not sure, because I didn't really debug it, but I think the problem is not the IP address. I think the problem here is that the dns server is started before the dps network is created and the container attached.

I think this must be the issue...

Would there be any problems, if the udp and tcp servers were started listening on all interfaces (0.0.0.0), instead of only on specific, detected ip addresses?

Containers won't be able to solve each other because docker won't be able to use this address as a valid DNS server, the container solving will only work at the host.

Despite on this, some feature to choose which interface to use for the OS configuration can be elaborated in the future

<!-- gh-comment-id:1465293243 --> @mageddo commented on GitHub (Mar 12, 2023): > I'm not sure, because I didn't really debug it, but I think the problem is not the IP address. I think the problem here is that the dns server is started before the ~~dps network is created and~~ the container attached. I think this must be the issue... > Would there be any problems, if the udp and tcp servers were started listening on all interfaces (0.0.0.0), instead of only on specific, detected ip addresses? Containers won't be able to solve each other because docker won't be able to use this address as a valid DNS server, the container solving will only work at the host. Despite on this, some feature to choose which interface to use for the OS configuration can be elaborated in the future
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 12, 2023):

For now, you can disable defaultDns and set 127.0.0.1 or something like at your /etc/systemd/resolved.conf then run service systemd-resolved restart and run DPS as a docker service.

See configuring systemd-resolved

<!-- gh-comment-id:1465296985 --> @mageddo commented on GitHub (Mar 12, 2023): For now, you can disable [defaultDns][1] and set 127.0.0.1 or something like at your `/etc/systemd/resolved.conf` then run `service systemd-resolved restart` and run DPS as a docker service. See [configuring systemd-resolved][2] [1]: http://mageddo.github.io/dns-proxy-server/latest/en/2-features/auto-configuration-as-default-dns/ [2]: https://unix.stackexchange.com/a/588778/117844
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 12, 2023):

Just letting you know MG_RESOLVCONF: /host/etc/resolv.conf is not necessary anymore, see https://github.com/mageddo/dns-proxy-server/pull/323

<!-- gh-comment-id:1465300384 --> @mageddo commented on GitHub (Mar 12, 2023): Just letting you know `MG_RESOLVCONF: /host/etc/resolv.conf` is not necessary anymore, see https://github.com/mageddo/dns-proxy-server/pull/323
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@mageddo commented on GitHub (Mar 17, 2023):

just relesed 2.12.1, can you give it try @Sajito ?

<!-- gh-comment-id:1473030930 --> @mageddo commented on GitHub (Mar 17, 2023): just relesed 2.12.1, can you give it try @Sajito ?
kerem commented 2026-02-26 04:34:08 +03:00
Author
Owner
Copy link

@Sajito commented on GitHub (Mar 17, 2023):

Working fine, thank you!

<!-- gh-comment-id:1473324896 --> @Sajito commented on GitHub (Mar 17, 2023): Working fine, thank you!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
gh-pages
develop
feat/138_2
feat/629
feat/594
5.9.0
5.9.0-snapshot
5.8.4
5.8.4-snapshot
5.8.3-snapshot
5.8.2-snapshot
5.8.1-snapshot
5.8.0-snapshot
5.7.0-snapshot
5.6.2-snapshot
5.6.1-snapshot
5.6.0-snapshot
5.5.1-snapshot
5.5.0-snapshot
5.4.0-snapshot
5.3.0-snapshot
5.2.0-snapshot
5.1.3-snapshot
5.1.2-snapshot
5.1.0-snapshot
5.0.5-snapshot
5.0.3-snapshot
5.0.2-snapshot
5.0.1-snapshot
5.0.0-snapshot
4.3.0-snapshot
4.2.0-snapshot
4.0.0
4.0.0-snapshot
3.32.7
3.32.7-snapshot
3.32.6
3.32.6-snapshot
3.32.5-snapshot
3.32.4
3.32.4-snapshot
3.32.3
3.32.3-snapshot
3.32.2-snapshot
3.32.1-snapshot
3.32.0-snapshot
3.31.1-snapshot
3.31.0-snapshot
3.30.5-snapshot
3.30.4
3.30.4-snapshot
3.30.3-snapshot
3.30.2-snapshot
3.30.1
3.30.1-snapshot
3.30.0-snapshot
3.29.0-snapshot
3.27.0
3.27.0-snapshot
3.26.0-snapshot
3.25.14
3.25.14-snapshot
3.25.13-snapshot
3.25.12-snapshot
3.25.11
3.25.11-snapshot
3.25.10
3.25.10-snapshot
3.25.9-snapshot
3.25.8-snapshot
3.25.7-snapshot
3.25.6-snapshot
3.25.4-snapshot
3.25.3-snapshot
3.25.2-snapshot
3.25.1-snapshot
3.25.0-snapshot
3.24.2
3.24.2-snapshot
3.24.1
3.24.1-snapshot
3.24.0-snapshot
3.23.0-snapshot
3.22.2-snapshot
3.22.3-snapshot
3.22.1-snapshot
3.21.3-snapshot
3.22.0-snapshot
3.21.2-snapshot
3.21.1-snapshot
3.20.0-snapshot
3.21.0-snapshot
3.19.7-snapshot
3.19.6-snapshot
3.19.5-snapshot
3.19.4-snapshot
3.19.3-snapshot
3.19.2-snapshot
3.19.1
3.19.1-snapshot
3.19.0
3.18.5-snapshot
3.18.4-snapshot
3.18.3-snapshot
3.18.2
3.18.2-snapshot
3.18.1-snapshot
3.18.0-snapshot
3.17.3-snapshot
3.17.2-snapshot
3.17.1-snapshot
3.17.0-snapshot
3.16.3-snapshot
3.16.2-snapshot
3.16.1-snapshot
3.16.0-snapshot
3.15.13-snapshot
3.15.12-snapshot
3.15.11-snapshot
3.15.10-snapshot
3.15.9-snapshot
3.15.8-snapshot
3.15.7-snapshot
3.15.6-snapshot
3.15.5-snapshot
3.15.4-snapshot
3.15.3-snapshot
3.15.2-snapshot
3.15.1-snapshot
3.15.0-snapshot
3.14.5
3.14.4
3.14.3
3.14.3-snapshot
3.14.2-snapshot
3.14.1-snapshot
3.14.0-snapshot
3.13.1
3.13.1-snapshot
3.13.0-snapshot
3.12.1
3.12.0
3.11.0
3.10.2-snapshot
3.10.3-snapshot
3.10.4-snapshot
3.10.5-snapshot
3.10.1-snapshot
3.9.2
3.9.1
3.9.0
3.8.1-last-version-with-quarkus
3.8.1
3.8.0
3.7.0
3.6.0
3.5.3
3.5.2
3.5.0
3.4.0-beta
3.3.0-beta
3.2.5-beta
3.2.4-beta
3.2.3-beta
3.2.2-beta
3.2.1-beta
3.2.0-beta
3.1.7-beta
3.1.6-beta
3.1.5-beta
3.1.4-beta
3.1.3-beta
3.1.2-beta
b-jre-8
3.1.1-beta
3.1.0-beta
3.0.4-beta
3.0.3-beta
3.0.2-beta
3.0.1-beta
v2-golang
2.19.5
2.19.4
2.19.3
2.19.2
2.19.1
2.19.0
2.18.7
2.18.6
2.18.5
2.18.4
2.18.3
2.18.2
2.18.1
2.18.0
2.17.4
2.17.3
2.17.2
2.17.1
2.17.0
2.16.0
2.15.0
2.14.6
2.14.5
2.14.4
2.14.2
2.14.1
2.14.0
2.13.2
2.13.1
2.13.0
2.12.0
2.11.0
2.10.4
2.10.3
2.10.2
2.10.1
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.1
2.6.0
2.5.4
2.5.3
2.5.2
2.5.1
2.5.0
2.4.1
2.4.0
2.3.3
2.2.3
2.2.2
2.2.1
2.2.0
2.1.8
2.1.7
2.1.6
2.1.5
2.1.2
2.1.1
2.1.0
2.0.21
2.0.20
2.0.19
2.0.18
2.0.17
2.0.16
2.0.9
2.0.5
2.0.4
v1-nodejs
1.8.1
1.8.0
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.9
1.6.8
1.6.7
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.0
1.4.0
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
peteris-version
1.1.4-peteris-version
1.2.0
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
Labels
Clear labels   
bug

   
confirmed

   
discussion

   
duplicate

   
enhancement

   
feature

   
feature-request

   
not-planned

   
pull-request

Mirrored from GitHub Pull Request

  
secondary-feature

   
stale

   
triage

   
waiting-feedback
No labels
bug
confirmed
discussion
duplicate
enhancement
feature
feature-request
not-planned
pull-request
secondary-feature
stale
triage
waiting-feedback
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/dns-proxy-server-mageddo#124
No description provided.