havenask
havenask copied to clipboard
Published
20 hours ago •
alibaba
alibaba
Ubuntu下,启动docker后,DNS不生效,主机和容器都无法访问域名,关闭容器后恢复
因为Ubuntu(22.04 LTS)的骚操作,systemd-resolved在本地自建了一个本地DNS服务器,提供127.0.0.53作为DNS服务以供访问 关闭systemd-resolved,改用unbound之后就不会出现此问题。 参考链接:https://blog.csdn.net/qq_43111963/article/details/124998719
以下是使用systemd-resolved时的错误记录
创建容器之前(主机)
(base) model@ChatGLM--Q35-ICH9-2009:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
valid_lft forever preferred_lft forever
inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~$ resolvectl
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (enp6s18)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
DNS Servers: 202.99.160.68
Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~$ nslookup www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.3
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237
Name: www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d
创建容器
(base) model@ChatGLM--Q35-ICH9-2009:~$ cd havenask/docker/havenask/
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ./create_container.sh havenask
Start to run scrip
Info: Repo locatation: /home/model/havenask/docker
Info: Container entry: /home/model/havenask/docker/havenask/havenask
Begin pull image: registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
1.0.0: Pulling from havenask/ha3_runtime
Digest: sha256:77e4a1f0a12b96517252c3a86cc87fca647cbcd2dffed63927600a15187e7810
Status: Image is up to date for registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0
Begin initialize container:
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
INFO start container success
创建容器之后(主机)
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ resolvectl
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (enp6s18)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
DNS Servers: 202.99.160.68
Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ nslookup www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find www.baidu.com: SERVFAIL
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
valid_lft forever preferred_lft forever
inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
创建容器之后(容器)
(base) model@ChatGLM--Q35-ICH9-2009:~$
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ./havenask/sshme
model@ChatGLM--Q35-ICH9-2009:~$ resolvectl
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
DNS Domain: ~.
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (docker0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Link 2 (enp6s18)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
model@ChatGLM--Q35-ICH9-2009:~$ nslookup www.baidu.com
bash: nslookup: command not found
model@ChatGLM--Q35-ICH9-2009:~$ curl https://www.baidu.com/
curl: (6) Could not resolve host: www.baidu.com
model@ChatGLM--Q35-ICH9-2009:~$ ping baidu.com
ping: baidu.com: Name or service not known
model@ChatGLM--Q35-ICH9-2009:~$ ping 110.242.68.66
PING 110.242.68.66 (110.242.68.66) 56(84) bytes of data.
64 bytes from 110.242.68.66: icmp_seq=1 ttl=55 time=14.5 ms
64 bytes from 110.242.68.66: icmp_seq=2 ttl=55 time=14.4 ms
^C
--- 110.242.68.66 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 14.435/14.468/14.501/0.033 ms
model@ChatGLM--Q35-ICH9-2009:~$ ip addr
bash: ip: command not found
model@ChatGLM--Q35-ICH9-2009:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:3a:f9:fa:1b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp6s18: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.122 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::dc8a:5328:9004:eca8 prefixlen 64 scopeid 0x20<link>
ether fa:e4:6b:68:21:f2 txqueuelen 1000 (Ethernet)
RX packets 103452 bytes 127144831 (121.2 MiB)
RX errors 0 dropped 355 overruns 0 frame 0
TX packets 48886 bytes 3896690 (3.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 139171 bytes 123704669 (117.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 139171 bytes 123704669 (117.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
关闭容器
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d9e0008c92b registry.cn-hangzhou.aliyuncs.com/havenask/ha3_runtime:1.0.0 "/sbin/init" 12 minutes ago Up 12 minutes havenask
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ docker stop 7d9e
7d9e
关闭容器之后(主机)
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ nslookup www.baidu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
Name: www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237
Name: www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ resolvectl
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (enp6s18)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 202.99.160.68
DNS Servers: 202.99.160.68
Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
(base) model@ChatGLM--Q35-ICH9-2009:~/havenask/docker/havenask$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:e4:6b:68:21:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.122/24 brd 192.168.101.255 scope global noprefixroute enp6s18
valid_lft forever preferred_lft forever
inet6 fe80::dc8a:5328:9004:eca8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3a:f9:fa:1b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
另: 创建容器的脚本create_container.sh中增加参数--dns=XXX后,创建容器不会导致DNS失效,但是执行hape start havenask后依旧会导致DNS失效,可能是hape又重新创建其它容器导致的
使用unbound可以解决,是否需要在哪里提醒一下用户,防止踩坑
