dns-proxy-server
dns-proxy-server copied to clipboard
mageddo
Does not work when using on OSX
The resolv.conf is not used for DNS resolution on OSX.
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
search domain.com
nameserver 0.0.0.5
nameserver 0.0.0.6
nameserver 192.168.1.1
I haven't found a way to get this working :(
Edit: nevermind -- The requirements on the readme show linux.
@XaeroDegreaz Yep, it was designed to work with linux, anyway I think that's totally possible to get it working with OSX, I think DNS Proxy Server just don't know how to set as your default DNS, the main problem is that I have not a MAC, if you are interested we can work the it working.
Give a try
Run it using docker
docker run --hostname dns.mageddo --name dns-proxy-server \
-v /var/run/docker.sock:/var/run/docker.sock \
defreitas/dns-proxy-server
Let's see if it is working
$ nslookup google.com `docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'`
Server: 172.17.0.4
Address: 172.17.0.4#53
Non-authoritative answer:
Name: google.com
Address: 172.217.29.206
If it is ok, now let's set is as your default DNS, this answer says that you can do it simply putting the DNS server IP in Network Settings, you can get the DNS Server IP by running the follow command:
docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'
If it works please let me know, maybe DNS Server already works for MAC :) .
When I tried initially, I already set the DNS to the address of the proxy server, but it didn't work. However, I think it may have been because I was on my company's VPN which kind of locks down all DNS modification. It may work off of the VPN, but I haven't actually tried. Sorry, the project I was working on I ended up resolving my issue another way.
Thanks for your feedback, let's try to solve it.
I run the command above and the result is shown below. However the script hang up and I had to send a CTL-C to ended.
Run the script bellow and hang the terminal is a expected behavior, if you want to run it in background please use docker -d option
docker run --hostname dns.mageddo --name dns-proxy-server \
-v /var/run/docker.sock:/var/run/docker.sock \
defreitas/dns-proxy-server
Now when I ping from each other I get a response. But from the host I get nothing
That's why DNS-PROXY-SERVER is not your default dns server because I don't know how to do that in OSX, then we must to set it as default manually. We need to find out how to set dns-proxy-server as the default dns. Looking at the logs, it registered the containers as expected
Can you try run nslookup (you can also use dig) to solve the hostnames from host and give me the output? See that the command bellow will for to use dns-proxy-server as the DNS but just to this command, this way we can see if dns-proxy-server is working internally
$ nslookup sandbox-hdp.hortonworks.com `docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'`
What I did to try getting it working:
docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'
172.17.0.4
But unfortunately got nothing:
nslookup test-project.loc
;; connection timed out; no servers could be reached
nslookup google.com `docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'`
;; connection timed out; no servers could be reached
@mageddo, did I do something incorrectly?
Edit: here is an article that explains how to manage DNS server from CLI - http://osxdaily.com/2015/06/02/change-dns-command-line-mac-os-x/
If I set the following DNS servers then an attempt to access the container ends up in using 8.8.8.8.
networksetup -setdnsservers Wi-Fi `docker inspect dns-proxy-server --format '{{.NetworkSettings.IPAddress}}'` 8.8.8.8
networksetup -getdnsservers Wi-Fi
172.17.0.4
8.8.8.8
nslookup http://webserver.loc/
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find http://webserver.loc/: NXDOMAIN
However, if I log in to the container and wget webserver.loc -qO - | cat then the domain is resolved correctly.
The response of scutil --dns:
DNS configuration
resolver #1
nameserver[0] : 172.17.0.4
nameserver[1] : 8.8.8.8
flags : Request A records
reach : Reachable
resolver #2
domain : 8500094802.members.btmm.icloud.com
options : pdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 150000
resolver #3
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300000
resolver #4
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300200
resolver #5
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300400
resolver #6
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300600
resolver #7
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300800
resolver #8
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 301000
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 172.17.0.4
nameserver[1] : 8.8.8.8
if_index : 4 (en0)
flags : Scoped, Request A records
reach : Reachable
The underlying issue, I believe, is within "Docker for mac" that uses VM.
@BR0kEN-
The underlying issue, I believe, is within "Docker for mac" that uses VM.
I think you're right, I am doing some tests to get it work using docker for Windows and I think the issue is the same, no news because it`s not possible to use docker inside a VM, but now I have a Windows installation then I will try to fix it and probably the same aproach will work for MAC
I think it never was in that case, actually I have no sure if DPS works on MAC, I recently made a doc to run it on Windows/MAC based on Windows experience hopping it to work on MAC cause they both use docker machine, it's different from the approach used on that issue. Now I'm waiting for feedback once I don't have MAC.
Can you try it out ?
Unfortunately that doesn't work :( I've executed almost the same steps as @BR0kEN- did, but that didn't help.
asmirnova:~ asmirnova$ networksetup -getdnsservers Wi-Fi
127.0.0.1
asmirnova:~ asmirnova$ nslookup couchbase
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find couchbase: NXDOMAIN
Hello everyone,
Is there any news on this ? Im experiencing some issues with my Mac while with this while it works perfectly fine on another Ubuntu machine.
@Kearny I'm about to use a Mac of a friend of mine to make the tests.
I'll keep this thread updated
Hello @mageddo, any news on this ? I'm working in a project that requires this. I confess I can't make it work on my own... 😩
@Kearny I made some tests, I have some good and not so good news.
Basically DPS works on Mac, the configuration is pretty similar as Windows, I will make a doc for that soon.
Unfortunately access container from host is not supported yet, it's a docker machine limitation . I'm thinking in a working around for this.
All other features are working perfectly, like:
- Local entries
- Remote proxy
Which DPS feature are you interested to work on Mac?
Hi @mageddo,
First, thanks for your time and interest.
I'm interested in being able to access different containers from my host. I have the same name dns behind which I have one service per port. Example:
- dns.name:27017 --> mongodb container
- dns.name:80 --> web app container
- dns.name:3306 --> mysql database container
And all the containers are able to talk to each others.
I see, Containers solve each others are supposed to work, I think additional configuration will be required.
Host solve containers works but host have no ACL to ping containers cause Mac don't have a bridge network like Linux.
FYI, docker acknowledges that they don't support IP routing in mac. https://docs.docker.com/docker-for-mac/networking/
There appears to be 3rd party component in the last post of this thread which might address the issue. https://forums.docker.com/t/ip-routing-to-container/8424/15
I might give that a try and let know if it works
@mageddo @Kearny I got it to successfully work using the mentioned tool in that post. Steps are below:
- Clone the repository: https://github.com/AlmirKadric-Published/docker-tuntap-osx
- Install tuntap using
brew cask install tuntap - Run this command from the repository:
-
/sbin/docker_tap_install.sh -
./sbin/docker_tap_up.sh
-
- Add the route to docker network via the tap ip address.
sudo route add -net 172.0.0.0 -netmask 255.255.0.0 10.0.75.2 - Setup the dns server to
172.0.0.10in your mac.
@mageddo @Swoorup Here we changed our solution by using TRAEFIK instead : https://docs.traefik.io/routing/providers/docker/
It work perfectly on MAC by default.
@Kearny I looked at Traefik, it seems a bit too heavyweight for my needs. Currently running everything just locally and just need something that proxies off all ports including tcp with minimal configuration.
@mageddo @Kearny I got it to successfully work using the mentioned tool in that post. Steps are below:
Clone the repository: https://github.com/AlmirKadric-Published/docker-tuntap-osx
Install tuntap using
brew cask install tuntapRun this command from the repository:
/sbin/docker_tap_install.sh./sbin/docker_tap_up.shAdd the route to docker network via the tap ip address.
sudo route add -net 172.0.0.0 -netmask 255.255.0.0 10.0.75.2Setup the dns server to
172.0.0.10in your mac.
Hello, thanks for very interesting workaround for OSX. I got this pretty much working according to logs that I can see, only what's not working is the last point, setting Mac's DNS server to 172.0.0.10. For example 'nslookup my-ubuntu' does not find IP address, although dns-proxy-server shows in its log, that it has registered that name and it looks it would be ready for resolving that name.
My question, where does this address 172.0.0.10 come from? How can I check, that that is actually the IP address of the DNS server spawned here?
@MonniSoftware it is the dps server ip address. https://github.com/mageddo/dns-proxy-server/blob/master/examples/custom-hostnames-compose-file/docker-compose.yml#L13
@MonniSoftware it is the dps server ip address. https://github.com/mageddo/dns-proxy-server/blob/master/examples/custom-hostnames-compose-file/docker-compose.yml#L13
You always can use docker inspect dns-proxy-server | less and find out the container IP by yourself though
on mac (before big sur), I used to use:
sudo networksetup -setdnsservers 'Wi-Fi' 0.0.0.0
but for some reason it stopped working, so I changed it to: `sudo networksetup -setdnsservers 'Wi-Fi' 0.0.0.0 127.001"
and it started working again. I've been using 0.0.0.0 for a couple of years and it's worked without problem up until I upgraded to big sur. It's only in the last month I had to change it. Perhaps the version of MacOS matters, but perhaps not.
I'm finally with access to a MacBook so I did some tests using DPS 3.7.0, my conclusion is it's now working the best it can on Mac due Docker for Mac limitations, can you confirm that or am I missing some feature? Got the following results after ran the steps below:
$ sudo ./dns-proxy-server
A nginx container:
$ docker run --rm --hostname nginx.docker nginx
Running a container to make some tests
$ docker run --rm -it --hostname alpine.docker alpine sh
# Docker gateway is solving
$ nslookup gateway.docker.internal
Server: 192.168.65.7
Address: 192.168.65.7:53
Non-authoritative answer:
Name: gateway.docker.internal
Address: 192.168.65.2
Non-authoritative answer:
$ nslookup host.docker.internal
Server: 192.168.65.7
Address: 192.168.65.7:53
Non-authoritative answer:
Non-authoritative answer:
Name: host.docker.internal
Address: 192.168.65.2
# DPS docker container feature is also solving
$ nslookup alpine.docker
Server: 192.168.65.7
Address: 192.168.65.7:53
Non-authoritative answer:
Name: alpine.docker
Address: 172.17.0.4
Non-authoritative answer:
# Internet resolution also working
$ nslookup google.com
Server: 192.168.65.7
Address: 192.168.65.7:53
Non-authoritative answer:
Name: google.com
Address: 2800:3f0:4001:833::200e
Non-authoritative answer:
Name: google.com
Address: 142.250.219.238
# Other container also solving
$ wget -q -S -O - nginx.docker
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 04 Mar 2023 03:50:52 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 13 Dec 2022 15:53:53 GMT
Connection: close
ETag: "6398a011-267"
Accept-Ranges: bytes
Checkout running it docs for Mac (actually nothing special for Mac, just some hints)
Created a dedicated tutorial for Windows and MacOSX usecase, also created this section where people can link tutorials they created, feel free to contribute.
I'm closing this issue as I consider it's solved, if you have any new issues or questions feel free to open a new issue, thanks.