4km3 / docker-dnsmasq Goto Github PK
View Code? Open in Web Editor NEWMy dnsmasq brings all the boys to the yard, and they're like, it's smaller than yours! -- @andyshinn
Home Page: https://hub.docker.com/r/4km3/dnsmasq
My dnsmasq brings all the boys to the yard, and they're like, it's smaller than yours! -- @andyshinn
Home Page: https://hub.docker.com/r/4km3/dnsmasq
Hi,
I've been trying to get this image to work on my laptop (Ubuntu 16.04.1 LTS) but I get the following error:
ERROR: for dnsmasq Cannot start service dnsmasq: driver failed programming external connectivity on endpoint development_dnsmasq_1 (d6b0d37db7ab3d9c4caf681dbfb6514d424e8562e7f75cc1de079500a51a04d0): Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use
ERROR: Encountered errors while bringing up the project.
The output for netstat -tulpn| grep 53
says that I have a proces listening on TCP and running on UDP, both for port 53:
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 3607/dnsmasq
udp 0 0 127.0.1.1:53 0.0.0.0:* 3607/dnsmasq
Which is dnsmasq-base, a default package on ubuntu system.
I was wondering how others got to work around this without deinstalling the dnsmasq-base package from their ubuntu system ? I did some websearching and found I could use some proxy and/or should remove the package, but I don't want to. So hopefully someone here could help me out ?
Many thanks in advance.
Sometimes when the device is restarted the dnsmasq container will be stuck in a reboot loop with the logs showing the following error:
dnsmasq: failed to create listening socket for port 53: Address in use
Reason - it's conflicting with systemd-resolved on port 53
Host device: Ubuntu 18.04
uname -a
Linux umbrela-bridge 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 17:59:52 UTC 2018
Hello,
I'm using Docker 18.09.0. Tried the 2.75, 2.78 and latest dnsmasq docker images.
I start the service with:
docker run --restart=always --name=dnsmasq -d -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN andyshinn/dnsmasq:2.75 --server=1.1.1.1
On the host machine, if I hit repeatedly
nslookup google.com
Some queries get stuck for some seconds. In browser this is seen as pages unable to load until I hit refresh. It renders the dns server unusable.
Using dnsmasq binary directly on host does not have this problem.
Hi, would it be possible to also push to quay.io to avoid download limits?
There is a critical vulnerability in dnsmasq. Can you update your image to 2.78 to fix it? Thanks!!
`version: '3.3'
services:
dnsmasq:
image: jpillora/dnsmasq
container_name: dnsmasq
ports:
- 53:53
cap_add: ['all']`
and local using telnet 127.0.0.1 return
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host
it is strange
I have a dockerized dnsmasq runing on the localhost (ip is 192.168.10.53), i can resolve names correctly with that dnsmasq.
╭─ ➜ /root/dns-test (elk@55)
╰─ docker ps | grep dnsmasq
ee90b8e56363 andyshinn/dnsmasq:2.76 "dnsmasq -k --log-..." About an hour ago Up 11 minutes 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp jjt-dnsmasq
╭─ ➜ /root/dns-test (elk@55)
╰─ host mysql localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:
mysql has address 192.168.10.75
I have a docker-compose.yml on the some host (ip is 192.168.10.53) like below:
version: "3"
services:
ms-registry:
image: ms-registry:1.0-SNAPSHOT
restart: always
ports:
- 8761:8080
dns: 192.168.10.53
After run docker-compose up
, i enter the ms-registry container, but i can't resolve names correctly. But, if the containerized dnsmasq is running on the other host (eg. 192.168.10.55), i can resolve the name correctly.
So, what's the problem?
Trying to run:
docker run -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN andyshinn/dnsmasq:2.75 -S /foo.local.com/192.168.1.1
I get the error:
docker: Error response from daemon: driver failed programming external connectivity on endpoint sleepy_hoover (ddfd2efbe2007cb98633c41bb75d28185ea62a125cf79f31069cfbf030063c3b): Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use.
ERRO[0000] error waiting for container: context canceled
An idea of what I am doing wrong?
Hi;
The dockerized dnsmasq is old (2.72) so it doesn' support the 'hostsdir' config parameter. I need to have a shared directory (and not a file cause one file is locked but dir is not) like config-dir but re-readable on SIGHUP and that is 'hostsdir' or 'dhcp-hostsdir' which are both added after 2.72
Please update the dnsmasq binary to support this feature. I need it to use dnsmasq following docker-gen
I have a service name 'service', it is discoverable in dnsmasq
/ # ping service
PING service (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.129 ms
^C
--- service ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.129/0.129/0.129 ms
However when I specify the hostname alias with
dnsmasq --cname=service.example.com,service
neither in /etc/dnsmasq.conf
cname=cname=service.example.com,service
And the result
ping service.example.com
ping: bad address 'service.example.com'
The root user in the docker image has no password.
This may make it possible - if the service (running as nobody) is compromized - that an attacker could become root.
It should be sufficient to pull the latest alpine image an rebuild the image.
See also:
https://www.bleepingcomputer.com/news/security/bug-in-alpine-linux-docker-image-leaves-root-account-unlocked/
https://gist.github.com/jgamblin/6015a2020c1de3bc3aab19b361573b7f
Relates #23
Thankyou for the work on this project. I am starting to use it as my DNS at home to lookup 3 different subdomains, each via their own VPN gateway. So far the results are pretty promising. I have configured my router to use this docker ip as the DNS.
The only problem is I see an error "Maximum number of concurrent DNS queries reached (max: 150)".
I have two questions.
Here is how I start the container:
user@h18licenseserver:~$ sudo docker run -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN andyshinn/dnsmasq:2.81 -S /grey.openfirehawk.com/10.1.1.4 -S /blue.openfirehawk.com/10.2.1.4 -S /green.openfirehawk.com/10.3.1.4 --log-facility=- | while read outlog; do echo "$(date): $outlog"; done 2>&1 | tee ~/dnsmasq.log &
[1] 4086
user@h18licenseserver:~$ dnsmasq[1]: started, version 2.81 cachesize 150
dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
dnsmasq[1]: using nameserver 10.3.1.4#53 for domain green.openfirehawk.com
dnsmasq[1]: using nameserver 10.2.1.4#53 for domain blue.openfirehawk.com
dnsmasq[1]: using nameserver 10.1.1.4#53 for domain grey.openfirehawk.com
dnsmasq[1]: reading /etc/resolv.conf
dnsmasq[1]: using nameserver 10.3.1.4#53 for domain green.openfirehawk.com
dnsmasq[1]: using nameserver 10.2.1.4#53 for domain blue.openfirehawk.com
dnsmasq[1]: using nameserver 10.1.1.4#53 for domain grey.openfirehawk.com
dnsmasq[1]: using nameserver 192.168.92.125#53
dnsmasq[1]: using nameserver 192.168.92.1#53
dnsmasq[1]: read /etc/hosts - 7 addresses
dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)
I was running the following to leverage this container to provide dns for consul with a passthrough to the google DNS server:
docker run -d \
-p 53:53/tcp -p 53:53/udp \
--cap-add=NET_ADMIN \
--name=dnsmasq \
andyshinn/dnsmasq:2.75 \
--log-facility=- -q -R \
--dns-loop-detect \
--server="/consul/172.20.20.1#8600" \
--server="8.8.8.8"
This worked in docker for mac in version 2.0.0.0, but since the v2.1.0.0 update the following example commands timeout:
dig @172.20.20.1 -p 53 google.com ANY
dig @172.20.20.1 -p 53 my-service.service.consul ANY
(I also tried with the 2.78
and latest
tags)
andyshinn/dnsmasq:latest
doesn't provide dnssec validation supported by dnsmasq.
$ docker run --rm andyshinn/dnsmasq:latest dnsmasq -v
Dnsmasq version 2.81 Copyright (c) 2000-2020 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
Please consider switching to dnsmasq-dnssec package or can you provide another dnssec flavored image? TIA!
Btw: dnsmasq 2.82 is available too.
The last image on dockerhub is 9 month old. Several new released versions are published in the meantime. To be able to use this image directly, instead of building locally an automated build and update job for the dockerhub images would be beneficial.
best,
Christian
The situation is:
I need to create a "Intranet" (internal) domains and then use Rancher with Traefik to accomplish a perfect "intranet" service that I already know how to handle. And all computers, smartphones or something have access to it.
I'm newbie creating intranets with personal internal domains (and exclusively with docker). I only deal with external DNS servers.
My question is, I can do it pointing my devices and PC to the DNS IP from this image running in this context i explained? I just need to set one domain and the rest the Traefik reverse proxy deals easely.
If not, could you point a tutorial or article with this theme context?
I have this Set:
My Machine is a Windows 10 FX 8350 so on.
Inside that machine has a virtual machine in VirtualBox. Connected via "Docker Quickstart terminal" (Docker Tools). Running Rancher and Traefik. Note, it's not a "Hyper-v" situation.
===== end =======
Just to update about my environment:
dnsmasq: failed to create listening socket for port 53: Address in use
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
Is there a workaround for --cap-add=NET_ADMIN, because aws ecs agent doesn't support --cap-add?
It would be helpful when dnsmasq is configured by default to log to stdout/stderr
so one can attach docker log to it to see the logs.
Currently I get no logs at all when I attach to it with docker logs.
i'm new in dnsmasq, i run
docker run -d -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN 4km3/dnsmasq:2.85-r2
but i don't know what to do next, can you help ,thanks.
Please respond if you would like to adopt this repository. I would transfer to you and help facilitate the handoff of the Docker Hub account. Would prefer if you have prior Docker and Docker image management experience.
Hi,
may it be possible to make this image support multiple architectures(e.g. armv7) using a manifest list?
https://developer.ibm.com/linuxonpower/2017/07/27/create-multi-architecture-docker-image/
Thanks.
Best regards,
Jochen
When I start docker-compose up -d
the DNS works well and I can resolve names from other servers but when I start the compose in swarm mode with docker stack deploy -c docker-compose.yml dns
the DNS won't work.
In both cases the docker-compose.yml looks like this:
version: '3.8'
services:
dns:
restart: always
image: andyshinn/dnsmasq:2.81
volumes:
- ./dnsmasq.conf:/etc/dnsmasq.conf
ports:
- "53:53/tcp"
- "53:53/udp"
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.id==o87t6ftvgb76t6iu7z
Any plans to use inotifywait to monitor the changes on files like dnsmasq.conf and althosts and send HUP signal ?
Similar to: this other image: https://github.com/aciobanu/docker-dnsmasq/blob/master/entrypoint.sh ?
First of all, thanks for this great image! It's changed the way I build my images. They've all gone on an Alpine Linux diet.
I can't get the container to work as a DHCP server though. It works fine as a DNS server on port 53 on the host machine, however there is nothing listening on port 67/udp, which is where I'm expecting DHCP to be. The host machine has a static IP of 192.168.2.2.
I start the container like this:
docker run -d --name dns -p 192.168.2.2:67:67/udp -p 192.168.2.2:53:53/udp sitapati/dns
With the container running, I use dhcping 192.168.2.2
, but get "no answer". telnet 192.168.2.2 67
returns "Connection refused".
There is no firewall on this machine, which is running Ubuntu 16.04.
My dnsmasq.conf file in the container looks like this:
interface=eth0
user=root
domain-needed
bogus-priv
no-resolv
local=/mydomain.io/
no-poll
server=8.8.8.8
server=8.8.4.4
no-hosts
addn-hosts=/etc/dnsmasq_static_hosts.conf
expand-hosts
domain=mydomain.io
dhcp-range=192.168.2.10,192.168.2.250,255.255.255.0,192.168.2.255,5m
# Have windows machine release on shutdown
dhcp-option=vendor:MSFT,2,1i
# No default route
dhcp-option=3
Things I've thought of/tried:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.