I'm working on a docker-compose config which should spin up an openvpn container attached to a dnsmasq container. The openvpn server should automatically discover the dnsmasq container and use it as the dns server. Discovery is done by searching for an entry "dnsmasq" in the /etc/hosts file.
I have the following docker-compose.yml file:
version: '2'
services:
data:
build: ./
dnsmasq:
cap_add:
- NET_ADMIN
hostname: dnsmasq
image: <dnsmasq image>
ports:
- 53:53/udp
restart: always
openvpn:
cap_add:
- NET_ADMIN
depends_on:
- data
- dnsmasq
image: <openvpn image>
ports:
- 1194:1194/udp
restart: always
volumes_from:
- data
I've specified "dnsmasq" as hostname for the dnsmasq container and expecting it to appear in "/etc/hosts" in the openvpn container. This doesn't seem to happen.
This is a dump from /etc/hosts from within the openvpn container:
openvpn_1 | 127.0.0.1 localhost
openvpn_1 | ::1 localhost ip6-localhost ip6-loopback
openvpn_1 | fe00::0 ip6-localnet
openvpn_1 | ff00::0 ip6-mcastprefix
openvpn_1 | ff02::1 ip6-allnodes
openvpn_1 | ff02::2 ip6-allrouters
openvpn_1 | 172.19.0.4 d44a72f42ef9
I expect d44a72f42ef9 to be "dnsmasq".
What am I doing wrong?
I'm running docker-compose 1.8.1.
Older versions of linking in docker worked by adding to /etc/hosts. It's probable your system was setup initially under this paradigm where the way to retrieve the container resolution was built into /etc/hosts.
Newer versions of docker however do not require this. They automatically allow service name resolution, as long as a container is on the same network. So you can access it via:
http://dnsmasq:port
First you need to add a "links" key to your docker-compose.yml
like so:
services:
dnsmasq:
...
openvpn:
...
links:
- dnsmasq
The DNS resolution for for this hostname is not handled through /etc/hosts
but rather the Docker Embedded DNS . You can query it using normal DNS tools like so:
$ getent hosts dnsmasq
$ nslookup dnsmasq
$ dig dnsmasq A
$ # etc...
Apparently, the hosts files doesnt get update. The host "dnsmasq" is just available using some other different mechanism. This can be verified using:
ping -c1 dnsmasq
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.