Comment on Running DNS server in Docker
vegetaaaaaaa@lemmy.world 6 months ago
Not an answer but still relevant: I actively avoid enabling unattended-upgrades for third-party repositories like Docker (or anything that is not an official Debian repository) because they don’t have the same stability guarantees, and rely on other upgrade notification methods instead.
how bad of an idea is this to run a DNS in docker and use it for the host and other containers?
Personally I would simply install dnsmasq directly on the host because it is one apt install and a configuration file away. Keep it simple.
fendrax@jlai.lu 6 months ago
Yeah, that was my plan B. To be honest, I was not super confident that it would work when I put this setup together, because of the “host uses a container as DNS and docker uses the host as DNS” kind of circular dependency.
But people do use docker for DNS servers so it has to work, right? That’s where I’d like to understand where I’m wrong. I’m fine with running pi hole and dnsmasq on the host as long as I get why this is not doable in docker.
Thanks for your input, though. That’s helpful.
vegetaaaaaaa@lemmy.world 6 months ago
Usually you would have a second DNS resolver configured in /etc/resolv.conf (or whatever name resolution config system you are using, resolvconf, systemd-networkd, etc). The system will fall back to this resolver if the first resolver fails to respond (and/or replies NXDOMAIN, I’m not sure. The exact order and fallback conditions may vary depending on which system you use). This can be another dnsmasq instance, a public DNS resolver, your ISP’s resolver, etc. This allows at least basic DNS resolution to work before your dnsmasq instance comes back up.
I would also add automatic monitoring for dnsmasq (either check that the service/container is running, or check the TCP connection to port 53, or check that DNS resolution is working for a known domain, etc)
fendrax@jlai.lu 6 months ago
I see. I kind of thought about it earlier today while mulling over the problem. I can definitely do that first because it’s easy and makes total sense.
I already have prometheus monitoring the DNS resolution, I think. I’ll check!
Thanks for taking the time to answer!