Local DNSSEC resolver & Containers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,


  -> https://lists.fedoraproject.org/pipermail/cloud/2015-January/004867.html


As per the previous discussion above, I was able to use iptables(8) DNAT rule to divert DNS traffic from Docker containers to a DNSSEC resolver on the host at 127.0.0.1:53.


Please see:

  -> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver#Docker_.26_iptables.288.29

One needs to enable local 'lo' routing via 'docker0' bridge and add the DNAT rule to divert DNS requests to the local resolver. Above configuration is working good on F22 with Docker version 1.6.0, build 9d26a07/1.6.0.


I'd like to hear if you have any comments/suggestions/inputs about the same. Because when the local DNSSEC feature goes live(F23), it would be required to add such configuration on the host, so that the container applications could take full advantage of the DNSSEC resolver. 


IMO, Docker daemon is best suited to make the required configuration changes on the host. Because one, it already adds few iptables(8) rules on the host. And second, it checks host's name-server settings in '/etc/resolv.conf' and copies the non-localhost(127.0.0.1) servers to the container. When localhost(127.0.0.1) is the only name-server on the host, it defaults to using Google public DNS servers inside containers. It should be fairly straight forward for the Docker daemon to enable local 'lo' routing and add the DNAT rule upon detecting '127.0.0.1' as name-server on the host.


Your comments/suggestions/inputs are most welcome.


Thank you.

---
Regards
   -P J P
http://feedmug.com
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux