I'm writing a documentation about how to communicate between containers, and a need to solve naming problem with a small DNS is blinking.
For example when you're on Dwellers or in a container, you can't use ssh://vcs@devcentral.nasqueron.org:5022/diffusion/DJENKINSSLAVES/docker-jenkins-slaves.git as a remote URL: the port 5022 is currently only forwarded for external network.
We could git clone ssh://devcentral.docker.ulubis instead.
Small DNS
Only 25 Mb RAM for phensley/docker-dns image.
Network internal TLD
I hesitated between .nasqueron.internal, .nasqnet and .ulubis (the star Nasqueron orbits around)
@rama voted for .ulubis, which is also my favourite between the three, so perfect.
.ulubis — internal areas for Nasqueron local networks
.docker.ulubis — containers on our Docker engine (currently Dwellers)
Sample run
Custom port isn't supported by every DNS tool (dig does).
$ docker run -dt --restart=always --name dns -p 127.0.0.1:5053:53 -v /var/run/docker.sock:/docker.sock phensley/docker-dns --domain docker.ulubis 9b134143ed27052951a939e16e5bfb145a0254fe60f2ec484d1a5ea8c91ec67e $ nslookup devcentral.docker.ulubis 127.0.0.1:5053 nslookup: couldn't get address for '127.0.0.1:5053': not found $ nslookup devcentral.docker.ulubis 172.17.0.15 Server: 172.17.0.15 Address: 172.17.0.15#53 Name: devcentral.docker.ulubis Address: 172.17.0.5 $ dig devcentral.docker.ulubis 127.0.0.1:5053 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> devcentral.docker.ulubis 127.0.0.1:5053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6498 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;devcentral.docker.ulubis. IN A ;; AUTHORITY SECTION: . 3589 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 128 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44800 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;127.0.0.1:5053. IN A ;; AUTHORITY SECTION: . 3165 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 118
Plan
- Customize the network to allow a static range for containers we've DNS issues (172.17.0.100 → 172.17.0.128 for example)
- acquisitariat (MySQL)
- this DNS container
- Run static containers on static addresses: --address=172.17.0.100
- Use DNS when we need a container from Docker engine host, prefer static assignments for containers communication
- Progressively forget about --link when there is no need to share environment and use the DNS (run containers with --dns=<dns container static IP>)
Note: dns container is happy to resolve through 8.8.8.8 the remaining so it's suitable as a cache resolver.