Home
DevCentral
Search
Configure Global Search
Log In
Transactions
T958
Change Details
Change Details
Old
New
Diff
I'm writing a documentation about how to communicate between containers, and a need to solve naming problem with a small DNS is blinking. For example when you're on Dwellers or in a container, you can't use `ssh://vcs@devcentral.nasqueron.org:5022/diffusion/DJENKINSSLAVES/docker-jenkins-slaves.git` as a remote URL: the port 5022 is currently only forwarded for external network. We could `git clone ssh://devcentral.docker.ulubis` instead. **Small DNS** Only 25 Mb RAM for `phensley/docker-dns` image. **Network internal TLD** I hesitated between .nasqueron.internal, .nasqnet and .ulubis (the star Nasqueron orbits around) @rama voted for .ulubis, which is also my favourite between the three, so perfect. .ulubis — internal areas for Nasqueron local networks .docker.ulubis — containers on our Docker engine (currently Dwellers) **Sample run** {icon exclamation-circle color=red} Custom port isn't supported by every DNS tool (`dig` does). ```name=Dwellers $ docker run -dt --restart=always --name dns -p 127.0.0.1:5053:53 -v /var/run/docker.sock:/docker.sock phensley/docker-dns --domain docker.ulubis 9b134143ed27052951a939e16e5bfb145a0254fe60f2ec484d1a5ea8c91ec67e $ nslookup devcentral.docker.ulubis 127.0.0.1:5053 nslookup: couldn't get address for '127.0.0.1:5053': not found $ nslookup devcentral.docker.ulubis 172.17.0.15 Server: 172.17.0.15 Address: 172.17.0.15#53 Name: devcentral.docker.ulubis Address: 172.17.0.5 $ dig devcentral.docker.ulubis 127.0.0.1:5053 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> devcentral.docker.ulubis 127.0.0.1:5053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6498 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;devcentral.docker.ulubis. IN A ;; AUTHORITY SECTION: . 3589 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 128 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44800 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;127.0.0.1:5053. IN A ;; AUTHORITY SECTION: . 3165 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 118 ``` **Plan** - Customize the network to allow a static range for containers we've DNS issues (172.17.0.100 → 172.17.0.128 for example) -- acquisitariat (MySQL) -- this DNS container - Run static containers on static addresses: `--address=172.17.0.100` - Use DNS when we need a container from Docker engine host, prefer static assignments for containers communication - Progressively forget about --link when there is no need to share environment and use the DNS (run containers with `--dns=<dns container static IP>`) Note: dns container is happy to resolve through 8.8.8.8 the remaining so it's suitable as a cache resolver.
I'm writing a documentation about how to communicate between containers, and a need to solve naming problem with a small DNS is blinking. For example when you're on Dwellers or in a container, you can't use `ssh://vcs@devcentral.nasqueron.org:5022/diffusion/DJENKINSSLAVES/docker-jenkins-slaves.git` as a remote URL: the port 5022 is currently only forwarded for external network. We could `git clone ssh://devcentral.docker.ulubis` instead. **Small DNS** Only 25 Mb RAM for `phensley/docker-dns` image. **Network internal TLD** I hesitated between .nasqueron.internal, .nasqnet and .ulubis (the star Nasqueron orbits around) @rama voted for .ulubis, which is also my favourite between the three, so perfect. .ulubis — internal areas for Nasqueron local networks .docker.ulubis — containers on our Docker engine (currently Dwellers) **Sample run** {icon exclamation-circle color=red} Custom port isn't supported by every DNS tool (`dig` does). ```name=Dwellers $ docker run -dt --restart=always --name dns -p 127.0.0.1:5053:53 -v /var/run/docker.sock:/docker.sock phensley/docker-dns --domain docker.ulubis 9b134143ed27052951a939e16e5bfb145a0254fe60f2ec484d1a5ea8c91ec67e $ nslookup devcentral.docker.ulubis 127.0.0.1:5053 nslookup: couldn't get address for '127.0.0.1:5053': not found $ nslookup devcentral.docker.ulubis 172.17.0.15 Server: 172.17.0.15 Address: 172.17.0.15#53 Name: devcentral.docker.ulubis Address: 172.17.0.5 $ dig devcentral.docker.ulubis 127.0.0.1:5053 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> devcentral.docker.ulubis 127.0.0.1:5053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6498 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;devcentral.docker.ulubis. IN A ;; AUTHORITY SECTION: . 3589 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 128 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44800 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;127.0.0.1:5053. IN A ;; AUTHORITY SECTION: . 3165 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 118 ``` **Plan** - Customize the network to allow a static range for containers we've DNS issues (172.17.0.100 → 172.17.0.128 for example) -- acquisitariat (MySQL) -- this DNS container - Run static containers on static addresses: `--address=172.17.0.100` - Use DNS when we need a container from Docker engine host, prefer static assignments for containers communication - Progressively forget about --link when there is no need to share environment and use the DNS (run containers with `--dns=<dns container static IP>`) Note: dns container is happy to resolve through 8.8.8.8 the remaining so it's suitable as a cache resolver. IMPORTANT: we need a more robust DNS resolver with a local cache, and use this DNS only for *.docker.ulubis. It doesn't seem to resolve special types like AAAA.
I'm writing a documentation about how to communicate between containers, and a need to solve naming problem with a small DNS is blinking. For example when you're on Dwellers or in a container, you can't use `ssh://vcs@devcentral.nasqueron.org:5022/diffusion/DJENKINSSLAVES/docker-jenkins-slaves.git` as a remote URL: the port 5022 is currently only forwarded for external network. We could `git clone ssh://devcentral.docker.ulubis` instead. **Small DNS** Only 25 Mb RAM for `phensley/docker-dns` image. **Network internal TLD** I hesitated between .nasqueron.internal, .nasqnet and .ulubis (the star Nasqueron orbits around) @rama voted for .ulubis, which is also my favourite between the three, so perfect. .ulubis — internal areas for Nasqueron local networks .docker.ulubis — containers on our Docker engine (currently Dwellers) **Sample run** {icon exclamation-circle color=red} Custom port isn't supported by every DNS tool (`dig` does). ```name=Dwellers $ docker run -dt --restart=always --name dns -p 127.0.0.1:5053:53 -v /var/run/docker.sock:/docker.sock phensley/docker-dns --domain docker.ulubis 9b134143ed27052951a939e16e5bfb145a0254fe60f2ec484d1a5ea8c91ec67e $ nslookup devcentral.docker.ulubis 127.0.0.1:5053 nslookup: couldn't get address for '127.0.0.1:5053': not found $ nslookup devcentral.docker.ulubis 172.17.0.15 Server: 172.17.0.15 Address: 172.17.0.15#53 Name: devcentral.docker.ulubis Address: 172.17.0.5 $ dig devcentral.docker.ulubis 127.0.0.1:5053 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> devcentral.docker.ulubis 127.0.0.1:5053 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6498 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;devcentral.docker.ulubis. IN A ;; AUTHORITY SECTION: . 3589 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 128 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44800 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;127.0.0.1:5053. IN A ;; AUTHORITY SECTION: . 3165 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016072800 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jul 29 01:08:35 CEST 2016 ;; MSG SIZE rcvd: 118 ``` **Plan** - Customize the network to allow a static range for containers we've DNS issues (172.17.0.100 → 172.17.0.128 for example) -- acquisitariat (MySQL) -- this DNS container - Run static containers on static addresses: `--address=172.17.0.100` - Use DNS when we need a container from Docker engine host, prefer static assignments for containers communication - Progressively forget about --link when there is no need to share environment and use the DNS (run containers with `--dns=<dns container static IP>`) Note: dns container is happy to resolve through 8.8.8.8 the remaining so it's suitable as a cache resolver.
IMPORTANT: we need a more robust DNS resolver with a local cache, and use this DNS only for *.docker.ulubis. It doesn't seem to resolve special types like AAAA.
Continue