我在 的 CentOS 7 机器上运行着一个 DNS 服务器10.8.0.1
。在这台机器上,我在 的子网中运行了一些 docker 镜像10.8.1.0/24
,没有伪装。我希望 docker 镜像能够解析本地 DNS 服务器中定义的 URL 地址,但出于某种原因,Google 上没有教程可以帮助我。
我尝试编辑主机的/etc/resolv.conf
,现在看起来像这样:
# Generated by NetworkManager
search home centos
nameserver 10.8.0.1
nameserver 2001:730:3eb2::10
nameserver 2001:730:3eb2::11
我也尝试过编辑/etc/docker/daemon.json
,如下所示:
{
"dns": ["10.8.0.1", "1.1.1.1"]
}
docker 容器可以解析来自全局 DNS 服务器的任何 URL,但我无论如何也想不通为什么它无法解析我本地 DNS 服务器上的 URL。
主机可以解析 DNS 请求,以及通过 VPN 连接到机器的客户端,然后dhcp-option DNS 10.8.0.1
将请求推送给连接的客户端。
集装箱可以ping
地址10.8.0.1
。
其中一个容器有以下/etc/resolv.conf
文件:
search home centos
nameserver 127.0.0.11
options ndots:0
我的named.conf
文件如下所示:
acl trusted {
2001:0db8:ee00:abcd::/64;
127.0.0.1;
10.8.0.0/8;
};
options {
listen-on port 53 { 127.0.0.1; 10.8.0.1; };
listen-on-v6 port 53 { ::1; 2001:db8:ee00:abcd::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { trusted; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
... #Zones are coming after this