我所有 Docker 容器内的 DNS 解析始终很慢(略多于 4 秒)。从主机上看,DNS 查询很快,在我的网络的其余部分也是如此。
我必须承认,到目前为止我还没有尝试很多方法,因为谷歌搜索没有给我很多答案。正如您在下面看到的,许多 TCP 数据包都发送到例如172.18.0.12.domain或homeserver.my.tld.domain。我认为.domain后缀不正确,但我不知道如何处理该信息。
知道我的设置有什么问题吗?如果有人能给我指明正确的方向,或者给我一些关于如何定位我的问题的想法,我将不胜感激。
如果您需要任何其他信息,我很乐意提供我所能提供的一切。
编辑:当我将容器内的 /etc/resolve.conf 更改为:
search local
nameserver 172.18.0.1
options ndots:0
然后容器内的 DNS 查找又会很快了。但这当然意味着我无法再根据名称解析其他容器了。
我的设置是:
- 我的华硕路由器运行 DHCP 并给出 DNS 服务器地址 192.168.1.12
- 家庭网络为 192.168.1.0/24
- 物理机“Homeserver”(192.168.1.12)是我的Docker主机
- 未绑定容器作为 DNS 服务器(端口转发 53/TCP、53/UDP)
- 多个其他容器都存在同样的问题
docker compose所有容器都通过(无额外networks部分)进行管理
附加信息:
家庭服务器的 IP
me@homeserver ~ » hostname -I
192.168.1.12 172.18.0.1 172.17.0.1
resolve.conf家庭服务器
me@homeserver ~ » cat /etc/resolv.conf
domain local
search local
nameserver 192.168.1.12
nameserver 192.168.1.1
dig来自家庭服务器(主机)
me@homeserver ~ » dig example.com
; <<>> DiG 9.16.42-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39605
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 84515 IN A 93.184.216.34
;; Query time: 0 msec
;; SERVER: 192.168.1.12#53(192.168.1.12)
;; WHEN: Thu Jul 06 14:40:26 CEST 2023
;; MSG SIZE rcvd: 56
容器的 IP(随机选择)
root@917745962ebd:/var/www/html# hostname -I
172.18.0.3
resolve.conf同一容器
root@917745962ebd:/var/www/html# cat /etc/resolv.conf
search local
nameserver 127.0.0.11
options ndots:0
dig来自同一容器
root@917745962ebd:/var/www/html# dig example.com
; <<>> DiG 9.16.42-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56875
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 6393 IN A 93.184.216.34
;; Query time: 4000 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Thu Jul 06 12:38:09 UTC 2023
;; MSG SIZE rcvd: 56
tcpdumpdig(在主机上)在容器上方运行时
我将下面的域名重命名为,my.tld并将我的公共 IP 重命名为redacted.correct.ip.address
me@homeserver ~ » sudo tcpdump -n -t -i any -w dns.dump port 53
14:38:04.838058 veth93caf60 P IP 172.18.0.15.37644 > homeserver.my.tld.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:04.838058 br-27dccdedb325 In IP 172.18.0.15.37644 > homeserver.my.tld.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:04.838288 br-27dccdedb325 Out IP 172.18.0.1.53289 > 172.18.0.12.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:04.838293 veth777c9f6 Out IP 172.18.0.1.53289 > 172.18.0.12.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:04.838369 veth777c9f6 P IP 172.18.0.12.domain > 172.18.0.1.53289: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:04.838369 br-27dccdedb325 In IP 172.18.0.12.domain > 172.18.0.1.53289: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:04.838424 br-27dccdedb325 Out IP 172.18.0.1.domain > 172.18.0.15.37644: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:04.838429 veth93caf60 Out IP 172.18.0.1.domain > 172.18.0.15.37644: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:05.173253 vethba9d77c P IP 172.18.0.3.38698 > homeserver.my.tld.domain: 56875+ [1au] A? example.com. (52)
14:38:05.173253 br-27dccdedb325 In IP 172.18.0.3.38698 > homeserver.my.tld.domain: 56875+ [1au] A? example.com. (52)
14:38:05.173414 br-27dccdedb325 Out IP 172.18.0.1.56291 > 172.18.0.12.domain: 56875+ [1au] A? example.com. (52)
14:38:05.173421 veth777c9f6 Out IP 172.18.0.1.56291 > 172.18.0.12.domain: 56875+ [1au] A? example.com. (52)
14:38:05.173522 veth777c9f6 P IP 172.18.0.12.domain > 172.18.0.1.56291: 56875$ 1/0/1 A 93.184.216.34 (56)
14:38:05.173522 br-27dccdedb325 In IP 172.18.0.12.domain > 172.18.0.1.56291: 56875$ 1/0/1 A 93.184.216.34 (56)
14:38:05.173613 br-27dccdedb325 Out IP 172.18.0.1.domain > 172.18.0.3.38698: 56875$ 1/0/1 A 93.184.216.34 (56)
14:38:05.173617 vethba9d77c Out IP 172.18.0.1.domain > 172.18.0.3.38698: 56875$ 1/0/1 A 93.184.216.34 (56)
14:38:06.834972 veth93caf60 P IP 172.18.0.15.47468 > 192.168.1.1.domain: 10696+ A? subdomain-b.my.tld. (35)
14:38:06.834972 br-27dccdedb325 In IP 172.18.0.15.47468 > 192.168.1.1.domain: 10696+ A? subdomain-b.my.tld. (35)
14:38:06.835010 eno1 Out IP homeserver.my.tld.47468 > 192.168.1.1.domain: 10696+ A? subdomain-b.my.tld. (35)
14:38:06.835852 eno1 In IP 192.168.1.1.domain > homeserver.my.tld.47468: 10696 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (91)
14:38:06.835874 br-27dccdedb325 Out IP 192.168.1.1.domain > 172.18.0.15.47468: 10696 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (91)
14:38:06.835879 veth93caf60 Out IP 192.168.1.1.domain > 172.18.0.15.47468: 10696 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (91)
14:38:07.340717 veth93caf60 P IP 172.18.0.15.52538 > homeserver.my.tld.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:07.340717 br-27dccdedb325 In IP 172.18.0.15.52538 > homeserver.my.tld.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:07.340908 br-27dccdedb325 Out IP 172.18.0.1.55468 > 172.18.0.12.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:07.340916 veth777c9f6 Out IP 172.18.0.1.55468 > 172.18.0.12.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:07.341003 veth777c9f6 P IP 172.18.0.12.domain > 172.18.0.1.55468: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:07.341003 br-27dccdedb325 In IP 172.18.0.12.domain > 172.18.0.1.55468: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:07.341070 br-27dccdedb325 Out IP 172.18.0.1.domain > 172.18.0.15.52538: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:07.341076 veth93caf60 Out IP 172.18.0.1.domain > 172.18.0.15.52538: 60373* 1/0/0 A 192.168.1.12 (59)
14:38:08.839315 veth93caf60 P IP 172.18.0.15.56280 > 192.168.1.1.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:08.839315 br-27dccdedb325 In IP 172.18.0.15.56280 > 192.168.1.1.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:08.839366 eno1 Out IP homeserver.my.tld.56280 > 192.168.1.1.domain: 60373+ A? subdomain-a.my.tld. (43)
14:38:08.840220 eno1 In IP 192.168.1.1.domain > homeserver.my.tld.56280: 60373 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (99)
14:38:08.840244 br-27dccdedb325 Out IP 192.168.1.1.domain > 172.18.0.15.56280: 60373 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (99)
14:38:08.840250 veth93caf60 Out IP 192.168.1.1.domain > 172.18.0.15.56280: 60373 2/0/0 CNAME subdomain-c.my.tld., A redacted.correct.ip.address (99)
14:38:09.173904 vethba9d77c P IP 172.18.0.3.43473 > 192.168.1.1.domain: 56875+ [1au] A? example.com. (52)
14:38:09.173904 br-27dccdedb325 In IP 172.18.0.3.43473 > 192.168.1.1.domain: 56875+ [1au] A? example.com. (52)
14:38:09.173952 eno1 Out IP homeserver.my.tld.43473 > 192.168.1.1.domain: 56875+ [1au] A? example.com. (52)
14:38:09.174908 eno1 In IP 192.168.1.1.domain > homeserver.my.tld.43473: 56875 1/0/1 A 93.184.216.34 (56)
14:38:09.174932 br-27dccdedb325 Out IP 192.168.1.1.domain > 172.18.0.3.43473: 56875 1/0/1 A 93.184.216.34 (56)
14:38:09.174939 vethba9d77c Out IP 192.168.1.1.domain > 172.18.0.3.43473: 56875 1/0/1 A 93.184.216.34 (56)
docker network inspect smarthome_default
[
{
"Name": "smarthome_default",
"Id": "27dccdedb3252ccb0967d8b1f552d3262aecbdaf5bd709088241e648acab1cc2",
"Created": "2022-11-04T13:27:46.22785411+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"18cd21a56368b62752dfb99042ee6305fb680e6dceb5ab79f499ce78fffff053": {
"Name": "smarthome-unbound-1",
"EndpointID": "ca5169a1a1244d03756919a78d48b5b6a54a20d898f1293bbcecb9bfb1ea1435",
"MacAddress": "02:42:ac:12:00:0c",
"IPv4Address": "172.18.0.12/16",
"IPv6Address": ""
},
"e70f22c6c4581d751061b7353cd32e8ae187f130a0811c3e259d379de9fb3b8b": {
"Name": "smarthome-other-container-1",
"EndpointID": "668b6ffa63d2a529ef5f257c763c3ca1731cdf1671c0115c405192b8c89f3ee9",
"MacAddress": "02:42:ac:12:00:0a",
"IPv4Address": "172.18.0.10/16",
"IPv6Address": ""
},
// ...
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "smarthome",
"com.docker.compose.version": "2.12.2"
}
}
]
答案1
解决了:
根本问题是这样的:
root@917745962ebd:/var/www/html# dig @192.168.1.12 example.com
;; reply from unexpected source: 172.18.0.1#53, expected 192.168.1.12#53
当我使用上面命令输出中建议的 IP 地址时:
root@917745962ebd:/var/www/html# dig @172.18.0.1 example.com
; <<>> DiG 9.16.42-Debian <<>> @172.18.0.1 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9462
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 85486 IN A 93.184.216.34
;; Query time: 0 msec
;; SERVER: 172.18.0.1#53(172.18.0.1)
;; WHEN: Mon Jul 10 08:28:06 UTC 2023
;; MSG SIZE rcvd: 56
因此解决方案是将此 IP 地址添加到我的/etc/resolv.conf(在主机上)作为第一个条目:
domain local
search local
nameserver 172.18.0.1
nameserver 192.168.1.12
nameserver 192.168.1.1
幸运的是,这不会导致主机上出现任何 DNS 问题:
me@homeserver ~ » dig example.com
; <<>> DiG 9.16.42-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7276
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 85272 IN A 93.184.216.34
;; Query time: 0 msec
;; SERVER: 172.18.0.1#53(172.18.0.1)
;; WHEN: Mon Jul 10 10:31:40 CEST 2023
;; MSG SIZE rcvd: 56