当主机网络发生变化而不重启设备时,Docker 容器内的 DNS 解析失败 预期行为实际行为重现行为的步骤

编程问答 2022-04-29

问题描述

预期行为

当主机网络更改(network1-192.168.1.、network2-192.168.2.)时,docker 容器内的 DNS 解析失败,而无需重新启动设备 在桥接网络上运行的 docker 容器

实际行为

如果主机网络发生变化,DNS 解析应该成功

重现行为的步骤

  1. 创建网络容器(比如..“abc_network.ctr”)而不指定network_mode,因为它认使用网桥(并且它在docker容器内使用了docker的嵌入式名称服务器)
  2. 创建另一个容器(xyz.ctr),其网络模式将为“容器”(“abc_network.ctr”)
  3. /etc/resolv.conf 来自 xyz.ctr 容器。能够解析名称服务器
    root@d3e0dc71f370:~# cat /etc/resolv.conf 
    nameserver 127.0.0.11
    options ndots:0
  1. /etc/resolv.conf from host.. 也能解析域名服务器
    root@RP4-2711-c03112-1xb0e6f3b8:~# cat /etc/resolv.conf
    # This file is managed by man:systemd-resolved(8). Do not edit.
    #
    # This is a dynamic resolv.conf file for connecting local clients directly to
    # all kNown uplink DNS servers. This file lists all configured search domains.
    #
    # Third party programs must not access this file directly,but only through the
    # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,# replace this symlink by a static file or a different symlink.
    #
    # See man:systemd-resolved.service(8) for details about the supported modes of
    # operation for /etc/resolv.conf.
    
    nameserver 192.168.1.1

  1. 无需重启即可更改机器的网络子网(移除 LAN 电缆并连接到另一个子网 network1 -> network2)。

  2. 并尝试使用以下命令解析 docker 容器内的名称服务器:

  • docker exec -it xyz.ctr bash
  • apt-get 更新 结果-
    root@d3e0dc71f370:~# apt-get update
    Err:1 http://security.debian.org/debian-security buster/updates InRelease
      Temporary failure resolving 'security.debian.org'
    Err:2 http://deb.debian.org/debian buster InRelease                  
      Temporary failure resolving 'deb.debian.org'
    Err:3 http://deb.debian.org/debian buster-updates InRelease
      Temporary failure resolving 'deb.debian.org'
    Reading package lists... Done    
    W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
    W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease  Temporary failure resolving 'security.debian.org'
    W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'deb.debian.org'
    W: Some index files Failed to download. They have been ignored,or old ones used instead.



     root@15c396b06f57:~# dig
    
    ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>>
    ;; global options: +cmd
    ;; connection timed out; no servers Could be reached
  1. /etc/resolve.conf 来自能够解析域名服务器的主机

    # This file is managed by man:systemd-resolved(8). Do not edit.
    #
    # This is a dynamic resolv.conf file for connecting local clients directly to
    # all kNown uplink DNS servers. This file lists all configured search domains.
    #
    # Third party programs must not access this file directly,# replace this symlink by a static file or a different symlink.
    #
    # See man:systemd-resolved.service(8) for details about the supported modes of
    # operation for /etc/resolv.conf.
    
    nameserver 192.168.2.1
  1. apt-get 在主机上运行,​​dig 命令显示没有错误

docker version输出


    Docker version 20.10.6,build 370c289

docker info输出

    root@RP4-2711-c03112-1xb0e6f3b8:~# docker info
    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc.,v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc.,v0.5.1-docker)
    
    Server:
     Containers: 22
      Running: 18
      Paused: 0
      Stopped: 4
     Images: 98
     Server Version: 20.10.6
     Storage Driver: overlay2
      backing Filesystem: extfs
      Supports d_type: true
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
     runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
     Kernel Version: 5.10.17-v7l+
     Operating System: Raspbian GNU/Linux 10 (buster)
     OSType: linux
     Architecture: armv7l
     cpus: 4
     Total Memory: 3.44GiB
     Name: RP4-2711-c03112-1xb0e6f3b8
     ID: C66C:3DAT:6DLH:PHJA:JR2N:KURB:PTMQ:BHUP:XRIH:FE3H:VSEZ:B7K3
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
     Default Address Pools:
       Base: 172.128.0.1/10,Size: 16
    
    WARNING: No memory limit support
    WARNING: No swap limit support
    WARNING: No kernel memory TCP limit support
    WARNING: No oom kill disable support

其他环境详细信息(AWS、VirtualBox、物理等)

设备- RaspBerry Pi-4B、Intel NUC(这不是特定于环境的问题)

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

dnsdnsdnsmasqdockerdockernameserversresolveresolve