我正在使用Docker Compose在容器中运行DNS服务器(PowerDNS)。这是配置:
version: "2.4"
networks:
dnsnet:
driver: bridge
driver_opts:
com.docker.network.bridge.name: "dnsbr0"
ipam:
driver: default
config:
-
subnet: 192.168.193.0/24
gateway: 192.168.193.1
power-dns:
image: "my_image"
restart: on-failure
networks:
dnsnet:
ipv4_address: 192.168.193.170
ports:
- "x.x.x.x:53:53/tcp"
- "x.x.x.x:53:53/udp"
- "aaaa::ffff:53:53/tcp"
- "aaaa::ffff:53:53/udp"
在主机上(在DigitalOcean的Ubuntu 18.04上运行),我可以
dig @x.x.x.x和dig @aaaa::ffff毫无问题。从同一数据中心中的另一台机器(bbbb::ffff),我仍然可以dig @x.x.x.x,但是dig @aaaa::ffff超时。我可以ping @aaaa::ffff没问题-效果很好,往返仅1.5毫秒。我检查的第一件事是
lsof:$ sudo lsof -i -n
docker-pr 7258 root 4u IPv6 97854 0t0 TCP [aaaa::ffff]:domain (LISTEN)
docker-pr 7272 root 4u IPv4 97877 0t0 TCP x.x.x.x:domain (LISTEN)
docker-pr 7285 root 4u IPv4 97919 0t0 UDP x.x.x.x:domain
docker-pr 7290 root 4u IPv6 98382 0t0 UDP [aaaa::ffff]:domain
一切看起来都是正确的。所以接下来我检查了
tcpdump,首先是ping:$ sudo tcpdump -n host "aaaa::ffff"
01:24:36.570272 IP6 bbbb::ffff > aaaa::ffff: ICMP6, echo request, seq 0, length 16
01:24:36.570322 IP6 aaaa::ffff > bbbb::ffff: ICMP6, echo reply, seq 0, length 16
01:24:37.574518 IP6 bbbb::ffff > aaaa::ffff: ICMP6, echo request, seq 1, length 16
01:24:37.574558 IP6 aaaa::ffff > bbbb::ffff: ICMP6, echo reply, seq 1, length 16
现在是
dig:$ sudo tcpdump -n host "aaaa::ffff"
00:42:03.291922 IP6 bbbb::ffff.51642 > aaaa::ffff.53: 60840+ [1au] A? example.net. (49)
00:42:08.297904 IP6 bbbb::ffff.51642 > aaaa::ffff.53: 60840+ [1au] A? example.net. (49)
00:42:13.301566 IP6 bbbb::ffff.51642 > aaaa::ffff.53: 60840+ [1au] A? example.net. (49)
$ sudo tcpdump -i dnsbr0 -n host "192.168.193.170"
<nothing>
因此似乎没有回复,重要的是,
docker-proxy进程从不将数据包转发到容器。请注意,在转储中按预期显示了IPv4地址的dig:$ sudo tcpdump -n host "x.x.x.x"
00:46:16.129744 IP y.y.y.y.55183 > x.x.x.x.53: 989+ [1au] A? example.net. (49)
00:46:16.131823 IP x.x.x.x.53 > y.y.y.y.55183: 989*- 1/0/1 A 1.2.3.4 (65)
$ sudo tcpdump -i dnsbr0 -n host "192.168.193.170"
00:46:16.129905 IP y.y.y.y.62620 > 192.168.193.170.53: 16666+ [1au] A? example.net. (49)
00:46:16.131569 IP 192.168.193.170.53 > y.y.y.y.62620: 16666*- 1/0/1 A 1.2.3.4 (65)
我还尝试了不同的端口:
ports:
- "53:53/tcp"
- "53:53/udp"
这导致
lsof输出不同(并且是预期的),但行为和tcpdump结果相同。$ sudo lsof -i -n
docker-pr 6982 root 4u IPv6 95863 0t0 TCP *:domain (LISTEN)
docker-pr 6995 root 4u IPv6 95894 0t0 UDP *:domain
那我在这里想念什么?为什么这不起作用?我找到了Docker错误吗?
最佳答案
我确定这一定是Docker错误。我在这里提交了一个新的错误:https://github.com/docker/for-linux/issues/566
如果/当Docker人们同意我发现了一个错误时,我将把它作为“答案”。
关于docker - Docker代理进程正在监听IPv4和IPv6,但仅在IPv4上响应,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54191616/