Apps not able to query local DNS

Apps and Virtualization
1

Hi,

Quick setup description: TrueNAS Scale on a server in my LAN, in which I have deployed a local DNS (Pihole). This acts as a DNS for TrueNAS along with Google’s (I think I configured it manually, although my router spreads this config as part of its DHCP). Next steps are to deploy a reverse proxy.

The problem I’m facing is apps cannot reach this local DNS. At first I thought it was unreachable for them, but if I am able to curl the DNS web interface. Can anyone help me understand/fix this?

If the curl failed too, it wouldn’t surprise me. The container doesn’t have a bridge interface, and there is probably no route to the 192.168.x.x network (I guess). But since it works, I’m afraid I might be misunderstanding something.

This is from inside the rev-proxy docker:

image
image849×312 33.4 KB

This is what happens if I try to resolve a hostname using the local DNS:

nslookup
nslookup816×174 29.1 KB

An ifconfig from inside the docker:

ifconfig
ifconfig796×447 57.8 KB

The curl working properly:

curl
curl927×193 31 KB

Feel free to tell me if you need any extra info.

2

Maybe you could try nmap to see if the UDP port is open from where you are:
nmap -sU -p 53 192.168.1.146

I’m assuming Docker is doing NAT.

What does ip r say about your routes from within your docker container?

3

Are you using your own compose files for your apps or the official apps?
If I go off my own setup with traefik as reverse proxy, my container needed to share a common docker network for it to work properly. All my apps I expose via traefik are joined to the common network called proxy and I use blocky as DNS server for local DNS resolution.
Afaik it’s not possible for official apps to join other networks and I have no idea how it would work with them…

4

If NAT is applied by default when using apps (which, afaik, it is), then it’s doing so. I have pretty much default network configuration.

The ip -r command returns this, which means it shouldn’t be able to route to 192.168.1.146 when using curl:

image
image691×112 17.5 KB

I cannot launch the nmap due to lack of permissions for the docker:
image

Does the route give enough info or you want me to try to fix this and give you the nmap output?

Thanks

5

Using official apps.

I was also thinking about creating a shared network for the containers and make the DNS serve requests there, but then I thought I would run into the following problem: who is going to serve as a DHCP for the docker network, to advertise my Pihole (with its internal IP, not the 192.168.x.x) as the DNS?

Let me explain: I would have my router, in my 192.168.x.x network advertising the Pihole (192.168.1.146) as the DNS. But who would advertise Pihole’s internal interface (let’s say, 172.16.5.5) as the DNS for the docker network?

Also, I’m afraid that maybe what I create using docker won’t work in the future, since it looks like TrueNAS is migrating to Incus (apologies if what I’m saying here doesn’t make a lot of sense, I’ve been trying to catch up with this topic, which is kind of out of my confort zone)

Thanks

6

Docker isn’t going away, incus is replacing the old vm backend while also providing the backend for lxc containers, which are a lot more like jails on truenas core/bsd. You can deploy an incus container and install any software you want via apt, like you would do in a vm, but its much more light weight