Able to Resolve Internal Hosts but not Internet as a Whole #107
Description
Hello,
I trust all is well. Firstly, I would like to thank you for your work setting BIND in a Docker container and sharing your project with the rest of us. That being said, I am running into an issue that I am hoping someone would be able to assist me with.
I was able to successfully build and run this Docker container within my Ubuntu 20.04 VM hosted on my ESXi server. I then connected to the Webmin portal and setup my master/reverse zones for my internal hosts. I also set up global forwarding to external DNS servers of internet resolution.
However, as of right now, on my test VM pointed to my Docker host, I am only able to resolve internal hosts and not hosts on the Internet. As far as I can tell, my configuration is correct. I have tried restarting the container and recreating it from scratch and tried on a different test system. I received the same result each time.
Below is the relevant information:
Docker Version
samuelkneppel@docker:~$ docker version
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:52 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:01:20 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Docker Info
samuelkneppel@docker:~$ docker info
Client:
Debug Mode: false
Server:
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 24
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-54-generic
Operating System: Ubuntu 20.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.843GiB
Name: docker
ID: YCMM:FNPR:SPIH:3GVD:U5HE:RKZU:S2VT:OTSS:V4F5:QY7Q:YBP2:6BA6
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Docker Compose
samuelkneppel@docker:~/docker-compose/bind$ cat docker-compose.yml
version: '2'
services:
bind:
restart: always
image: sameersbn/bind
ports:
- "192.168.1.102:53:53/udp"
- "192.168.1.102:53:53/tcp"
- "192.168.1.102:10000:10000/tcp"
volumes:
- /home/samuelkneppel/config/bind:/data
/etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf/options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
forwarders {
1.1.1.1;
1.0.0.1;
208.67.222.222;
208.67.220.220;
};
};
/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "lab.localdomain" {
type master;
file "/var/lib/bind/lab.localdomain.hosts";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/192.168.1.rev";
};
/etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
Replication of Issue
I will admit, I am fairly new to BIND so it is possible that I missed something obvious. Any ideas? I appreciate any help you can give me!