时间戳

首页 > 解决方案 > On OpenConnect VPN, Docker containers have DNS but host machine does not

linux - On OpenConnect VPN, Docker containers have DNS but host machine does not

问题描述

When I connect to a VPN using open connect, the docker containers that run afterwards have the ability to use DNS but the host machine itself does not.

If I look at the contents of /etc/resolv.conf in the containers, the file has the DNS servers in them, but the file on the host machine does not.

From Containers:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 10.x.x.x
nameserver 10.x.x.x
search university.liberty.edu liberty.edu

(I have replaced the actual addresses)

From the host:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
search university.liberty.edu liberty.edu

When I use anyconnect instead of openconnect, the containers do not have dns but the host machine does. Everyone on my development team has had identical results. We're on Linux Mint 19.

I added the DNS addresses in the IPv4 tab of the Network Manager in network settings.

Does anyone have any suggestions as to what I need to do to have DNS available to the host machine and the containers at the same time?

Update:

When I connect to VPN using Cisco AnyConnect, the link from /etc/resolv.conf to /run/resolvconf/resolv.conf is maintained. The result of this is that docker containers run afterward DO NOT have access to DNS. When I connect to VPN using Cisco's openconnect, the link from /etc/resolv.conf is broken and replaced, presumably by open connect. The result of this is that the docker containers are happy using DNS, but my host machine cannot.

标签: linuxdockerdnsvpnopenconnect

解决方案

推荐阅读