docker - docker 容器中的 DNS 解析
问题描述
[环境]
- CentOS 7
- Docker 19.03.12,构建 48a66213fe
我在 docker 容器中有一个失败的cerbot(让我们加密客户端)。看起来无法从容器中解析,但可以从主机中解析(最可能的原因)。我习惯了容器从主机的 DNS 参数继承的事实,但是对于 AWS EC2 实例,似乎有一些细微之处acme-v02.api.letsencrypt.org
DNS 手动设置
[ec2-user@ip-172-31-32-243 ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search eu-west-2.compute.internal
nameserver 172.31.0.2
基于此和AWS 控制台中的一些元素,我尝试手动添加这些地址
docker run --dns 172.31.0.2 --dns 172.65.32.248
(我可能没有找到正确的 DNS)
一个不雅的修复
使用主机的网络解决问题
docker run --network="host"
但我就是不明白为什么。是不是网络接口的问题--network="host"。这是可用的:
[ec2-user@ip-172-31-32-243 ~]$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 0a:d2:81:33:16:f2 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:9c:c8:d4:ba brd ff:ff:ff:ff:ff:ff
8: br-d15fdfe7243b: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:e8:56:81:bf brd ff:ff:ff:ff:ff:ff
会是因为--network="host"诱导使用eth0而不是docker0?我该如何acme-v02.api.letsencrypt.org解决docker0?
详细错误
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 156, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Try again
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
conn.connect()
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 334, in connect
conn = self._new_conn()
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 168, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f55dcc4a130>: Failed to establish a new connection: [Errno -3] Try again
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f55dcc4a130>: Failed to establish a new connection: [Errno -3] Try again'))
During handling of the above exception, another exception occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f55dcc4a130>: Failed to establish a new connection: [Errno -3] Try again'))
Please see the logfiles in /var/log/letsencrypt for more details.
解决方案
看起来 docker 内的 DNS 解析无法正常工作。
对于 linux 系统,DNS 解析使用/etc/resolv.conf文件进行,检查容器内的这个文件,如果它有无效的 DNS,那么你的容器将无法解析主机名。
Docker 使用/etc/docker/daemon.json文件(在主机上)中设置的属性来填充/etc/resolv.conf容器内部的条目。
在主机的 /etc/docker/daemon.json 文件中更新此属性的值:
{
"dns": ["8.8.8.8"]
}
注意:此更改需要重新启动 docker 才能生效,并且必须删除并重新创建现有容器。
重启 Docker:
sudo systemctl restart docker
移除容器:
sudo docker stop <container-name/id>
sudo docker rm <container-name/id>
您可以添加多个 DNS 服务器 IP 地址,用逗号分隔每个 - 检查此处以获取 DNS 服务器 IP 地址列表
干杯!!
推荐阅读
- javascript - 防止浏览器重新加载按钮单击 beforeunload 事件
- angular - 使 Angular 路由使用 index.html 基本 href 属性?
- c# - 将 GridView 导出到 Excel 时如何隐藏到列?
- java - spring rest webservice api中的以下错误是什么?
- ssh - 如何使用 sshuttle 通过单端口隧道?
- laravel - Laravel 6 如何将参数传递给 Vue Js @click 方法
- html - HTML 不会显示图片(图片存储在本地,与 html 文件在同一目录下)
- firebase - 如何在多租户设置中生成 Firebase 自定义令牌
- angular - 异步 HTTP 调用,直到在 Angular 中满足条件
- javascript - 如何使此滑块自动