Docker defaults to the DNS method for configuring DNS in bridge networks
- 2020-10-23 21:18:09
- OfStack
This section describes how to configure the container DNS in the Docker default bridge. When you install Docker, a bridge network named bridge is automatically created.
Note: The Docker networking feature allows you to create user-defined networks in addition to the default bridge. For more information on DNS configuration in a user-defined network, see the Docker Embedded DNS section.
How can Docker provide the hostname and DNS configuration for each container without having to write the hostname internally when building a custom Docker image? The trick is to overwrite three key /etc files in the container with virtual files that can write new information. You can see this by running mount in 1 container:
root@f38c87f2a42d:/# mount
...
/dev/disk/by-uuid/1fec...ebdf on /etc/hostname type ext4 ...
/dev/disk/by-uuid/1fec...ebdf on /etc/hosts type ext4 ...
/dev/disk/by-uuid/1fec...ebdf on /etc/resolv.conf type ext4 ...
...In this way, Docker allows the host to keep resolv.conf in all containers up to date when the new configuration is received later via DHCP. The details of Docker maintaining these files in the container may change as the Docker version evolves, so instead of managing /etc files yourself, you should use the Docker option below.
Four different options affect the container domain name service.
| 参数 | 描述 |
|---|---|
| -h HOSTNAME or --hostname=HOSTNAME | 设置容器的主机名。 该设置的值将会被写入/etc/hostname ;写入/etc/hosts 作为容器的面向主机IP地址的名称(笔者按:在/etc/hosts里添加1条记录,IP是宿主机可以访问的IP,host就是你设置的host),并且是容器内部/bin/bash 在其提示符下显示的名称。 但主机名不容易从容器外面看到。 它不会出现在docker ps 或任何其他容器的/etc/hosts文件中。 |
| --link=CONTAINER_NAMEor ID:ALIAS | 在run 容器时使用此选项为新容器的/etc/hosts 添加了1个名为ALIAS的额外条目,指向由CONTAINER_NAME_or_ID标识的CONTAINER_NAME_or_ID的IP地址。这使得新容器内的进程可以连接到主机名ALIAS 而不必知道其IP。 --link=选项将在下面进行更详细的讨论。 因为Docker可以在重新启动时为链接的容器分配不同的IP地址,Docker会更新收件人容器的/etc/hosts 文件中的ALIAS条目。 |
| --dns=IP_ADDRESS... | 在容器的/etc/resolv.conf文件添加nameserver 行,IP地址为指定IP。 容器中的进程在如果需要访问/etc/hosts 里的主机名,就会连接到这些IP地址的53端口,寻找名称解析服务。 |
| --dns-search=DOMAIN... | 通过在容器的/etc/resolv.conf写入search 行,在容器内使用裸不合格的主机名时搜索的域名。 当容器进程尝试访问host 并且搜索域example.com 被设置时,例如,DNS逻辑不仅将查找host ,还将查找host.example.com 。使用--dns-search=. 如果您不想设置搜索域。 |
| --dns-opt=OPTION... | 通过将options 行写入容器的/etc/resolv.conf 设置DNS解析器使用的选项。有关有效选项的列表,请参阅resolv.conf文档 |
In the absence of -- dns = IP_ADDRESS... - dns - search = DOMAIN... Or - dns - opt = OPTION... Option in case of Docker makes each container's /etc/ resolv.conf look like the host's /etc/ resolv.conf. When the container's /etc/ resolv.conf is created, Docker daemon filters out all localhost IP address nameserver entries from the host's original file.
Filtering is necessary because all localhost addresses on the host are not accessible from the container's network. After filtering, if there are no more nameserver entries in the container's /etc/ resolv.conf file, Docker daemon adds the Google DNS name server (8.8.8.8 and 8.8.4.4) to the container's DNS configuration. If the daemon has IPv6 enabled, the common IPv6 Google DNS name server is also added (2001:4860:4860::8888 and 2001:4860:4860::8844).
Note: If you need to access the HOST's localhost parser, you must modify the DNS service on the host to listen for the ES81en-ES82en address that is accessible from within the container.
You may be wondering what has happened to the host's /etc/ resolv.conf file. docker daemon has a file change notification program that monitors changes to the host DNS configuration.
Note: The file change notification program relies on the inotify functionality of the Linux kernel. Because this feature is currently incompatible with the overlay filesystem driver, Docker daemon using "overlay" will not be able to take advantage of the /etc/ resolv.conf auto-update feature.
When the host file changes, all resolv.conf stopped containers that match the host are immediately updated to the latest host configuration. When the host configuration changes, the running container will need to stop and start receiving host changes due to a lack of devices to ensure that the atoms of the ES106en.conf file are written to the container at run time. If the container modifies the default ES108en. conf file, it will not be replaced because if it is replaced, the changes performed by the container will be overwritten. If the option (--dns, -- ES111en-ES112en or -- ES113en-ES114en) has been used to modify the default host configuration, the replacement of /etc/ resolv.conf does not occur.
Note: For containers created before implementing the /etc/ resolv.conf update feature in Docker 1.5.0: These containers will not receive updates when the host ES124en.conf file changes. Only containers created with Docker 1.5.0 and above can use this automatic update feature.
The original
https://docs.docker.com/engine/userguide/networking/default_network/configure-dns/
Develop reading
Docker storage drive choice: https: / / docs docker. com engine/userguide/storagedriver/selectadriver / # docker - ce