{"id":13688747,"url":"https://github.com/flaktack/systemd-resolved-docker","last_synced_at":"2025-05-01T20:30:35.045Z","repository":{"id":37975659,"uuid":"349463658","full_name":"flaktack/systemd-resolved-docker","owner":"flaktack","description":"systemd-resolved and docker DNS integration","archived":false,"fork":false,"pushed_at":"2023-04-21T04:27:42.000Z","size":41,"stargazers_count":18,"open_issues_count":5,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-12T12:48:38.218Z","etag":null,"topics":["dns","docker","systemd-resolved"],"latest_commit_sha":null,"homepage":"https://copr.fedorainfracloud.org/coprs/flaktack/systemd-resolved-docker/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flaktack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-19T15:08:54.000Z","updated_at":"2024-08-08T14:37:45.000Z","dependencies_parsed_at":"2024-11-12T12:32:05.581Z","dependency_job_id":"6117f7b5-5934-4c19-943b-9b51d9389981","html_url":"https://github.com/flaktack/systemd-resolved-docker","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flaktack%2Fsystemd-resolved-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flaktack%2Fsystemd-resolved-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flaktack%2Fsystemd-resolved-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flaktack%2Fsystemd-resolved-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flaktack","download_url":"https://codeload.github.com/flaktack/systemd-resolved-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251940397,"owners_count":21668530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","docker","systemd-resolved"],"created_at":"2024-08-02T15:01:21.691Z","updated_at":"2025-05-01T20:30:35.039Z","avatar_url":"https://github.com/flaktack.png","language":"Python","funding_links":[],"categories":["docker"],"sub_categories":[],"readme":"# systemd-resolved-docker\n\nProvides systemd-resolved and docker DNS integration.\n\n1. A DNS server is configured to listen on the docker interface's IP address. This is used to expose the systemd-resolved\n DNS service (`127.0.0.53`) to docker containers by proxying DNS requests, which doesn't work by default due to the\n differing network namespaces.\n\n2. Allows containers to be referenced by hostname by adding a DNS servers to a dummy interface using the systemd-resolved\n D-Bus API.\n\n## Features\n\n### Container domain addresses\n\nBased on the container's properties multiple domain names may be generated. For this the `default_domain`\n(`DEFAULT_DOMAIN`) and _allowed domains_ (`ALLOWED_DOMAINS`) options are used. The list of _allowed domains_ specifies\nwhich domains may be handled. An entry starting with `.` (example: `.docker`) allows all matching subdomains, otherwise\nan exact match is required. If a generated domain address doesn't match the list of _allowed domains_, then the\n`default_domain` is appended.\n\n1. `\u003ccontainer_id\u003e.\u003cdefault_domain\u003e`\n\n All containers will be reachable by their `container_id`:\n ```sh\n docker run --rm -it alpine # d6d51528ac46.docker\n docker ps\n CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n d6d51528ac46 alpine \"/bin/sh\" 8 seconds ago Up 6 seconds relaxed_cartwright\n ```\n\n2. `\u003ccontainer_hostname\u003e.\u003cdefault_domain\u003e`, `\u003ccontainer_hostname\u003e.\u003ccontainer_domain\u003e.\u003cdefault_domain\u003e`, `\u003ccontainer_hostname\u003e.\u003ccontainer_domain\u003e`\n\n If an explicit `--hostname` is provided then that may also be used:\n ```sh\n docker run --rm -it --hostname test alpine # test.docker\n ```\n Glob matching is supported in the `--hostname`, with which wildcard domains are supported:\n ```sh\n docker run --hostname '*.test' --rm -it alpine # anything.test\n ```\n If an explicit `--domainname` is provided then that may also be used:\n ```sh\n docker run --rm -it --hostname test --domainname mydomain alpine # test.mydomain.docker\n ```\n When the domain name is in the list of _allowed domains_ (`ALLOWED_DOMAINS=.docker,.local`), then the `default_domain`\n will not be appended:\n ```sh\n docker run --rm -it --hostname test --domainname local alpine # test.local\n ```\n\n3. `\u003ccontainer_name\u003e.\u003ccontainer_network\u003e.\u003cdefault_domain\u003e`, `\u003ccontainer_name\u003e.\u003ccontainer_network\u003e`\n\n If a non-default network is used (not `bridge` or `host`) then a name will be generated based on the network's name:\n ```sh\n docker run --rm -it --network testnet alpine # zealous_jones.testnet.docker\n docker run --rm -it --name db --network testnet alpine # db.testnet.docker\n ```\n When the network's name is in the list of _allowed domains_ (`ALLOWED_DOMAINS=.docker,.somenet`), then the\n `default_domain` will not be appended:\n ```sh\n docker run --rm -it --network somenet alpine # zealous_jones.somenet\n docker run --rm -it --name db --network somenet alpine # db.somenet.docker\n ```\n\n4. `\u003cservice\u003e.\u003cproject\u003e.\u003cdefault_domain\u003e`, `\u003cservice\u003e.\u003cproject\u003e`,\n `\u003ccontainer_number\u003e.\u003cservice\u003e.\u003cproject\u003e.\u003cdefault_domain\u003e`, `\u003ccontainer_number\u003e.\u003cservice\u003e.\u003cproject\u003e`\n\n If `docker-compose` is used then names will be generated based on the service and project names. If a service has\n multiple containers then the reply will contain all instances:\n ```sh\n host webserver.someproject.docker # webserver.someproject.docker has address 172.16.238.3\n # webserver.someproject.docker has address 172.16.238.4\n host 1.webserver.someproject.docker # 1.webserver.someproject.docker has address 172.16.238.3\n ```\n\n When the project's name is in the list of _allowed domains_ (`ALLOWED_DOMAINS=.docker,.someproject`), then the\n `default_domain` will not be appended.\n\n If a `\u003cservice\u003e` name is unique, then it is available also as `\u003cservice\u003e.\u003cdefault_domain\u003e`.\n ```\n host webserver.docker # webserver.docker has address 172.16.238.3\n ```\n\nIf configured correctly then `resolvectl status` should show the configured link-specific DNS server:\n\n $ resolvectl status\n ...\n Link 7 (srd-dummy)\n Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6\n Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported\n DNS Servers: 127.0.0.153\n DNS Domain: ~docker\n ... \n\nA dummy interface (`srd-dummy` by default) is created to add the custom DNS server to systemd-resolved. This is required\nbecause the lifecycle of the `docker0` depends on there being running containers on the default network, even if there\nare running containers on other networks.\n\n### 127.0.0.53 / systemd-resolved within containers\n\nIf docker is configured to use the provided DNS server then the container domain names may also be resolved within containers:\n\n```\n$ docker run --dns 1.1.1.1 --rm -it alpine\n/ # apk add bind\n/ # host test.docker\nHost test.docker not found: 3(NXDOMAIN)\n```\n\n```\n$ docker run --dns 172.17.0.1 --rm -it alpine\n/ # apk add bind\n/ # host test.docker\n/ # host test.docker\ntest.docker has address 172.17.0.3\nHost test.docker not found: 3(NXDOMAIN)\nHost test.docker not found: 3(NXDOMAIN)\n```\n\nIf there are link-local, VPN or other DNS servers configured then those will also work within containers.\n\n## Configuration\n\n`systemd-resolved-docker` may be configured using environment variables. When installed using the RPM\n`/etc/sysconfig/systemd-resolved-docker` may also be modified to update the environment variables.\n\n| Name | Description | Default Value | Example |\n|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|-----------------------------------|\n| DNS_SERVER | DNS server to use when resolving queries from docker containers. | `127.0.0.53` - systemd-resolved DNS server | `127.0.0.53` |\n| SYSTEMD_RESOLVED_INTERFACE | Dummy interface name which will be created to interface with systemd-resolved | `srd-dummy` | `srd-dummy` |\n| SYSTEMD_RESOLVED_LISTEN_ADDRESS | IPs (+port) to listen on for queries from systemd-resolved. | `127.0.0.153` | `127.0.0.153:1053` |\n| DOCKER_LISTEN_ADDRESS | IPs (+port) to listen on for queries from docker containers in the default network. | _ip of the default docker bridge_, often `172.17.0.1` | `172.17.0.1` or `172.17.0.1:53` |\n| ALLOWED_DOMAINS | Domain which will be handled by the DNS server. If a domain starts with `.` then all subdomains will also be allowed. | `.docker` | `.docker,.local` |\n| DEFAULT_DOMAIN | Domain to append to hostnames which are not allowed by `ALLOWED_DOMAINS`. | `docker` | `docker` |\n| DEFAULT_HOST_IP | IP address to use for containers on the host network if the container doesn't contain one. | `127.0.0.1` | `127.0.0.1` |\n| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | --------------------------------- |\n\n## Install\n\n### Fedora / COPR\n\nFor Fedora and RPM based systems [COPR](https://copr.fedorainfracloud.org/coprs/flaktack/systemd-resolved-docker/) contains pre-built packages.\n\n1. Enabled the COPR repository\n \n dnf copr enable flaktack/systemd-resolved-docker\n\n1. Install the package\n \n dnf install systemd-resolved-docker\n \n1. Start and optionally enable the service\n \n systemctl start systemd-resolved-docker\n systemctl enable systemd-resolved-docker\n\n1. Docker should be updated to use the DNS server provided by `systemd-docker-resolved`. This may be done\n globally by editing the docker daemon's configuration (`daemon.json`) or per-container using the `--dns`\n flag.\n\n ```js\n \"dns\": [\n \"172.17.0.1\" // docker0 interface's IP address\n ]\n ```\n\n1. NetworkManager may reset the docker interface's configuration for systemd-resolved. If that happens than\n the interface needs to be unmanaged. This may be done by creating a `/etc/NetworkManager/conf.d/99-docker.conf`:\n\n ```ini\n [main]\n plugins=keyfile\n\n [keyfile]\n unmanaged-devices=interface-name:docker0\n ```\n\n## Build\n\n`setup.py` may be used to create a python package.\n\n`tito` may be used to create RPMs.\n\n## Links\n\nPortions are based on [docker-auto-dnsmasq](https://github.com/metal3d/docker-auto-dnsmasq) and [dnslib](https://github.com/paulc/dnslib).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflaktack%2Fsystemd-resolved-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflaktack%2Fsystemd-resolved-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflaktack%2Fsystemd-resolved-docker/lists"}