Able to Resolve Internal Hosts but not Internet as a Whole

[skneppel]

Hello,

I trust all is well. Firstly, I would like to thank you for your work setting BIND in a Docker container and sharing your project with the rest of us. That being said, I am running into an issue that I am hoping someone would be able to assist me with.

I was able to successfully build and run this Docker container within my Ubuntu 20.04 VM hosted on my ESXi server. I then connected to the Webmin portal and setup my master/reverse zones for my internal hosts. I also set up global forwarding to external DNS servers of internet resolution.

However, as of right now, on my test VM pointed to my Docker host, I am only able to resolve internal hosts and not hosts on the Internet. As far as I can tell, my configuration is correct. I have tried restarting the container and recreating it from scratch and tried on a different test system. I received the same result each time.

Below is the relevant information:

Docker Version

samuelkneppel@docker:~$ docker version
Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:02:52 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:01:20 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Docker Info

samuelkneppel@docker:~$ docker info
Client:
 Debug Mode: false

Server:
 Containers: 8
  Running: 8
  Paused: 0
  Stopped: 0
 Images: 24
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-54-generic
 Operating System: Ubuntu 20.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.843GiB
 Name: docker
 ID: YCMM:FNPR:SPIH:3GVD:U5HE:RKZU:S2VT:OTSS:V4F5:QY7Q:YBP2:6BA6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

Docker Compose

samuelkneppel@docker:~/docker-compose/bind$ cat docker-compose.yml 
version: '2'

services:
  bind:
    restart: always
    image: sameersbn/bind
    ports:
    - "192.168.1.102:53:53/udp"
    - "192.168.1.102:53:53/tcp"
    - "192.168.1.102:10000:10000/tcp"
    volumes:
    - /home/samuelkneppel/config/bind:/data

/etc/bind/named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf/options

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	listen-on-v6 { any; };
	forwarders {
		1.1.1.1;
		1.0.0.1;
		208.67.222.222;
		208.67.220.220;
		};
};

/etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "lab.localdomain" {
	type master;
	file "/var/lib/bind/lab.localdomain.hosts";
	};
zone "1.168.192.in-addr.arpa" {
	type master;
	file "/var/lib/bind/192.168.1.rev";
	};

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

Replication of Issue

I will admit, I am fairly new to BIND so it is possible that I missed something obvious. Any ideas? I appreciate any help you can give me!

[DahliaWitt]

I'm having the same issue.

[chinzi14]

Hi guys,
I had the same issues, but I was able to solve it by adding the following lines in /etc/bind/named.conf.options

forwarders {
1.1.1.1;
9.9.9.9;
};
recursion yes;
allow-recursion {
10.x.x.x/24; //your internal network
};