Problem

We would like to have DNS names for our Containers so that we do not have to manually lookup the IPs of a running Container. Our server runs a medium sized collection of Docker Containers. At the time of writing, we have 151 services (containers) running for 50 Docker Compose projects.

Docker Compose already has a built-in DNS server that is used in Projects. This allows the individual Services in a Project to communicate with each other using the name of the Service as the Hostname. Unfortunately, there is no way to expose this information aggregated across all Services. This approach would also have to deal with ambiguous Service names, as the name of a service only needs to be unique within a single Project, but not across multiple Projects. This puts us in a difficult position:

We’re not big enough to have a use for Kubernetes, which has DNS built in. DNS is set up by default1, but can also be configured2, for example using CoreDNS and the kubernetesexterner Link plugin. But we are still big enough that manually configuring the DNS records is also not feasible either.

We need a solution that will automatically generate DNS records for Docker Containers and Docker Compose Services. Currently, A records are sufficient as we are still 100% reliant on IPV4 both externally and internally. 3

Solution

This problem can be solved with a CoreDNSexterner Link DNS server and the kevinjqiu/coredns-dockerdiscoveryexterner Link plugin by @kevinjqiuexterner Link. CoreDNS is a DNS server written in GO. coredns-dockerdiscovery is a plugin for CoreDNS that provides DNS records for running containers and services to CoreDNS.

The original plugin has the limitation that it only adds DNS records for Containers that are in exactly one Docker network. We have patched the plugin to add DNS records for all Containers. If a Container is in multiple networks, a random network is used to generate the DNS record. This works for us because we don’t need containers to be reachable on specific networks. A container that can be reached via any network is sufficient for us. The patched version can be found here: Qup42/coredns-dockerdiscoveryexterner Link.

Configuration Files

Git Repository (internal only): git.fachschaft.tf/fachschaft/srv/docker-discoveryexterner Link


xyz.privat:53 {
    # Cancel request after 5s
    cancel
    docker unix:///var/run/docker.sock {
        domain xyz.privat
        compose_domain xyz.privat
    }
    # Upstream server
    forward . 9.9.9.9
    # log errors
    errors
}


version: "3.9"

services:
  container-dns:
    # Build the Dockerfile from the coredns-dockerdiscovery repo to build CoreDNS with the plugin.
    build: coredns-dockerdiscovery/
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # This is the CoreDNS config file
      - ./config/Corefile:/etc/Corefile
    command: -conf /etc/Corefile
    networks:
      container-dns-net:
        # The DNS Server has to have a fixed IP such that we can use that in our Clients.
        ipv4_address: 172.31.255.2
    restart: always

networks:
  container-dns-net:
    ipam:
      driver: default
      config:
        # `Last` subnet of docker according to /etc/docker/daemon.json
        - subnet: "172.31.255.0/24"

  1. https://kubernetes.io/docs/tasks/access-application-cluster/configure-dns-cluster/externer Link ↩︎

  2. https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/externer Link ↩︎

  3. But that is a story for another time. ↩︎