How To: Use Nodegrid to provide DNS resolver using Docker

How To: Use Nodegrid to provide DNS resolver using Docker

Overview

In some cases you may want to provide DNS resolver/recursor service for devices in a network that the Nodegrid is attached to.  The problem you'll run into is that Nodegrid does not have a built-in DNS resolver that can listen on the external interfaces.  The recommended solution is to use Docker container, but even then, you will run into a couple of problems:

  1. Port conflicts when using docker bridged network because Nodegrid is still using port 53 on localhost
  2. If using docker with host networking, you still get the same issues with port conflicts, and now maybe a little less secure since docker is using the host's networking stack
  3. General routing issues due to multiple routing tables and trying to fixup with iptables NAT rules doesn't help.
Because of these three things, it really makes using a docker container as a DNS resolver/recursor overly complicated, you might as well just setup a heavy-weight VM.

You can still take advantage of Docker's lightweight promise, but using a different network strategy.  Use docker's macvlan networking feature.  This gives you the advantage of a VM which can have it's own IP address, and the advantages of Docker containers, lightweight and easy to deploy.  There are caveats with using macvlan:

  1. Your Nodegrid host won't be able to use the docker container as a DNS resolver.  This is caused because of hair-pinning issue on the network.  But that is not an issue, Nodegrid already points to DNS resolver.
  2. You won't be able to give your Docker an IP via DHCP, but shouldn't be an issue in almost all cases.f
Here are the steps:

Create a macvlan network in Docker

You will need to know the following:
  1. Your host's interface name, for example: eth0 or if using the backplane for the switch interfaces it would be either backplane0 or backplane1, or it could be a vlan interface.
  2. Your subnet, for example: 10.0.0.0/24
  3. Your gateway, for example: 10.0.0.20
  4. An unused IP for the container, for example: 10.0.0.44
  5. A name you want to use for the network, for example: bind_net
Run this command as root in Nodegrid, replacing with your IP values:
  1. docker network create -d macvlan \
  2.   --subnet=10.0.0.0/24 \
  3.   --gateway=10.0.0.20 \
  4.   -o parent=eth0 \
  5.   bind_net
This creates the network and you can view with the command docker network list, and inspect it with docker network inspect bind_net

Run BIND9 container with its own IP

Next run the docker command to download bind9 image from docker hub.  I recommend using the Official ISC BIND 9 image at hub.docker.com: internetsystemsconsortium/bind9

  1. docker run -d --name bind9 --restart=always --network bind_net --ip 10.0.0.44 internetsystemsconsortium/bind9:9.20

This will immediately download the image and start the container.  You do not need to customize this image as by default it runs as a Recursive DNS Server and listens on port 53.  Since we are using macvlan, we don't need to map any ports from the host to the container because the container has its own IP address.

You can test immediately from a server that is not the Nodegrid host

For example:

  1. root@MGMT:~# dig @10.0.0.44 yahoo.com

  3. ; <<>> DiG 9.18.28 <<>> @10.0.0.44 yahoo.com
  4. ; (1 server found)
  5. ;; global options: +cmd
  6. ;; Got answer:
  7. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56992
  8. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

  10. ;; OPT PSEUDOSECTION:
  11. ; EDNS: version: 0, flags:; udp: 1232
  12. ; COOKIE: 3d3aa388559d42bf0100000068dc62f678736330c2e8e161 (good)
  13. ;; QUESTION SECTION:
  14. ;yahoo.com.                     IN      A

  16. ;; ANSWER SECTION:
  17. yahoo.com.              1285    IN      A       74.6.143.25
  18. yahoo.com.              1285    IN      A       74.6.231.21
  19. yahoo.com.              1285    IN      A       74.6.231.20
  20. yahoo.com.              1285    IN      A       74.6.143.26
  21. yahoo.com.              1285    IN      A       98.137.11.163
  22. yahoo.com.              1285    IN      A       98.137.11.164

  24. ;; Query time: 1 msec
  25. ;; SERVER: 10.0.0.44#53(10.0.0.44) (UDP)
  26. ;; WHEN: Tue Sep 30 23:08:38 UTC 2025
  27. ;; MSG SIZE  rcvd: 162

  29. root@MGMT:~#

Summary

This is the most practical way to use Nodegrid for providing recursive DNS service for other systems in your network.  It relies on Docker's simplicity and lightweight load on the system and also does not interfere with Nodegrid's networking stack.


    • Related Articles

    • Nodegrid Docker license and virtualization

      The Nodegrid platform allows administrators to run Docker applications. The platform allows pulling of Docker applications from Docker Hub, starting and stopping of the Docker Containers. The management of Docker Applications is currently only ...

    • Docker container exits and stops running

      Nodegrid supports docker virtualization and to run docker you require a license. All you need is to install the license and activate the docker in Nodegrid. If the license is not installed on the device, docker might not run at all or container would ...

    • Licensing and activating Docker virtualization

      The Nodegrid platform allows administrators to run Docker applications. To work in Docker, one needs a license that must be installed in Nodegrid. Follow this steps to run docker in Nodegrid, Login in as admin in WebUI Go to System and navigate to ...

    • Nodegrid and Docker

      To use Docker with Nodegrid, you need to enable the service and add a Docker license. If you don't have a Docker license for Nodegrid OS, you can reach out to your account manager or contact support@zpeystems.com. Without a Docker license, your ...

    • Customize docker data-root from Nodegrid UI

      In Nodegrid 6.0 or greater, you can customize the docker data-root from the Web UI. You can specify which disk partition to move the docker data-root. Any mounted and formatted disk partition can be used. The location will be created as /docker. If ...