Re: [Pdns-users] Master/Slaves in docker containers

Fri, 31 May 2019 01:07:45 -0700 

Hi Christian,

Did you take your tcpdump inside the container or outside?

> On 29 May 2019, at 18:42, Christian Tardif <christian.tar...@servinfo.ca 
> <mailto:christian.tar...@servinfo.ca>> wrote:
> 
> TCPDUMP for a dig:   (request was dig @192.168.213.12 SOA int.servinfo.stba
> 
> 16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 106: 
> vlan 213, p 0, ethertype IPv4, 192.168.213.11.33053 > 192.168.213.12.53: 
> 64585+ [1au] SOA? int.servinfo.stba. (58)
> 16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 106: 
> vlan 213, p 0, ethertype IPv4, 192.168.213.11.33053 > 192.168.213.12.53: 
> 64585+ [1au] SOA? int.servinfo.stba. (58)
> 16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype IPv4 (0x0800), length 102: 
> 192.168.213.11.33053 > 192.168.213.12.53: 64585+ [1au] SOA? 
> int.servinfo.stba. (58)

I assume this is “outside” the container: the ip traffic arrives on the host.

> 16:33:52.289371 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 102: 
> 172.17.0.1.1038 > 172.17.0.3.53: 64585+ [1au] SOA? int.servinfo.stba. (58)
> 16:33:52.289376 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 102: 
> 172.17.0.1.1038 > 172.17.0.3.53: 64585+ [1au] SOA? int.servinfo.stba. (58)
> 16:33:52.291796   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 90: 
> 172.17.0.3.53 > 172.17.0.1.1038: 64585 Refused- 0/0/1 (46)
> 16:33:52.291796  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 90: 
> 172.17.0.3.53 > 192.168.213.11.33053: 64585 Refused- 0/0/1 (46)

But then this is strange: the source ip gets translated, which shouldn’t 
happen. There’s nothing else running on the host that could mess with the 
traffic? Custom iptables rules, network-agents that intercept the traffic? 
Special network plugins? How are you starting the container? Could you send us 
the output of iptables-save?

The source ip address translation is not (default) docker behaviour. As the ip 
address is translated, pdns receives the notify from the translated IP instead 
of the one it should contact.

Frank

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to