Reputation: 11
How to configure DNS load balancing (round robin) for 2 apache2 web servers on local (home network) using bind9 docker container?
to start - I am still looking around on site investigating answers that look like they may allow me to find solution to my problem, posting here definitely isn't my first stop to find a solution I have been trying things for a while today. Also - thank you for reading. I am working on an assignment for class where the object is to run a bind9 docker container as a DNS Load balancer to balance requests between two web servers using the round-robin method. So basically if I put in a request to the web server's domain name it will go to one web server's IP address, then the next request will go to next web server's IP address. I apologize if my terminology is a bit off, I'm still learning this stuff, but hopefully I've gotten the point across. I have been trying to use 2 Ubuntu 16.04 VMs for this, one with an httpd container running and one with httpd container and bind9 container running. I am able to get the web servers running, I'm able to connect to them using the host IP, and I'm also able to get the bind9 container running. The part I'm really having trouble with is actually getting the bind9 DNS container to take me to the web server(s) if I enter the domain name into the browser.
Here is the command I used to start the bind9 container: docker run -d --name=bind --dns=127.0.0.1 --publish=192.168.0.45:53:53/udp --publish=192.168.0.45:10000:10000 --volume=/srv/docker/bind:/data --env='ROOT_PASSWORD=SecretPassword' sameersbn/bind:latest
And the web servers are pretty straightforward I just bind the directory with my index.html file to /usr/local/apache2/htdocs and publish it to port 80 of host from port 80 of container.
All this has to be is a really simple setup on my local network so I don't need to register a domain name, I don't need mail servers or anything, ALL I NEED TO DO, is be able to use 'dig' to query the DNS server for the load balanced hostname, and have it resolve to the two different IP addresses of the web servers. Thank you for any guidance on this I would really appreciate a bit of help, I've looked at a ton of resources and I just don't know what's going wrong.
After I start the DNS server (bind9 container), I can use the command 'host google.com 172.x.x.x' and it returns the right info, 172.x.x.x is the IP of the docker container I guess, because my local network is 192.168.0.1/24. When I try to do the same command with the IP of the docker host, it says REFUSED. I tried editing ACL's, using webmin to add zones and address records, and I just couldn't get it working. I'll stop writing now hopefully I've given enough info, thank you for reading.
Upvotes: 1
Views: 1095
Answers (1)
Reputation: 20570
You didn't describe what 172.x.x.x is all about.
It's unclear why it would be relevant at all.
Please post dig output.
The host command is nice enough,
but seeing additional details will aid your debugging efforts.
You are shooting for output that resembles this:
$ dig +nottl a yahoo.com @8.8.8.8
; <<>> DiG 9.10.6 <<>> +nottl a yahoo.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50455
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;yahoo.com. IN A
;; ANSWER SECTION:
yahoo.com. IN A 74.6.143.25
yahoo.com. IN A 74.6.231.20
yahoo.com. IN A 74.6.231.21
yahoo.com. IN A 98.137.11.163
yahoo.com. IN A 98.137.11.164
yahoo.com. IN A 74.6.143.26
;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
There are two things you want to see working.
(1.) Shell into the container and do a local dig query to obtain an answer from the local BIND server. We want to verify we can get a good answer in the "easy" case. Mess with the daemon's config until the answer looks sensible.
Also, use netstat -an and/or lsof -i:53
to verify the daemon issued a bind() for 0.0.0.0
or similarly appropriate address.
(2.)
From the client of interest, send a dig query @192.168.0.45.
If this fails, it's a network routing thing.
While you're at it, verify that curl (or telnet)
can hit TCP port 10000.
You will find it convenient to use curl -i
so you'll see the headers sent back by the webserver.
There's a slightly fine point here.
You configured UDP 53, which is kind of good enough.
But it's certainly not correct.
DNS requires connectivity on TCP port 53, as well.
Sometimes DNS answers are too big to fit within
a single (unfragmented) UDP packet.
Especially within a signed DNSSEC zone.
When that happens, the nameserver sends a response marked "truncated",
and client is expected to retry on TCP port 53.
You may find that telnet 192.168.0.45 53 is a convenient way
to verify connectivity.
Upvotes: 0
Related Questions
- how to configure ARR reverse proxy and URL Rewrite for iis docker container?
- How to get the IP address of the docker host from inside a docker container
- How to persist data in a dockerized postgres database using volumes
- Access host database from a docker container
- How to set bind9 docker container as dns of other container
- How to debug DNS not working for Docker Container?
- Assigning vhosts to Docker ports