https://github.com/philyg/triplednsmasq
It often makes sense to have a private domain name service available. While services like BIND have been around for ages, I personally dislike the configuration style and layout as it is quite complex if for example all you need is a handful of A entries to resolve. For this, Dnsmasq is a comfortable alternative, saving DNS entries and configuration in simple line-wise configuration files.
However, to reload the configuration, Dnsmasq has to be restarted. This could lead to a short downtime of the DNS which is undesireable. This project therefore consists of a docker image that runs three Dnsmasq daemons instead of only one. One of the daemons is a simple failover for the other two. This way, while one server restarts, the other is still available to serve requests, and then the other can restart while the first serves requests.
The project shall implement the following docker image:
- An alpine based image with Dnsmasq installed
- A script that starts three Dnsmasq daemons with:
- One front-facing load balancer and
- Two backend servers
- A script to safely reload the configuration by restarting the backend servers in sequence
This project is implemented using:
- A docker image as described in
image/Dockerfilewith integrated frontend configuration, startup script and reload script - An example compose file in
docker-compose.yml - An example configuration in
data/dnsmasq/ - A dockercomposemk Makefile
Build the image running make build.
Start the container in detached mode using make up.
To reload the configuration, run make reload.
Important
Many current linux systems already have systemd-resolved running on port 53, so to serve the domain service using triplednsmasq, either disable systemd-resolved entirely or only the DNSStubListener component, or configure triplednsmasq to use a different port than 53 in the docker-compose.yml. Otherwise, you will receive an address already in use error.
Note however, that Microsoft Windows does not (easily?) allow to use DNS servers on a port other that 53!
Example configuration files are placed in data/dnsmasq/.
The subdirectory conf contains configuration files for Dnsmasq:
00_base.conf: Basic configuration options about name resolution.01_server.conf: Which servers to use and which domains to resolve without forwarding.02_entries.conf: Configuration-Style DNS entries like CNAME, SRV and TXT.
The hosts subdirectory contains hosts files - each hosts file can contain multiple IP/hostname mappings, all hosts files are merged by Dnsmasq.
Tip
It is not recommended to use .local as a top level domain for names to be resolved via unicast domain name services. Many implementations (including systemd-resolved) do not even try to resolve .local via DNS but instead try to look up the name using multicast DNS procotols. For (most probably) usable TLDs see RFC 6762 Appendix G.