I have an AdGuard Home Docker container that acts as DNS Server for my local network. The Docker host has the IP address 10.10.10.5 and the port 53 for the DNS server of AdGuard Home is exposed on the host. So, other machines on the 10.10.10.x network can access it via
10.10.10.5:53The Gateway on may local network is a regular home router that also provides a DNS server relaying to my ISPs DNS. Originally, the Docker host used the DNS of my home router, but in this configuration the Docker containers were accessing the relayed DNS of my ISP directly insted of the AdGuard Home server and so they cannot resolve internal DNS names that are used by my Traefik instance also on the same Docker host.
Changing the DNS server on the Docker host to the AdGuard Home server 10.10.10.5:53 the resolution on the Docker host works fine, but the DNS resolution on the other Docker Containers ins failing completely.
After some research on the Internet I found the discussion thread in 1. And it matched my issue. So, it seems that the exposure of the AdGuard Home containers port in the compose file via:
ports:
- '53:53/tcp'
- '53:53/udp'binds the port 53 on all network interfaces of the container. So, not just the 10.10.10.5 of the Docker host, but also 172.17. 0.x of the containers Docker internal network. When another Docker container now tries to resolve a DNS query, it will send the request to the configured 10.10.10.5:53, but gets the answer from the internal Docker network IP and so has a mismatch of the expected IP the answer should come from...
The solution in the end is dead simple and worked right out of the box. Changing the port configuration in the compose file:
ports:
- '10.10.10.5:53:53/tcp'
- '10.10.10.5:53:53/udp'this binds the AdGuard Home server to the IP of the Docker host only. So, leading to an answer from the 10.10.10.5 IP if a request from a separate Docker container is received, So, no missmach of expected IPs anymore.