Unclear how to disable CoreDNS about docker-wireguard HOT 15 CLOSED

Even in server mode, if the admin is running a different DNS server, (i.e. pihole), and especially if on the same host in another docker container ... coredns should be able to be disabled.

EDIT: example scenario:

fermulator@docker:/srv/wireguard$ cat docker-compose.yml 
version: "2.1"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Toronto
      - SERVERURL=SNIP
      - SERVERPORT=51820
      - PEERS=1
      - PEERDNS=10.0.0.60
      - INTERNAL_SUBNET=10.13.13.0 #optional
    volumes:
      - /srv/wireguard/config:/config
      - /lib/modules:/lib/modules
      - /usr/src:/usr/src
    network_mode: "host"
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

from docker-wireguard.

because this is the only way to get it to work alongside docker w/ pihole I was told;

if pihole is in host (if for some ungodly reason you put it in docker) it will use 53 on the host. if wireguard is in bridge, it will use 53 inside the container and not conflict. We do not instruct mapping port 53 while it's in bridge. putting wireguard in host, as server mode, is the cause of the issue. Putting it in host as a client is a bandaid for users who dont understand how to properly route traffic through a container. Either way, this is closed and already resolved by 71.

from docker-wireguard.

Thanks for opening your first issue here! Be sure to follow the issue template!

from docker-wireguard.

What would you like to see as the resolution to this issue?

from docker-wireguard.

@ironicbadger

1. (When) does using container networking (as opposed to network_mode host) make sense when using the client mode? Is there a way to expose the VPN to the rest of the system, or would this always require host networking mode? (In my case, I want to use the container in a way that exposes the VPN not only to the container network but also to the host, just like if WireGuard is used on the host system)

2. Is CoreDNS necessary at all in client mode? In server mode I see it makes great sense, but does it add anything when using in client mode?

3. When using network_mode: host in client mode, CoreDNS is started on port 53 of the host system (in certain configurations this even overrides existing firewall rules, so it may even be public). If it does not make sense to automatically disable CoreDNS in client mode (see 2.), I'd like to have a switch (env?) for disabling CoreDNS.

from docker-wireguard.

current workaround known: #13 (comment)

from docker-wireguard.

Question is, why would you run it with host networking?

from docker-wireguard.

Question is, why would you run it with host networking?

Isn't this the only way to provide VPN networking (including IPv6) to the host through the container?

from docker-wireguard.

My question was for formulator who's using host networking in server mode, for which I can think of no reason.

For client mode, I see the use case and the necessity and we're working on something.

from docker-wireguard.

@aptalca We are having similar questions. Is the expected setup to run both a server and host networking mode client container when the server host machine is to also participate in the network?

from docker-wireguard.

My question was for formulator who's using host networking in server mode, for which I can think of no reason.

For client mode, I see the use case and the necessity and we're working on something.

because this is the only way to get it to work alongside docker w/ pihole I was told;

from docker-wireguard.

Sorry for bringing an old thread back to life, but I had a similar issue and got it resolved so I thought I'd share.

I needed my wireguard server to allow access to the LAN and I could not for the life of me get it to work in bridge mode. I guess that required more advanced docker networking than I was willing to put into this. host mode just worked out of the box.

Similarly to OP's post, it caused a port collision with my pihole on port 53.

So my fix was to edit the "corefile" located under config/coredns/Corefile. You can tell it which port to register to using this syntax:

.:51008 {
    forward . 1.1.1.1 8.8.8.8 9.9.9.9 
    log
    errors
}

And voila, it's still running unnecessarily, but at least my pihole works.

Wonderful container BTW!

from docker-wireguard.

Had the some problem.
My solution was to delete the CoreDNS package from the official Docker image:

ARG VERSION

FROM docker.io/linuxserver/wireguard:${VERSION} AS release

RUN set -eux \
    && apk update \
    && apk upgrade \
    && apk del \
        coredns \
    && rm -rf /var/cache/apk/*

from docker-wireguard.

You can also pass in the undocumented environment variable: USE_COREDNS: "false"

The coredns startup script /etc/s6-overlay/s6-rc.d/svc-coredns/run uses the environment variable internally but doesn't clear it before hand. This means you can pass it in directly to the container.

from docker-wireguard.

You can also pass in the undocumented environment variable: USE_COREDNS: "false"

That format didn't work for me but USE_COREDNS=false didn't throw an error and seems to have prevented coredns from starting. Probably a version thing. Cheers for the find.

from docker-wireguard.