First, sorry for the lenghty post, but I don't know how to boil it down to less than this. I have already cut a lot of unnecessary configuration stuff to end up with the basic info needed.
I am setting up a dns recursor pair, ns1 and ns2, each on a separate server. Each server contains the powerdns-pair of dnsdist frontent and recursor backend, running in separate containers, one for each, managed by docker-compose, based on tcely/dnsdist from Docker Hub.
ns1: 192.168.0.1
ns2: 192.168.0.2
My objective is to have dnsdist able to query both recursors, in it's loadbalancing function, so i have a dnsdist.conf that, cut down to the essentials look like this:
newServer{address='192.168.0.1:5300', order=1}
newServer{address='192.168.0.2:5300', order=2}
setServerPolicy(firstAvailable)
setLocal('0.0.0.0')
Largely the same for both servers but with the order reversed, so primary recursor should be the "local" one.
I won't confuse things with the recursor.conf, suffice to say that it allow-from 0.0.0.0/0, so the recursor does not block anyone from querying it at this point.
Finally we get to the point:
When I start the pod, dnsdist comes up with the following log errors:
...
Marking downstream 192.168.0.1:5300 as 'down'
Marking downstream 192.168.0.2:5300 as 'up'
...
When I try to find out why it thinks the local recursor is down, by entering into the dnsdist container and run "dig" from there, i get this:
/ # dig @192.168.0.2 -p 5300 a.root-servers.net. +short
198.41.0.4
/ # dig @192.168.0.1 -p 5300 a.root-servers.net. +short
;; reply from unexpected source: 172.20.0.1#5300, expected 192.168.0.1#5300
So - it seems when i query the other container's external IP, it replies with the internal IP. If I could query the other containers internal ip, i..e in this case 172.20.0.1, I would do so, but that IP is local to the container and changes every time it is restarted.
So, the question is, how do I get around this? Is there a way in Docker to hardcode the internal IP addresses used, or to get the container/dnsdist to ignore the fact that it get a reply from another IP address than expected?
EDIT - for clarification: Docker automatically assigns network names, so for example, i can 'ping recursor' and it will resolve to the resolver-containers private IP address. I just can't use this for anything because dnsdist.conf only accepts IP addresses, and as I started out explaining, the IP addresses are set randomly by docker when the container starts.