DNS service that discovers all servers deployed under a subscription and dynamically manages a dnsmasq instance. The goal is to allow to provide a dns service on a private network
The container runs a DNSMasq instance and a basic process that queries the azure api for available servers.
- any queries that it cannot service are set to either the azure upstream dns or another configurable dns server (on premises upstream dns)
The purpose of this project is make it easier to implement the following dns forwarded concepts outlined in Azure documentation. This container is not dependant on persistent storage or any state. it can be started and stopped as many times as needed. The container will always discover its configuration from the Azure API.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances https://github.com/Azure/azure-quickstart-templates/tree/master/301-dns-forwarder
The container is configured using environment varaibles
The subscription where the the servers are running.
To get the subscription id execute ```az account list -o table``
the serivce principle app_id. The service principle is used to query the api for the VM ip addresses. To create a new Service principle that only has readonly rights
az ad sp create-for-rbac --role=Reader
this command will output the following. Where app_id can is passed as the SP_ID environment variable. It is recommend to note the information down
{
"appId": "XXXXXXX",
"displayName": "XXXXX",
"name": "XXXXX",
"password": "XXXXXXX",
"tenant": "XXXXXXX"
}
For more info on service principle creation see https://docs.microsoft.com/en-us/cli/azure/ad/sp#create-for-rbac
This is the password of the service principle output from the previous step
This is the TENANT of the service principle output from the previous step
This is the custom domain that the container applies to all discovered vms. The current format uses a combination of vmname, resourcegorup and CUSTOM_DOMAIN. For example a vm called "testvm" running in "testgroup" with a CUSTOM_DOMAIN=myapps.com will take the following format
- $vmname.$resourcegorup.$CUSTOM_DOMAIN and result in
- testvm.tesgroup.myapps.com
The parmater is a configurable upstream dns server. This parameter can be used to tell the server to forward any queries it cannot resolve to an upstream dns server. ideal use case is forwarding requests from the cloud vms to an onpremise dns service
to run uisng plain old simle docker the following
docker run --privileged -p 0.0.0.0:53:53 \
-e SUBSCRIPTION=XXXXXXX \
-e SP_ID=XXXXXXX \
-e SP_PASSWORD=XXXXXXX \
-e SP_TENANT=XXXXXX \
-e CUSTOM_DOMAIN=mycustom.domain \
-e UPSTREAM_DNS=8.8.8.8 --net=host dynamicdnsazure
Note: Currently deploying in azure container instances does not function as expected, possible due to a issue with UDP port not been exposed. please deploy with a docker enabled vm
az container create --image=ivmckinl/dynamicdnsazure:latest \
--location=westeurope \
--name=mydnsservice \
--resource-group=dynamicdns \
--port=53 \
--ip-address=public \
-e SUBSCRIPTION=XXXXx \
SP_ID=XXXXXXX \
SP_PASSWORD=XXXXX \
SP_TENANT=XXXX \
CUSTOM_DOMAIN=mehe.en \
UPSTREAM_DNS=8.8.8.8