MDNS from Docker


#1

This is more of a general Docker question but one that I’d think maybe someone else here has encountered - Docker seems to have issues with bridging UDP multicast from host network to the internal docker network. I’ve seen resin commits on the nodejs mdns project so I’m wondering if someone from Resin knows how to solve this.

Use case: My resin-based product needs to detect other (third-party, non-resin) hardware on the local network. Using standard mDNS/ DNS-SD this is relatively straightforward.

However the Docker way of creating a private bridge network + exposed ports doesn’t work with UDP multicast and thus far I haven’t been able to figure out brctl or iptables rules to get this to work. Do you just run the container in host mode networking instead? Thx.


#2

Hey, as I checked, you can install avahi/nss-mdns in your container, and will be able to scan and access other LAN devices through that. What exactly are you trying to do, and what have you tried out so far?

For example, using a Raspberry Pi 3, this worked for me:

Dockerfile:

FROM resin/raspberrypi3-debian:jessie

WORKDIR /usr/src/app/
ENV INITSYSTEM on

RUN apt-get update && \
    apt-get install -yq \
      avahi-daemon avahi-utils libnss-mdns

RUN systemctl enable avahi-daemon

COPY nsswitch.conf /etc/nsswitch.conf

CMD avahi-browse -a

and nsswitch.conf is a standard mdns-enabled version to include this line:
hosts: files mdns_minimal [NOTFOUND=return] dns

Then in the logs avahi-browse finds the other local devices, can ping by their .local name, etc…

Does any of this help, or it’s on the wrong track?


Ping devices on the local network via hostname
#3

You know what maybe you are right - should it also be able to advertise a service and respond to UDP multicast queries?

I know for certain that when I was working with a third-party protocol that uses UDP broadcast, when I sent the broadcast from an app inside a container, it never received responses. Assumed it would be the same for UDP multicast as well. This from code that works fine outside a container. I will def try that Dockerfile and I’ll try advertising a service with avahi too using that same base image.

Again I understand this is not a Resin issue per se, but something that has prevented me from further exploring Docker as a potential solution for an ARM/Linux based product. Thanks for responding!


#4

It’s a good question, I’m checking it with our team. Browsing the Docker docs, I think it’s more of a configuration issue than anything else. Will let you know when I find out more!


#5

hey @thom_nic, checked it out, all the ports are exposed, and can use mDNS/Avahi, as well as communication on either TCP or UDP (the two things are separate issues). Here’s an example project setting up a small TCP server and a small UDP server, advertising them over Avahi (so covering both bases): https://github.com/resin-io-playground/resin-mdns-service

What have you tried so far, had a chance to test t functionality you’ve mentioned that you need?


#6

Hey thanks so much for looking into this. I will have to do more investigation. Does resin have specific iptables or brctl rules setup or is it pretty much stock Docker bridged network setup?


#7

I think it’s all open to the container, so whatever services you run in there will be able to connect to the outside. Would recommend just spinning up a test device, and poking around there, trying things out :slight_smile: That’s usually the quickest way.