From 2c7754c0e3065e5592605ac0a6cc288c4d26f5d3 Mon Sep 17 00:00:00 2001 From: Kate Tungusova Date: Mon, 5 May 2025 16:25:55 +0100 Subject: [PATCH 1/2] [CF1] docker + WARP DNS --- .../troubleshooting/known-limitations.mdx | 53 ++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx index a5ea1cbf5a3bfba..a1dcba40b4a10b6 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx @@ -100,7 +100,58 @@ or create a Docker network with a working MTU value: docker network create -o "com.docker.network.driver.mtu=1420" my-docker-network ``` -The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users. +The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users. + +## Access WARP DNS from Docker + +WARP runs a local DNS proxy on `127.0.2.2` and `127.0.2.3`. You may need access to these addresses from within Docker containers to resolve internal-only or fallback domains. The default Docker [bridge network](https://docs.docker.com/engine/network/drivers/bridge/) copies the DNS settings from the host, but filters out loopback DNS addresses like `127.0.2.2` and `127.0.2.3`, so containers cannot use them. + +To enable WARP DNS resolution with containers: + +- Use a [custom Docker network](https://docs.docker.com/engine/network/#user-defined-networks) (recommended): Allows the Docker container to still use the bridge network driver that maintains network isolation from the host. If you are creating your own bridge network, you should also [adjust the MTU accordingly](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#docker-on-linux-with-bridged-networking). +- Use [host networking](https://docs.docker.com/engine/network/drivers/host/) (not recommended): Removes the security benefits of network isolation and may lead to port conflicts. + +The following example uses a special host (`connectivity-check.warp-svc`) that is only resolvable by the local DNS proxy to show the supported Docker networking modes. + +``` +# This host is not resolvable by default +❯ docker run --rm alpine nslookup connectivity-check.warp-svc. +Server: 8.8.8.8 +Address: 8.8.8.8:53 + +** server can't find connectivity-check.warp-svc.: NXDOMAIN +** server can't find connectivity-check.warp-svc.: NXDOMAIN + +# Create a bridge network called demo +❯ docker network create demo +e1e1943a6995a7e8c115a1c60357fe64f87a3ae90074ce6e4c3f0d2bba3fa892 + +# The host is resolvable by running a container under this custom network +❯ docker run --rm --net demo alpine nslookup connectivity-check.warp-svc. +Server: 127.0.0.11 +Address: 127.0.0.11:53Non-authoritative answer: +Name: connectivity-check.warp-svc +Address: ::ffff:127.0.2.2 +Name: connectivity-check.warp-svc +Address: ::ffff:127.0.2.3Non-authoritative answer: +Name: connectivity-check.warp-svc +Address: 127.0.2.2 +Name: connectivity-check.warp-svc +Address: 127.0.2.3 + +# The host is also resolvable by running using a host network +❯ docker run --rm --net host alpine nslookup connectivity-check.warp-svc. +Server: 127.0.0.11 +Address: 127.0.0.11:53Non-authoritative answer: +Name: connectivity-check.warp-svc +Address: ::ffff:127.0.2.2 +Name: connectivity-check.warp-svc +Address: ::ffff:127.0.2.3Non-authoritative answer: +Name: connectivity-check.warp-svc +Address: 127.0.2.2 +Name: connectivity-check.warp-svc +Address: 127.0.2.3 +``` ## Windows 10 in Microsoft 365 Cloud PC is not supported From 2097cf549dc06f23eb5afcb7ee0d2b3ffba8958f Mon Sep 17 00:00:00 2001 From: Kate Tungusova <70746074+deadlypants1973@users.noreply.github.com> Date: Mon, 5 May 2025 17:41:48 +0100 Subject: [PATCH 2/2] Update src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> --- .../connect-devices/warp/troubleshooting/known-limitations.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx index a1dcba40b4a10b6..c2892540cb983e5 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx @@ -139,7 +139,7 @@ Address: 127.0.2.2 Name: connectivity-check.warp-svc Address: 127.0.2.3 -# The host is also resolvable by running using a host network +# The host is also resolvable by running a container using a host network ❯ docker run --rm --net host alpine nslookup connectivity-check.warp-svc. Server: 127.0.0.11 Address: 127.0.0.11:53Non-authoritative answer: