#mDNS & Docker Bridge Networks

I'm trying to set up homeassistant container for the first time, publish it on the internet via tailscale funnel and get google assistant working with local fulfilment.

At the moment homeassistant is up and running via tailscale over the internet and the google assistant integration is working from the app, but not from google home devices. I have also started an mdns reflector docker container to reflect any mDNS announcements between my home network and the docker bridge network.

I think the issues locally might be related to mDNS announcing the docker container IP rather than the host IP that's on the same home network as my google home devices.

If I query the mDNS announcement from a windows device on the same network I get this:

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
d49b08f8e9f94cb89eae19f49c067e57.local         A      120   Answer     172.18.0.2

Name           : Home._home-assistant._tcp.local
QueryType      : NSEC
TTL            : 120
Section        : Additional
NextDomainName : Home._home-assistant._tcp.local
TypeBitMap     : {0, 8, 0, 0...}

Where 172.18.0.2 is the IP of the docker container, which isn't accessible from my main home network.

I'm not really sure where to go from here and what to try next. I took a quick look at the home assistant source code but the advertised IP seems to always be set by querying the network adapters of the device it's running on. Is there a way to change the ip that's being announced by the zeroconf mdns for homeassistant?

Thanks!

mDNS reflectors are known to be problematic - don't do that

Put HA in host networking, as required, and it'll all just work

I use a similar setup, for the homeassistant container, make you you are specifying port 5353.
Instead of using an mDNS reflecter, I am using an mDNS-repeater that is connected to the host network and relaying mdns requests to the docker network HA and most of my other containers are running on.
With this setup, anytime a new device is added to the network HA is able to see it

    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: homeassistant
    hostname: homeassistant
    restart: unless-stopped
    env_file: /docker/hassio/.env
    privileged: true
    ports:
      - 8123:8123
      - 1400:1400
      - 5353:5353
    volumes:
      - /docker/hassio/:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
      - /var/run/docker.sock:/var/run/docker.sock 
mdns:
    image: jdbeeler/mdns-repeater
    container_name: mdns
    hostname: mdns
    restart: unless-stopped
    network_mode: "host"
    privileged: true
    env_file:
      /docker/mdns/.env  
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  default:
    name: caddy
    external: true```
Here is the .env file for the mDNS-Repeater
```USE_MDNS_REPEATER=1
EXTERNAL_INTERFACE=enp0s31f6
DOCKER_NETWORK_NAME=caddy```

New to trying to use codeblocks in discord, forgive the formatting

The problem with that is I wouldn't be able to use the tailscale side to funnel traffic from the internet to the container

Thanks for this, I'm going to give this a try now. (FYI code blocks are setup with three backticks before and after the code)

Awesome, thanks for the tip

I use caddy for a reverse proxy so that I can have a few different services exposed to the outside, and this setup works great for me with 23 docker containers running, and all but mdns are on the caddy network.

Really?

Have you actually tried that, or are you just assuming?

||Because, I have zero issues reaching HA over Tailscale, with HA in host network mode||

I was going to say that tailscale sidecars work by servicelinking so I wouldn't be able to change the network mode. But perhaps setting the tailscale container to host networking would be a solution. I'll give it a try.

This is my current compose (I'm not having any luck with the repeater, it's also just repeating the docker ip address which isn't reachable from my main network:

  #  Home Automation  #
  #-------------------#
  homeassistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: homeassistant
    environment:
      - TZ=${TZ}
    volumes:
      - ./data/homeassistant:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    privileged: true
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
    network_mode: service:ts-homeassistant
    restart: unless-stopped
    depends_on:
      - ts-homeassistant

  ts-homeassistant:
    image: tailscale/tailscale:stable
    container_name: ts-homeassistant
    hostname: homeassistant
    environment:
      - TS_AUTHKEY=${TS_HA_AUTHKEY}
      - TS_EXTRA_ARGS=--advertise-tags=tag:container
      - TS_SERVE_CONFIG=/config/homeassistant.json
      - TS_STATE_DIR=/var/lib/tailscale
      - VIRTUAL_HOST=homeassistant.${DUCKDNS_SUBDOMAIN}.duckdns.org
      - VIRTUAL_PORT=8123
      - CERT_NAME=[redacted]
      - NETWORK=internal
    volumes:
      - ts_homeassistant_data:/var/lib/tailscale
      - ./data/tssidecar:/config
    ports:
      - 8123:8123
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    networks:
      - bridge
    restart: unless-stopped  

  mdns:
    image: jdbeeler/mdns-repeater
    container_name: mdns
    hostname: mdns
    restart: unless-stopped
    network_mode: host
    privileged: true
    environment:
      - EXTERNAL_INTERFACE=enp2s0
      - DOCKER_NETWORK_NAME=bridge
      - USE_MDNS_REPEATER=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock```

Yeah, I've got tailscale in host mode too, everything just works, and most importantly you've got a supported HA setup at that point

OK! mDNS at least is working correctly now! Thanks for the help, shame I had to move it to host network but at least it's working. Updated config for anyone else who might stumble on this:

  #  Home Automation  #
  #-------------------#
  homeassistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: homeassistant
    environment:
      - TZ=${TZ}
    volumes:
      - ./data/homeassistant:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    privileged: true
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
    network_mode: service:ts-homeassistant
    restart: unless-stopped
    depends_on:
      - ts-homeassistant

  ts-homeassistant:
    image: tailscale/tailscale:stable
    container_name: ts-homeassistant
    hostname: homeassistant
    environment:
      - TS_AUTHKEY=${TS_HA_AUTHKEY}
      - TS_EXTRA_ARGS=--advertise-tags=tag:container
      - TS_SERVE_CONFIG=/config/homeassistant.json
      - TS_STATE_DIR=/var/lib/tailscale
      - VIRTUAL_HOST=homeassistant.${DUCKDNS_SUBDOMAIN}.duckdns.org
      - VIRTUAL_PORT=8123
      - CERT_NAME=[redacted]
      - NETWORK=internal
    volumes:
      - ts_homeassistant_data:/var/lib/tailscale
      - ./data/tssidecar:/config
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    network_mode: host
    restart: unless-stopped  

Thanks for the help both of you!

You don't need network:host, but in your case it's easier.

You do if you want to run HA in a supported way 😉

Some integrations just won't work without it, and mDNS reflectors are known to cause problems with things like Thread/Matter

Out of interest, how is it done? I couldn't figure out a way to get mDNS to advertise the correct IP on my main network. It would only ever advertise the containers IP

You could use macvlan networking for docker container. Or what should work with your original setup is:

• Manually publish service with Avahi on the host
• add reflect-filters to filter out the advertisement with wrong ip from your container