Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

All external DNS queries fail from within docker container

Tags:

docker

dns

docker-swarm

Current docker version: 1.13.1, build 092cba3.

Contents of /etc/resolv.conf:

search mycompany.local
nameserver 127.0.0.11
options ndots:0

(real company name obfuscated).

nslookup on the host itself is 100% fine, but from within container any external hostname look fails (can't event run apt-get update). The same symptoms persist in all my hosts in the 4-node cluster. Note that internal service name resolution seems to be working between the containers.

Running the same application directly on my laptop (on same office network) hostnames resolve fine.

This is becoming a bit of a slow moving disaster.

The cluster involved is still a pre-1.12 build, it that might have any bearing.

like image 877
demaniak Avatar asked Feb 14 '17 10:02

demaniak

People also ask

What DNS does a Docker container use?

Docker containers take DNS IPs from the host machine, which is managed by systemd-resolve . Those IPs themselves are the cloud provider's DNS.

Does Docker cache DNS?

The solution: a Docker DNS cache, using dnsmasq A great choice for a cache like this is dnsmasq. It's reliable, widely used, and super simple to set up. And since all of our testing runs inside Docker containers, it made sense to run the DNS server in Docker too.

Do Docker containers use host DNS?

DNS services conf configuration file. Containers that use the default bridge network get a copy of this file, whereas containers that use a custom network use Docker's embedded DNS server, which forwards external DNS lookups to the DNS servers configured on the host.

1 Answers

In Linux, the lo or localhost interface will have the address 127.0.0.1/8 (i.e. netmask 255.0.0.0). That netmask covers this entire range:

127.0.0.0 - 127.255.255.255

Since 127.0.0.11 falls into this range, connections to that address will attempt to route via the lo interface (inside the container) as a connected route. Unless your container has that address configured internally and has a DNS resolver listening on that address, this will result in a connection timeout.

You can probably solve this by either routing 127.0.0.11 out the main interface of the container (e.g. eth0), or by changing the DNS resolver address so it is outside of 127.0.0.0/8.

You can also set DNS server IP(s) explicitly.

docker run --dns 1.2.3.4                  # set one server
docker run --dns 1.2.3.4 --dns 5.6.7.8    # set multiple servers

Or using docker-compose.yml:

dns: 1.2.3.4

dns:
  - 1.2.3.4
  - 5.6.7.8
like image 65
Dan Lowe Avatar answered Oct 24 '22 18:10

Dan Lowe
Sign in to Comment

Related questions

How to get docker container ID from within the container with cgroup v2
Port-forwarded Rails app in Docker seems to cause CSRF exception
JVM Memory Allocation In Docker (LXC) Container
How do I make docker-compose on OS X work with a Play app?
GitLab-CI multi runner start docker container
Docker can't write to directory mounted using -v unless it has 777 permissions
How can I attach VS Code to a node process running in a docker container
Download all dependencies, plugin dependencies, compilers, etc. with Maven?
Named pipes in docker container folder mounted to mac os x file system through boot2docker
npm install shows colors during install on Docker Hub
How to run a service on AWS ECS with container overrides?
Docker Maven Spotify plugin - Possible to switch to non-secure registry
Composer Install (own Container) with Docker missing PHP Extensions
Dockerized MongoDB on Heroku?
Device mapping to container in docker lacks info
Docker Container's network interface in promiscuous mode
How to use Docker and PyCharm on Mac?
How to make containers communicate with each other in ECS without link and port mapping?
Docker History Base Image Add:sha256hash

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!