Docker cannot resolve private network DNS

Question

Docker cannot resolve private network DNS

My machine is on a private network with private DNS servers and a private zone for resolving DNS. I can resolve hosts in this zone from my host computer, but I cannot resolve them from containers running on my host computer.

Host

root@host :~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1 root@host :~# ping privatedomain.io PING privatedomain.io (192.168.0.101) 56(84) bytes of data.

Container

 root@container :~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 8.8.4.4 root@container :~# ping privatedomain.io ping: unknown host privatedomain.io

It’s pretty obvious that Google’s public DNS servers will not allow my private DNS queries. I know that I can force it using docker --dns 192.168.0.1 or set DOCKER_OPTS="--dns 192.168.0.1" in /etc/default/docker , but my laptop often switches networks. There seems to be a systematic way to solve this problem.

+13

docker dns dnsmasq

wizulus Sep 08 '16 at 10:05

source share

3 answers

For Ubuntu 18.04 and other systems using systemd-resolved, you may need to install dnsmasq and resolvconf. systemd-resolved is hard-coded to listen on 127.0.0.53 , and Docker filters out any feedback address when reading resolv.conf .

1 Install dnsmasq and resolvconf.

 sudo apt update sudo apt install dnsmasq resolvconf

2 Edit /etc/dnsmasq.conf and add the following lines:

 interface=docker0 bind-interfaces listen-address=172.17.0.1

3 Create / edit /etc/resolvconf/resolv.conf.d/tail and add /etc/resolvconf/resolv.conf.d/tail line:

 nameserver 172.17.0.1

4 Restart the network, update resolv.conf , restart the docker:

 sudo service network-manager restart sudo resolvconf -u sudo service dnsmasq restart sudo service docker restart

Now your containers will be able to resolve DNS from any DNS servers that the host uses.

+9

wizulus 01 Oct '18 at 17:34

source share

This was enough for Ubuntu 18.04 LTS:

 sudo service network-manager restart sudo resolvconf -u sudo service dnsmasq restart sudo service docker restart

0

Salvador briones Jun 27 '19 at 11:02

source share

wizulus · Accepted Answer · 2016-09-08T22:05:15+0000

Docker populates /etc/resolv.conf by copying the /etc/resolv.conf host and filtering out all local name servers, such as 127.0.1.1. If there are no name servers left after that, Docker will add Google’s public DNS servers (8.8.8.8 and 8.8.4.4).

According to the Docker documentation :

Note If you need access to the localhost host identifier, you must change the DNS service on the host to listen for a non-local address accessible from the container.

The host DNS service is dnsmasq, so if you force dnsmasq to listen on your docker IP address and add it to resolv.conf, docker will configure the containers to use this as a name server.

1 Create / edit /etc/dnsmasq.conf ^† and add the following lines:

 interface=lo interface=docker0

2 Find your docker IP address (in this case 172.17.0.1 ):

 root@host :~# ifconfig | grep -A2 docker0 docker0 Link encap:Ethernet HWaddr 02:42:bb:b4:4a:50 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0

3 Create / edit /etc/resolvconf/resolv.conf.d/tail and add /etc/resolvconf/resolv.conf.d/tail line:

 nameserver 172.17.0.1

4 Restart the network, update resolv.conf , restart the docker:

 sudo service network-manager restart sudo resolvconf -u sudo service docker restart

Now your containers will be able to resolve DNS from any DNS servers that the host uses.

^{† The path may be /etc/dnsmasq.conf , /etc/dnsmasq.conf.d/docker.conf , /etc/NetworkManager/dnsmasq.conf or /etc/NetworkManager/dnsmasq.d/docker.conf depending on your system and personal preferences.}

Docker cannot resolve private network DNS

More articles: