What is correct way to fix name resolution from Docker container?
The solution for docker run
is very simple - we need to choose host network with --network host
option:
docker run -it --network host ubuntu:19.04 apt update
and then the problem will be solved.
But it also should be noted that docker build
has --network
option only starting only from 18.04 LTS. So if we need docker build --network host
for 16.04 LTS we need to use docker-ce
package from docker.com.
N0rbert
Updated on September 18, 2022Comments
-
N0rbert over 1 year
I have clean Ubuntu MATE 16.04.6 LTS installed.
I installed Docker from repository here with:sudo apt-get install docker.io
and added my user to
docker
group withsudo usermod -a -G docker $USER
then I downloaded Ubuntu 19.04 container with
docker pull ubuntu:19.04
and tried to run
apt update
inside itdocker run -it ubuntu:19.04 apt update
but got network errors:
$ docker run -it ubuntu:19.04 apt update Err:1 http://archive.ubuntu.com/ubuntu disco InRelease Temporary failure resolving 'archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu disco-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://archive.ubuntu.com/ubuntu disco-updates InRelease Temporary failure resolving 'archive.ubuntu.com' Err:4 http://archive.ubuntu.com/ubuntu disco-backports InRelease Temporary failure resolving 'archive.ubuntu.com' Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-updates/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-backports/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/disco-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead.
The
/etc/resolv.conf
inside container is the following:$ docker run -it ubuntu:19.04 cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 8.8.4.4
The host system has internet, the NetworkManager is used with default settings:
$ cat /etc/NetworkManager/NetworkManager.conf [main] plugins=ifupdown,keyfile,ofono dns=dnsmasq [ifupdown] managed=false
all files on the system are unchanged - the
debsums --changed --all --silent
command returns nothing.The requested output of
iptables -S
is below:$ sudo iptables -S -P INPUT ACCEPT -P FORWARD DROP -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION-STAGE-1 -N DOCKER-ISOLATION-STAGE-2 -N DOCKER-USER -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j RETURN
Which settings should I change to fix DNS (name resolution) from Docker container?
Notes:
- I know about disabling DNS masquerading (
#dns=dnsmasq
), but I do not want to use this option. - I got the same result while using Docker-CE from docker.com.
- The system installed from netinstall mini.iso does not suffer from aforementioned problem. It uses
ifupdown
. So the NetworkManager is the root of this problem.
-
Byte Commander almost 5 yearsI never used the
docker.io
package from the universe repo. Any specific reason you need that one? Otherwise I'd suggest uninstalling it and tryingdocker-ce
from Docker's own official repo instead. Follow docs.docker.com/install/linux/docker-ce/ubuntu/… -
N0rbert almost 5 yearsThanks, but Docker CE does not change the behaviour.
-
Byte Commander almost 5 yearsCheck your firewall rules (e.g.
sudo iptables -S
). Maybe you're blocking traffic on the virtual interface docker uses?
- I know about disabling DNS masquerading (
-
XtraSimplicity almost 3 yearsWhilst this does work, you shouldn't need to bind to the host's network to be able to perform DNS lookups.