What is correct way to fix name resolution from Docker container?

16.04 networking dns docker container
9,101

The solution for docker run is very simple - we need to choose host network with --network host option:

docker run -it --network host ubuntu:19.04 apt update

and then the problem will be solved.

But it also should be noted that docker build has --network option only starting only from 18.04 LTS. So if we need docker build --network host for 16.04 LTS we need to use docker-ce package from docker.com.

Share:
9,101
N0rbert
Author by

N0rbert

Updated on September 18, 2022

Comments

  • N0rbert
    N0rbert over 1 year

    I have clean Ubuntu MATE 16.04.6 LTS installed.
    I installed Docker from repository here with:

    sudo apt-get install docker.io

    and added my user to docker group with 

    sudo usermod -a -G docker $USER

    then I downloaded Ubuntu 19.04 container with

    docker pull ubuntu:19.04

    and tried to run apt update inside it

    docker run -it ubuntu:19.04 apt update

    but got network errors:

    $ docker run -it ubuntu:19.04 apt update
Err:1 http://archive.ubuntu.com/ubuntu disco InRelease                   
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu disco-security InRelease         
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu disco-updates InRelease           
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu disco-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done        
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco/InRelease  Temporary
failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-updates/InRelease 
Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-backports/InRelease 
Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/disco-security/InRelease 
Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

    The /etc/resolv.conf inside container is the following:

    $ docker run -it  ubuntu:19.04 cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 8.8.8.8
nameserver 8.8.4.4

    The host system has internet, the NetworkManager is used with default settings:

    $ cat /etc/NetworkManager/NetworkManager.conf 
[main]
plugins=ifupdown,keyfile,ofono
dns=dnsmasq

[ifupdown]
managed=false

    all files on the system are unchanged - the debsums --changed --all --silent command returns nothing.

    The requested output of iptables -S is below:

    $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

    Which settings should I change to fix DNS (name resolution) from Docker container?

    Notes:

    1. I know about disabling DNS masquerading (#dns=dnsmasq), but I do not want to use this option.
    2. I got the same result while using Docker-CE from docker.com.
    3. The system installed from netinstall mini.iso does not suffer from aforementioned problem. It uses ifupdown. So the NetworkManager is the root of this problem.
    • Byte Commander
      Byte Commander almost 5 years
      I never used the docker.io package from the universe repo. Any specific reason you need that one? Otherwise I'd suggest uninstalling it and trying docker-ce from Docker's own official repo instead. Follow docs.docker.com/install/linux/docker-ce/ubuntu/…
    • N0rbert
      N0rbert almost 5 years
      Thanks, but Docker CE does not change the behaviour.
    • Byte Commander
      Byte Commander almost 5 years
      Check your firewall rules (e.g. sudo iptables -S). Maybe you're blocking traffic on the virtual interface docker uses?
  • XtraSimplicity
    XtraSimplicity almost 3 years
    Whilst this does work, you shouldn't need to bind to the host's network to be able to perform DNS lookups.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Docker DNS settings
Problem running CURL with the dns option
Ubuntu 16.04 Cannot resolve hostnames
Getting connection refused in docker
How to get docker0 bridge back?
Very slow DNS lookup
BIND9 will not resolve
change DNS server in a non-persistent way (on the command-line) [rescue mode]
Why does /etc/resolv.conf not update when I change my DNS?
DNS works with host, but not with wget