Docker Community Forums

Share and learn in the Docker community.

Apt-get update don't working inside ubuntu docker

Hi, I don’t understand what happens inside my docker
If I run busybox for testing:
docker run busybox:1.28 nslookup google.com
it working fine, and any other command also working fine like ping my gaeway and so on, but only in busybox:1.28 (and not working at all in busybox:latest !!! - why?)

Ubuntu not working in my docker host at all, unfortunately I need exactly Ubuntu:xenial as base (busybox I used only as check my bridge and default docker configuration)

Now I have not access to any Ubuntu repository, of course this is problem of stupid distribution Ubuntu:xenial without any must have network utilities like ping, nslookup, curl, git, wget and so on.

I have understanding that my first step is read repository to cache, because layer 3 in ubuntu:xenial preparation is exactly clear any cache of repository rm -rf /var/lib/apt/lists/

And now when I try build repository from this simple test file
FROM ubuntu:xenial
RUN apt-get update
&& install iputils-ping

I received only cyrcle of similar message
ignXXX: https://archive.ubuntu.com/ubuntu YYYY ZZZZ
and finally
Reading package lists…
W: The repository ‘htt p://security.ubuntu.com/ubuntu xenial-security Release’ does not have a Release file.
W: The repository ‘htt p://archive.ubuntu.com/ubuntu xenial Release’ does not have a Release file.
W: The repository ‘htt p://archive.ubuntu.com/ubuntu xenial-updates Release’ does not have a Release file.
W: The repository ‘htt p://archive.ubuntu.com/ubuntu xenial-backports Release’ does not have a Release file.
E: Failed to fetch htt p://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages Connection failed [IP: 91.189.91.38 80]
E: Failed to fetch htt p://archive.ubuntu.com/ubuntu/dists/xenial/main/binary-amd64/Packages Connection failed [IP: 91.189.88.152 80]
E: Failed to fetch htt p://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/binary-amd64/Packages Connection failed [IP: 91.189.88.152 80]
E: Failed to fetch htt p://archive.ubuntu.com/ubuntu/dists/xenial-backports/main/binary-amd64/Packages Connection failed [IP: 91.189.88.152 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.

I don’t understand how to fix this issue, sorry.

If you see an error like Could not resolve …, it is likely a DNS configuration.

First thing to check is run cat /etc/resolv.conf in the docker container. If it has an invalid DNS server, such as nameserver 127.0.x.x, then the container will not be able to resolve the domain names into ip addresses, so ping google.com will fail.

Second thing to check is run cat /etc/resolv.conf on the host machine. Docker basically copies the host’s /etc/resolv.conf to the container everytime a container is started. So if the host’s /etc/resolv.conf is wrong, then so will the docker container.

If you have found that the host’s /etc/resolv.conf is wrong, then you have 2 options:

Hardcode the DNS server in daemon.json. This is easy, but not ideal if you expect the DNS server to change.

Fix the hosts’s /etc/resolv.conf. This is a little trickier, but it is generated dynamically, and you are not hardcoding the DNS server.

  1. Hardcode DNS server in docker daemon.json

Edit /etc/docker/daemon.json

{
“dns”: [“10.1.2.3”, “8.8.8.8”]
}
Restart the docker daemon for those changes to take effect:
sudo systemctl restart docker

Now when you run/start a container, docker will populate /etc/resolv.conf with the values from daemon.json.

  1. Fix the hosts’s /etc/resolv.conf

A. Ubuntu 16.04 and earlier

For Ubuntu 16.04 and earlier, /etc/resolv.conf was dynamically generated by NetworkManager.

Comment out the line dns=dnsmasq (with a #) in /etc/NetworkManager/NetworkManager.conf

Restart the NetworkManager to regenerate /etc/resolv.conf :
sudo systemctl restart network-manager

Verify on the host: cat /etc/resolv.conf

B. Ubuntu 18.04 and later

Ubuntu 18.04 changed to use systemd-resolved to generate /etc/resolv.conf. Now by default it uses a local DNS cache 127.0.0.53. That will not work inside a container, so Docker will default to Google’s 8.8.8.8 DNS server, which may break for people behind a firewall.

/etc/resolv.conf is actually a symlink (ls -l /etc/resolv.conf) which points to /run/systemd/resolve/stub-resolv.conf (127.0.0.53) by default in Ubuntu 18.04.

Just change the symlink to point to /run/systemd/resolve/resolv.conf, which lists the real DNS servers:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Verify on the host: cat /etc/resolv.conf

Now you should have a valid /etc/resolv.conf on the host for docker to copy into the containers.