Docker Community Forums

Share and learn in the Docker community.

Custom /etc/resolv.conf in Docker for Mac, or using --dns-domain


(Arthur Maltson) #1

Expected behavior

Expect when setting the dns and dns-search configurations, I should be able to pull from local registry without the FQDN.

Actual behavior

When I do pull without the FQDN, I get:

$ docker pull <insecure registry>:5000/<org>/centos6.6-kitchen
Using default tag: latest
Pulling repository <insecure registry>:5000/<org>/centos6.6-kitchen
Error while pulling image: Get http://<insecure registry>:5000/v1/repositories/<org>/centos6.6-kitchen/images: dial tcp: lookup <insecure registry> on 192.168.64.1:53: server misbehaving

Information

  • the output of:
    • pinata diagnose -u on OSX
    • DockerDebugInfo.ps1 using Powershell on Windows
  • a reproducible case if this is a bug, Dockerfiles FTW
  • page URL if this is a docs issue or the name of a man page
  • host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc )
$ pinata diagnose -u
OS X: version 10.10.5 (build: 14F1713)
Docker.app: version v1.11.0-beta8.2
Running diagnostic tests:
[OK]      docker-cli
[OK]      Moby booted
[OK]      driver.amd64-linux
[OK]      vmnetd
[OK]      osxfs
[OK]      db
[OK]      slirp
[OK]      menubar
[OK]      environment
[OK]      Docker
[OK]      VT-x
Docker logs are being collected into /tmp/20160425-121901.tar.gz
Most specific failure is: No error was detected
Your unique id is: A2A0B9D1-8E9A-420D-8E70-F5386CBD3FF0
Please quote this in all correspondence.

I do set the configuration with:

$ pinata get daemon
{"storage-driver":"aufs","debug":true,"insecure-registries":["<insecure non-FQDN registry>:5000"],"dns":["<ip address>"],"dns-search":["<search domain>"]}

It looks like the /etc/resolv.conf is not configured correctly inside the VM itself:

docker login: root
Welcome to the Moby alpha, based on Alpine Linux.
docker:~# cat /etc/resolv.conf
nameserver 192.168.64.1

Steps to reproduce the behavior

  1. Set configuration above.
  2. Docker pull and get error for DNS

(Justin Cormack) #2

The --dns setting affects the dns for containers, but pull is done by the daemon itself, and changing the dns setting does not affect what the host sees, so this is expected behaviour. Docker will never interfere with the host /etc/resolv.conf settings, this would be a problem. We could potentially add search paths into the VM based on what the host machine has set up.

Have created internal issue 2775 for design discussion.


(Arthur Maltson) #3

Hello @justincormack,

That’s what I figured, that it’s a host level change. When I used docker-machine, the booted VM would pick up the correct search domain from the host machine.

$ docker-machine ssh dev
...
Boot2Docker version 1.11.0, build HEAD : 32ee7e9 - Wed Apr 13 20:06:49 UTC 2016
Docker version 1.11.0, build 4dc5990
docker@dev:~$ cat /etc/resolv.conf
search <company search domain>
nameserver 10.0.2.3

Is there way to manually change the /etc/resolv.conf on the xhyve machine? I’ve tried the screen approach but the configuration change doesn’t stick around between Docker App restarts.


(Guillaume Carre) #4

Hello,

I think we have the same issue here at Ticketfly:

  • our Docker registry is behind our VPN, with an internal FQDN
  • my Mac can resolve the FQDN thanks to our internal DNS server
  • docker-compose can’t resolve the FQDN, see below

~ docker-compose up pulling mysql (dev-artifactory.tfly-internal.com:5000/mysql:latest)... ERROR: Get https://dev-artifactory.tfly-internal.com:5000/v1/_ping: dial tcp: lookup dev-artifactory.tfly-internal.com on 192.168.65.1:53: no such host


(Alejandro Villanueva) #5

Same Error here

ERROR: Service ‘wadev’ failed to build: Error while pulling image: Get https://index.docker.io/v1/repositories/library/ubuntu/images: dial tcp: lookup index.docker.io on 192.168.65.1:53: no such host


(Ppiccolo) #6

Same here

{“errorDetail”:{“message”:“Error while pulling image: Get http://registry.mydomain.lan:5000/v1/repositories/ubuntu/images: dial tcp: lookup registry.mydomain.lan on 192.168.65.1:53: no such host”},“error”:“Error while pulling image: Get http://registry.mydomain.lan:5000/v1/repositories/ubuntu/images: dial tcp: lookup registry.mydomain.lan on 192.168.65.1:53: no such host”}\r

any workaround ?

Best Regards

Paolo


(Bbonev) #7

This issue is quiet annoying. Not reflecting correct DNS configuration from host to xhyve is preventing workflow in any kind of environment with often switches between networks. May I suggest service restarts to mirror resolv.conf on the vm?


(Huayi Zhang) #8

Same here.
Workaround mentioned here works for me.


(Iamahern) #9

As an alternative solution - if you use the legacy Docker Tools OR a boot2docker VirtualBox Docker machine configuration, VirtualBox offers a solution to this problem.

Just power down the VM then run:
VBoxManage modifyvm "<VM-name>" --natdnshostresolver1 on

DNS resolution worked perfectly for me with CiscoVPN, VirtualBox+NAT networking.


(Arthur Maltson) #10

Thanks so much, that workaround did work for me too. Can finally drop the VirtualBox VM :smiley:

The only annoying part, as the workaround mentions, one has to do this each time the machine restarts :cry:

Edit: looks like it’s not a workable solution… Docker for Mac keeps resetting the host resolution back to the original even without a restart. Back to VirtualBox I go :disappointed:.