DNS Failing to Resolve Inside Docker Container

EDIT: Host systems that I have tested:
[Pop_OS 22.04]
Kernel: 6.6.6-76060606-generic
Docker: 24.0.5, build 24.0.5-0ubuntu1~22.04.1
[Kubuntu 23.10]
Kernel: 6.5.0-14-generic
Docker: 24.0.5, build 24.0.5-0ubuntu1

EDIT 2: The behavior persists with python:3.11-slim (Debian) and ubuntu:22.04

docker run -v $(pwd):/x -e API_KEY="$API_KEY" -it python:3.11-slim sh -c "pip install todoist_api_python && python /x/t.py"

docker run -v $(pwd):/x -e API_KEY="$API_KEY" -it ubuntu:22.04 sh -c "apt-get update && apt-get install -y python3-pip && pip install todoist_api_python && python3 /x/t.py"

Hi, I’m dealing with a really strange behavior. First of all, I have this Python code:

import os
from todoist_api_python.api import TodoistAPI
API = TodoistAPI(os.environ['API_KEY'])
print(API.get_tasks())

It runs without problems on the host machine or inside a container with the --net=host flag. If the container’s network is in bridge mode (the default one), it fails to resolve the DNS, returning this:

Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 203, in _new_conn
sock = connection.create_connection(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/urllib3/util/connection.py", line 60, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/socket.py", line 962, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno -3] Try again
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 790, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 491, in _make_request
raise new_e
File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1096, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 611, in connect
self.sock = sock = self._new_conn()
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 210, in _new_conn
raise NameResolutionError(self.host, self, e) from e
urllib3.exceptions.NameResolutionError: <urllib3.connection.HTTPSConnection object at 0x7f5a55bd02d0>: Failed to resolve 'api.todoist.com' ([Errno -3] Try again)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 844, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.todoist.com', port=443): Max retries exceeded with url: /rest/v2/tasks (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f5a55bd02d0>: Failed to resolve 'api.todoist.com' ([Errno -3] Try again)"))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/x/t.py", line 6, in <module>
print(API.get_tasks())
^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/todoist_api_python/api.py", line 52, in get_tasks
tasks = get(self._session, endpoint, self._token, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/todoist_api_python/http_requests.py", line 17, in get
response = session.get(url, params=params, headers=create_headers(token=token))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/requests/sessions.py", line 602, in get
return self.request("GET", url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/requests/adapters.py", line 519, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='api.todoist.com', port=443): Max retries exceeded with url: /rest/v2/tasks (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f5a55bd02d0>: Failed to resolve 'api.todoist.com' ([Errno -3] Try again)"))

P.S.: I have already tested passing the --dns flag (8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1 etc), but it still does not work.

P.S. 2: And yes, I’m inclined to think it’s a DNS problem inside Docker because the nslookup also can’t resolve it.

$ docker run -it python:3.11-alpine nslookup api.todoist.com
Server: 1.1.1.1
Address: 1.1.1.1:53
Non-authoritative answer:
api.todoist.com canonical name = todoist.com
Name: todoist.com
Address: 2600:9000:2619:3800:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:6800:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:6a00:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:6000:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:9600:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:5c00:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:400:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:1800:1d:b016:1bc0:93a1
*** Can't find api.todoist.com: No answer

But if I pass the --net=host flag, it starts working.

$ docker run --net=host -it python:3.11-alpine nslookup api.todoist.com
Server: 127.0.0.53
Address: 127.0.0.53:53
Non-authoritative answer:
api.todoist.com canonical name = todoist.com
Name: todoist.com
Address: 2600:9000:2619:3c00:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:ac00:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:d800:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:a00:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:a400:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:b200:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:1800:1d:b016:1bc0:93a1
Name: todoist.com
Address: 2600:9000:2619:ea00:1d:b016:1bc0:93a1
Non-authoritative answer:
api.todoist.com canonical name = todoist.com
Name: todoist.com
Address: 3.163.10.76
Name: todoist.com
Address: 3.163.10.122
Name: todoist.com
Address: 3.163.10.81
Name: todoist.com
Address: 3.163.10.123