Docker Community Forums

Share and learn in the Docker community.

DNS mechanism with Windows containers

Running Docker Desktop 3.1.0 with WSL2 enabled on Win10Enterprise 19042.804. Using the Windows container mode and microsoft/aspnet image with all default settings (no custom network stuff). No firewall should be present.

Container gets IP 172.24.8.42 and gateway 172.24.0.1, which is correctly routed to host (tested by opening a http server on the host ip, it can be curled from the container).

DNS does not work in the container. Running nslookup for both google.com and host.docker.internal fails with “Server failed”. DNS is pointing to the host IP as expected. On the host side, dockerd.exe is binding udp port 53 (DNS) to the 172.24.0.1 IP. Trying nslookup on the host side and enforcing the 172. ip results in the same “Server failed”. The same issue happens for my colleague with the same kind of setup.

DNS works flawlessly on my Linux containers, so I tried to compare this to how things work with Linux containers but they run a very different story via com.docker.proxy.exe and I can even see those requests in loopback with wireshark.

Am I correct that dockerd.exe in port 53 should handle the Windows container DNS, and it just does not work now? Any hints how should I troubleshoot this further?

EDIT: I checked Docker DNS not responding from inside a container but this seems not to be a firewall (policy) issue. Error message in nslookup is different and I am seeing ALLOW UDP communications in the firewall logs if I turn it back on.

Noticed that running my container with --net “Default Switch” makes the DNS work

PS C:\Program Files\Docker\Docker\resources> docker network ls
NETWORK ID     NAME             DRIVER    SCOPE
6606a76b1b61   Default Switch   ics       local
e21d0303da37   WSL              ics       local
8ba54a998786   nat              nat       local
7e18327b55fc   none             null      local

Problem seems to be in the nat mode only.

Also I found out that docker is attempting to write a “host.docker.internal” entry to the container hosts file, which fails on our machines due to some user/password issue (possibly due to policies / renamed Administrator user). When I do this step manually to a running container, they of course resolve host.docker.internal successfully.

Considering the dockerd.exe port 53 was an unrelated sidetrack and local DNS should work using the hosts file, I am still confused about how the DNS to outer world should work in the nat mode?