Docker breaks dns on host, debian 10

ssspeq · July 11, 2019, 12:22pm

Hello!

I installed docker by following the instructions here:

I am on armbian buster (10). The problem is that docker0 breaks dns of the host and I can not figure out why. Dns does not work for containers either.

nmcli dev show | grep 'IP4.DNS'
IP4.DNS[1]:                             192.168.1.1

sudo route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0

sudo ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:7b:98:37:66  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.160  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::2974:98e8:289b:f3fb  prefixlen 64  scopeid 0x20<link>
        ether 82:38:2f:c9:e0:80  txqueuelen 1000  (Ethernet)
        RX packets 1599  bytes 254405 (248.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1289  bytes 489915 (478.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 24  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 3150  bytes 1106993 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3150  bytes 1106993 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If I remove docker0 things work again.

sudo systemd-resolve status
status: resolve call failed: All attempts to contact name servers or networks failed

I dont understand what the problem is. I would really appreciate if someone could explain what is going wrong here.

By adding:

search lan
nameserver 192.168.1.1

to /etc/resolv.conf it works, but this does not survive a reboot.

Contents of /etc/resolv.conf:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

# No DNS servers known.

sudo systemd-resolve status
status: resolve call failed: All attempts to contact name servers or networks failed

Contens of /etc/resolv.conf without docker:

# Generated by NetworkManager
search lan
nameserver 192.168.1.1

journalctl -u systemd-resolved -f
-- Logs begin at Thu 2019-07-11 15:18:34 CEST. --
Jul 11 15:18:36 rockpro64 systemd[1]: Starting Network Name Resolution...
Jul 11 15:18:36 rockpro64 systemd-resolved[537]: Positive Trust Anchors:
Jul 11 15:18:36 rockpro64 systemd-resolved[537]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Jul 11 15:18:36 rockpro64 systemd-resolved[537]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jul 11 15:18:36 rockpro64 systemd-resolved[537]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Jul 11 15:18:36 rockpro64 systemd-resolved[537]: Using system hostname 'rockpro64'.
Jul 11 15:18:36 rockpro64 sh[638]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /etc/resolvconf/run/resolv.conf
Jul 11 15:18:36 rockpro64 systemd[1]: Started Network Name Resolution.

linaia · October 11, 2019, 8:03am

Hi @ssspeq, how did you managed to solve the problem ?

xs9627 · October 26, 2019, 2:32am

Hi, got the same problem. Dose anyone get it work?

ssspeq · October 26, 2019, 11:16am

I did get it to work. If I recall correctly, the problem was this:

xs9627 · October 27, 2019, 12:43am

After try this, DNS on host still not work. I think the post is to fix internet connection on container, but not the host, right?

francyesco · April 8, 2021, 1:19am

in my case solved with apt install resolvconf and a reboot

xikky · September 8, 2021, 5:46am

Hi I have the same issue and I don’t know how to fix it. I am running a DNS in LXD container but when I install docker DNS stops working. I’m guessing it’s something with the iptable rules Docker configures automatically, but I don’t understand this. Can someone help please?

Unfortunately the link provided above does not work anymore.