Docker build not use embedded dns server

General
1

this is my docker file

dockerfile_dnstest

FROM splooge/dnsutils
RUN dig somehost && sleep 15

and build command

docker buildx build  --add-host somehost:192.168.168.192 --progress plain  -f dockerfile_dnstest  .

the build result

#0 building with "multi-pf" instance using docker-container driver

#1 [internal] load build definition from dockerfile_dnstest
#1 transferring dockerfile: 95B done
#1 DONE 0.0s

#2 [internal] load metadata for docker.io/splooge/dnsutils:latest
#2 ...

#3 [auth] splooge/dnsutils:pull token for registry-1.docker.io
#3 DONE 0.0s

#2 [internal] load metadata for docker.io/splooge/dnsutils:latest
#2 DONE 6.1s

#4 [internal] load .dockerignore
#4 transferring context: 2B done
#4 DONE 0.0s

#5 [1/2] FROM docker.io/splooge/dnsutils:latest@sha256:5e12fff782b4543f93cef6a9db2d0a9ef8e5fba83ce441dfea6ac16ba4d69c4e
#5 resolve docker.io/splooge/dnsutils:latest@sha256:5e12fff782b4543f93cef6a9db2d0a9ef8e5fba83ce441dfea6ac16ba4d69c4e done
#5 CACHED

#6 [2/2] RUN dig somehost && sleep 15
#6 0.080
#6 0.080 ; <<>> DiG 9.18.24 <<>> somehost
#6 0.080 ;; global options: +cmd
#6 0.091 ;; Got answer:
#6 0.091 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13686
#6 0.091 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
#6 0.091
#6 0.091 ;; OPT PSEUDOSECTION:
#6 0.091 ; EDNS: version: 0, flags:; udp: 1232
#6 0.091 ;; QUESTION SECTION:
#6 0.091 ;somehost.                     IN      A
#6 0.091
#6 0.091 ;; Query time: 4 msec
#6 0.091 ;; SERVER: 192.168.100.1#53(192.168.100.1) (UDP)
#6 0.091 ;; WHEN: Mon May 13 13:04:40 UTC 2024
#6 0.091 ;; MSG SIZE  rcvd: 37
#6 0.091

in SERVER: 192.168.100.1
there is my hosts DNS server
not docker embedded dns server
I think is this cause --add-host notworking

how do I fix ?

2

--add-host adds a line to the /etc/hosts file. It is not a DNS record, so dig will not see it. If it worked without containers, it could be because you have a systemd stub resolver at /etc/systemd/resolve/stub-resolv.conf symlinked to /etc/resolv.conf which will refer to another service which won’t be in the container. On the host that can read your hosts file as well and forward requests to an actual DNS server when the host is not defined in the hosts file.

3

here is my host /etc/resolv.conf

nameserver 127.0.0.53

use dig command
dig will ask systemd-resolved
and it’s can read hosts entries and return
image

in container
dig direct ask external dns server (include other application) container ignore /etc/hosts

I change docker file

FROM splooge/dnsutils
RUN cat /etc/hosts
RUN cat /etc/nsswitch.conf
RUN dig somehost
RUN cat /etc/resolv.conf

output

#0 building with "multi-pf" instance using docker-container driver

#1 [internal] load build definition from dockerfile_dnstest
#1 transferring dockerfile: 169B done
#1 DONE 0.0s

#2 [internal] load metadata for docker.io/splooge/dnsutils:latest
#2 DONE 0.9s

#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [1/6] FROM docker.io/splooge/dnsutils:latest@sha256:5e12fff782b4543f93cef6a9db2d0a9ef8e5fba83ce441dfea6ac16ba4d69c4e
#4 resolve docker.io/splooge/dnsutils:latest@sha256:5e12fff782b4543f93cef6a9db2d0a9ef8e5fba83ce441dfea6ac16ba4d69c4e done
#4 CACHED

#5 [2/6] RUN cat /etc/hosts
#5 0.032 127.0.0.1      localhost buildkitsandbox
#5 0.032 ::1    localhost ip6-localhost ip6-loopback
#5 0.032 192.168.168.192        somehost
#5 DONE 0.0s

#6 [3/6] RUN cat /etc/nsswitch.conf
#6 0.029 # musl itself does not support NSS, however some third-party DNS
#6 0.029 # implementations use the nsswitch.conf file to determine what
#6 0.029 # policy to follow.
#6 0.029 # Editing this file is not recommended.
#6 0.029 hosts: files dns
#6 DONE 0.1s

#7 [4/6] RUN dig somehost
#7 0.036
#7 0.036 ; <<>> DiG 9.18.24 <<>> somehost
#7 0.036 ;; global options: +cmd
#7 0.048 ;; Got answer:
#7 0.048 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51463
#7 0.048 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
#7 0.048
#7 0.048 ;; OPT PSEUDOSECTION:
#7 0.048 ; EDNS: version: 0, flags:; udp: 65494
#7 0.048 ;; QUESTION SECTION:
#7 0.048 ;somehost.                     IN      A
#7 0.048
#7 0.048 ;; Query time: 0 msec
#7 0.048 ;; SERVER: 10.0.2.3#53(10.0.2.3) (UDP)
#7 0.048 ;; WHEN: Mon May 13 23:48:57 UTC 2024
#7 0.048 ;; MSG SIZE  rcvd: 37
#7 0.048
#7 DONE 0.1s

#8 [5/6] RUN cat /etc/resolv.conf
#8 0.028 # Generated by Docker Engine.
#8 0.028 # This file can be edited; Docker Engine will not make further changes once it
#8 0.028 # has been modified.
#8 0.028
#8 0.028 nameserver 10.0.2.3
#8 0.028 search lan
#8 0.028
#8 0.028 # Based on host file: '/run/systemd/resolve/resolv.conf' (legacy)
#8 0.028 # Overrides: []
#8 DONE 0.0s

in my other docker host
container will try to ask docker embedded dns server , it’s can read /etc/hosts
does there have any way to change config ?