Docker container cannot resolve website names, but can ping their ip

General Discussions
, ,
1

When I tried to

apt-get update

in a container based on ubuntu.

I got an error like this.

Temporary failure resolving ‘archive.ubuntu.com’.

When I tried to ping the ip of ‘archive.ubuntu.com’, it’s ok.

But when I tried to ping ‘archive.ubuntu.com’, it showed me

uknown host archive.ubuntu.com

So I tried several ways I can find on the internet, like this.

echo “91.189.92.201 archive.ubuntu.com” >> /etc/hosts

Then I can ping ‘archive.ubuntu.com

But other websites are still not linkable by name.

I tried to add a line to /etc/default/docker, like this

DOCKER_OPTS=“–dns 8.8.8.8 --dns 114.114.114.114 --dns 8.8.4.4”

Then i restart docker service, and attach to the container, to see this

cat /etc/resolv.conf

and the results

root@d9d5bbdb11de:/# cat /etc/resolv.conf

Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN

nameserver 8.8.8.8
nameserver 8.8.4.4

I don’t know if that works for it.

ps, i can ping 8.8.8.8, 114.114.114.114, 8.8.4.4.

For some reasons, I tried to figure it out where it is a firewall problem, so i used iptables out of the containers.

iptables-save.

And here are the results when I iptables-save out of containers.

wjy@wjy-VirtualBox:~$ sudo iptables-save [sudo] wjy 的密码:

Generated by iptables-save v1.6.0 on Sat Mar 4 16:06:53 2017

*nat :PREROUTING ACCEPT [28:1772] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [253:15867] :POSTROUTING ACCEPT [253:15867] :DOCKER - [0:0]

-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER

-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER

-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE

-A DOCKER -i docker0 -j RETURN COMMIT

Completed on Sat Mar 4 16:06:53 2017

Generated by iptables-save v1.6.0 on Sat Mar 4 16:06:53 2017

*filter :INPUT ACCEPT [1211:567114] :FORWARD DROP [0:0] :OUTPUT ACCEPT [1254:152567] :DOCKER - [0:0] :DOCKER-ISOLATION - [0:0]

-A FORWARD -j DOCKER-ISOLATION

-A FORWARD -o docker0 -j DOCKER

-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i docker0 ! -o docker0 -j ACCEPT

-A FORWARD -i docker0 -o docker0 -j ACCEPT

-A DOCKER-ISOLATION -j RETURN COMMIT

Completed on Sat Mar 4 16:06:53 2017

It may be a host, dns or iptable problem. But I don’t know what to do to make all my containers resolve the website names and link to the internet.
If you met the similar situation or know how to solve it, please do me a favour.
Thanks a lot.