Docker container's DNS resolution fails

General
, , ,
1

Hello Docker community,

I am facing an issue where my Docker containers are unable to access the internet due to DNS resolution failures. I am running Docker on Ubuntu 22.04.5 LTS with Docker version 27.5.1-1. This is a newly setup server with fresh Ubuntu 22.04 LTS installation, nevertheless, the other servers with similar configs work perfectly fine. And i could not make it work.

Setup:

  • Host system: Ubuntu 22.04.5 LTS
  • Docker Version: 27.5.1-1
  • Storage Driver: Overlay2
  • Cgroup Driver: systemd
  • Kernel: 5.15.0-133-generic
  • CPU: 4 cores
  • Memory: 15.52GiB
  • Docker info:
Client:
 Version:    27.5.1-1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.21.1-1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 4
 Server Version: 27.5.1-1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 753481ec61c7c8955a23d6ff7bc8e4daed455734
 runc version: bc20cb4497af9af01bea4a8044f1678ffca2745c
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-133-generic
 Operating System: Ubuntu 22.04.5 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.52GiB
 Name: icon2-edge
 ID: 3a9f4df5-70a8-4cd0-8185-2fefb96493b6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Problem:

  • When trying to access the internet from inside the Docker container, I get DNS resolution failures.Example command:

docker run --rm busybox ping -c 4 google.com

Error:

ping: bad address google.com

also with changing daemon.json in host system i often get:

;; connection timed out; no servers could be reached

Attempts to resolve:

  1. DNS settings in Docker: I have tried setting DNS directly in Docker commands and container configuration, but the issue persists. Here’s what I attempted:
  • Adding DNS servers with --dns flag in the docker run command.
  • Modifying /etc/docker/daemon.json to use public DNS (e.g., 8.8.8.8, 1.1.1.1) in the host.
  1. Network configuration:
  • I tried creating custom networks with specific DNS configurations using docker network create.
  • Tried switching to host network mode in the container using --network host, but this did not resolve the issue.
  1. iptables: I checked that iptables is configured properly. I also switched between iptables and nftables backends, using the command:
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy

Nothing seems to work, despite my host system could ping google.com
etc. without any problem. Its the containers that is having the problem.

Any help would be appreciated, do let me know if i could provide any more information.

This problem is very much similar to an older post Docker Containers Unable to Access Internet (DNS Resolution Fails)
but that also got closed without a resolution.

3

Host network means there is no network isolation, so normally, ifthe network works on the host, it has to work in the container, since there is basically nothing that can break. Pinging an IP should work in this case, because that is just pinging an IP on a regular network on the host. There is no bridge, there is no custom routing table which can be tested with this command for example:

diff <(docker run --rm  --net host nicolaka/netshoot ip route) <(ip route)

The only thing that can be different and is related to the DNS is /etc/resolv.conf, but that is a copy of the resolv.conf on the host unless overwritten by setting the dns server for the container.

The only case when I can imagine host network not working is when Docker is actually running in a virtual machine or in another container. Docker Desktop would run Docker in a virtual machine, and the Docker daemon installed as a Snap package would run in a kind of container.

Your docker info indicates it is not snap and not even Docker Desktop, so I’m not sure what happened.

Have you managed to solve it since you asked the question?