OS : Ubuntu 24.04.1 LTS
Docker version 27.5.1, build 9f9e405
Docker Compose version v2.32.4
Hi Docker Community,
I’m facing an issue where Docker containers on my EC2 instance cannot access the internet, specifically failing to resolve DNS queries. Here’s a summary of the problem and what I’ve tried so far:
- Containers cannot resolve DNS queries (e.g.,
nslookup google.comfails with;; connection timed out; no servers could be reached). - The host (EC2 instance) has full internet access and can resolve DNS queries without issues.
- Docker logs show the following error:
sudo journalctl -u docker.service -n 10
[resolver] failed to query external DNS server: read udp 192.168.1.3:40771->8.8.8.8:53: i/o timeout
###Network Configuration
- Docker bridge network (
docker0) is up but showsstate DOWN. -
/etc/resolv.confpoints to127.0.0.53(systemd-resolved stub resolver).
-
- EC2 security group allows all outbound traffic and inbound traffic on necessary ports (22, 80, 443, etc.).
Steps Taken
- Overridden Docker’s DNS settings in
/etc/docker/daemon.json
{
"dns": ["8.8.8.8", "1.1.1.1"]
}
- Restarted Docker after making changes.
- Tested DNS resolution inside containers using
busyboxandalpineimages:
docker run --rm busybox nslookup google.com
Result: ;; connection timed out; no servers could be reached .
- Temporarily disabled
systemd-resolvedand manually set/etc/resolv.confto use8.8.8.8 - Verified that the host can ping
8.8.8.8and resolvegoogle.com.
Additional Note
When using --network host , containers can access the internet. For example:
docker run --rm --network host ubuntu:latest apt-get update
This works without issues, indicating that the problem is specific to Docker’s default bridge network.
Current Observations
- The Docker bridge network (
docker0) is up but showsstate DOWN. - Containers can’t reach external DNS servers, even though the host can.
- Firewall rules (iptables/security groups) seem correct, as outbound traffic is allowed.
I also tried to completely re-install docker, but it didn’t help Ubuntu | Docker Docs
One more note.
This issue appeared only on the new instance with the image of the original server. It worked on the prev instance
container inspect
[
{
"Id": "7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0",
"Created": "2025-01-30T09:20:01.292568915Z",
"Path": "docker-entrypoint.sh",
"Args": [
"apache2-foreground"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 265168,
"ExitCode": 0,
"Error": "",
"StartedAt": "2025-01-30T09:20:01.62189457Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:3808feae36685045e9190f6e0227bdf73bb965e83f2df099f37df331c2344652",
"ResolvConfPath": "/var/lib/docker/containers/7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0/hostname",
"HostsPath": "/var/lib/docker/containers/7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0/hosts",
"LogPath": "/var/lib/docker/containers/7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0/7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0-json.log",
"Name": "/wordpress",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/var/www/blog/wordpress:/var/www/html:rw",
"/var/www/blog/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "blog_default",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
0,
0
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": [],
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
"/sys/devices/virtual/powercap"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/974d9cf9c2478d16870241ca8ad73c9bc3e2bc3207e7e390df444ef26bd78433-init/diff:/var/lib/docker/overlay2/c7388714dffb416a1f68011f2e0be0061feac8527ef000e146e41c91765fac3c/diff:/var/lib/docker/overlay2/00239a7f0f4de4e5f7ea9603fb2f3bcb60607a005124d1e345bb94e01696a340/diff:/var/lib/docker/overlay2/654f477a272d1e17e099857050e731b7583c721cfa6d26fed4ebbb026b8ba95e/diff:/var/lib/docker/overlay2/3f2ea21869b9993961d5a21b6fa4cc513760692244bb7dcb4c1b3c3e9ae1bd11/diff:/var/lib/docker/overlay2/ca70e77c8a7f0bb9dd4ce1f6f2b24505611ed2b122e742f1b9ea1cfb06685324/diff:/var/lib/docker/overlay2/bcc412b1275003179059d1b4a54cc56386c1bcf455438aaa6963eed6a5c42f1e/diff:/var/lib/docker/overlay2/a7c699df9cebb173c5397fb77024684e69077673d02ed2695ca4deab8b0095d6/diff:/var/lib/docker/overlay2/2724fe6b185866428f347bfea9880fd4d620db43d40e6a013fb12f390f424f8c/diff:/var/lib/docker/overlay2/af43f5d4c8328ec483369584a0c8d20e87395ec3542b435853e4e6d000de89dd/diff:/var/lib/docker/overlay2/ce8e25cbc18ed8e3bb1f716902cdc06dbc114197fd1746b4f1166259b5eac8fb/diff:/var/lib/docker/overlay2/dcf608ac7b56a795c08e3ccee358d8c0e721e1822f67cf23d989be29cd4170f8/diff:/var/lib/docker/overlay2/f1c30e89817436bb693fde627d9339c4b5f15f5b531fb3a99242f4f3a0c4fa90/diff:/var/lib/docker/overlay2/b312fa139575080a48e8e38b5e7bdf2cb943d8bf3d270fab8ed3dd5b2e4b7f12/diff:/var/lib/docker/overlay2/12b1dcfe523a247bbb1a1fb9ac50909ac4a2e26120963e91c486d8bb5e81837c/diff:/var/lib/docker/overlay2/57f3755a999e063441749161e228c8f8207ba07cf47d474fb3c34ad16c336378/diff:/var/lib/docker/overlay2/054a3859518181cadfe77236f08c16f724c7228a390d27b8c9d78eaf3a29421c/diff:/var/lib/docker/overlay2/d2667ae12a453bbf8965ef71620d71dc3c8a57daba4b676db2be6a58e6e18ff7/diff:/var/lib/docker/overlay2/2c59f3b99a132950e5477f137656f208dec7de0c1d7247ec3dd1ca46141129be/diff:/var/lib/docker/overlay2/f223a44dd994f3b0290892497dccb55d4ddf560a459d5d3ac83e7f9cc83b7e51/diff:/var/lib/docker/overlay2/2525ff7094b55e8e3dd6f05fcabde091d2d6cc5d9e64910432e2d18db6cacbfa/diff:/var/lib/docker/overlay2/1b57a893f93c013c053554ec105bb4cd2574c9955e88c99690764e87bd7a8289/diff:/var/lib/docker/overlay2/97ffa1594afefca1d06f82f1ad1839a2f25497d82cef64f9f16dfa5db72c604a/diff",
"MergedDir": "/var/lib/docker/overlay2/974d9cf9c2478d16870241ca8ad73c9bc3e2bc3207e7e390df444ef26bd78433/merged",
"UpperDir": "/var/lib/docker/overlay2/974d9cf9c2478d16870241ca8ad73c9bc3e2bc3207e7e390df444ef26bd78433/diff",
"WorkDir": "/var/lib/docker/overlay2/974d9cf9c2478d16870241ca8ad73c9bc3e2bc3207e7e390df444ef26bd78433/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/var/www/blog/wordpress",
"Destination": "/var/www/html",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/www/blog/uploads.ini",
"Destination": "/usr/local/etc/php/conf.d/uploads.ini",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "7b1dc81b2de4",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"WORDPRESS_DB_HOST=db",
"WORDPRESS_DB_USER=sfo_user",
"WORDPRESS_DB_PASSWORD=1zaPSq71Mcy9",
"UPLOAD_LIMIT=128M",
"WORDPRESS_DB_NAME=sfo_db",
"WORDPRESS_TABLE_PREFIX=wp_",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c",
"PHP_INI_DIR=/usr/local/etc/php",
"APACHE_CONFDIR=/etc/apache2",
"APACHE_ENVVARS=/etc/apache2/envvars",
"PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_LDFLAGS=-Wl,-O1 -pie",
"GPG_KEYS=39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC",
"PHP_VERSION=8.2.27",
"PHP_URL=https://www.php.net/distributions/php-8.2.27.tar.xz",
"PHP_ASC_URL=https://www.php.net/distributions/php-8.2.27.tar.xz.asc",
"PHP_SHA256=3eec91294d8c09b3df80b39ec36d574ed9b05de4c8afcb25fa215d48f9ecbc6b"
],
"Cmd": [
"apache2-foreground"
],
"Image": "wordpress:latest",
"Volumes": {
"/var/www/html": {}
},
"WorkingDir": "/var/www/html",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "c4a9f680dc6569e03ca547b7cdffa7d105d97cc8020fa9c5f4c9538e794cb446",
"com.docker.compose.container-number": "1",
"com.docker.compose.depends_on": "db:service_started:false",
"com.docker.compose.image": "sha256:3808feae36685045e9190f6e0227bdf73bb965e83f2df099f37df331c2344652",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "blog",
"com.docker.compose.project.config_files": "/var/www/blog/docker-compose.yml",
"com.docker.compose.project.working_dir": "/var/www/blog",
"com.docker.compose.service": "wordpress",
"com.docker.compose.version": "2.32.4"
},
"StopSignal": "SIGWINCH"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "40b139519029413418cd503699de80aa1b8063fe4ee4f57f4f9112f7701ba429",
"SandboxKey": "/var/run/docker/netns/40b139519029",
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
},
{
"HostIp": "::",
"HostPort": "8080"
}
]
},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"blog_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"wordpress",
"wordpress"
],
"MacAddress": "02:42:ac:13:00:03",
"DriverOpts": null,
"NetworkID": "6f76250566bae0e58d9bf08545efcfc14070be2d6c49c99733b3fa4bf1a3f8f5",
"EndpointID": "ec9fb5aa1077ca32613089ed900a9070d2dcd89040eca0bf7e06e3c99d62ee0a",
"Gateway": "172.19.0.1",
"IPAddress": "172.19.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": [
"wordpress",
"7b1dc81b2de4"
]
}
}
}
}
]
and
docker network inspect blog_default
[
{
"Name": "blog_default",
"Id": "6f76250566bae0e58d9bf08545efcfc14070be2d6c49c99733b3fa4bf1a3f8f5",
"Created": "2025-01-29T13:49:07.773622003Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"7b1dc81b2de4f51b8399be34ef3ccdba374ae22c973f822fad45e4f4e988f8c0": {
"Name": "wordpress",
"EndpointID": "ec9fb5aa1077ca32613089ed900a9070d2dcd89040eca0bf7e06e3c99d62ee0a",
"MacAddress": "02:42:ac:13:00:03",
"IPv4Address": "172.19.0.3/16",
"IPv6Address": ""
},
"a119a0b89003973984e66850c789df999a284e173434fec7fc8ebc71ec1ff496": {
"Name": "db",
"EndpointID": "0f0b5f72a73fb94b227db3176bfc4d2eb224931f96267e18070b7863c70c858f",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.config-hash": "390eeb02a9464f3c587891f28664e31cee5e31a8f21d51ef50ab4c49a17caca6",
"com.docker.compose.network": "default",
"com.docker.compose.project": "blog",
"com.docker.compose.version": "2.32.4"
}
}
]