I have a docker container, where DNS resolution seems to work for everything - except for any c programs I build myself and use the standard getaddrinfo() system call.
First here is the output of docker info:
Containers: 9
Running: 1
Paused: 0
Stopped: 8
Images: 28
Server Version: 1.10.3
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.13-v7+
Operating System: Raspbian GNU/Linux 8 (jessie)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 925.5 MiB
Name: node00
ID: RM73:J3WA:3OTC:XEZR:KSA4:774Q:PMV5:BIMQ:MLKW:FMVZ:ZBFA:4WWE
Debug mode (server): true
File Descriptors: 20
Goroutines: 38
System Time: 2016-10-03T14:41:55.486755361Z
EventsListeners: 0
Init SHA1: 0db326fc09273474242804e87e11e1d9930fb95b
Init Path: /usr/lib/docker/dockerinit
Docker Root Dir: /var/lib/docker
WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpuset support
I’ve carefully checked DNS settings. resolv.conf, as visible from inside container:
domain mydomain.com
search mydomain.com
nameserver 8.8.8.8
nameserver 8.8.4.4
ifconfig:
docker0 Link encap:Ethernet HWaddr 02:42:B6:C9:A7:2C
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr B8:27:EB:B8:6A:17
inet addr:192.168.1.64 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:feb8:6a17/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5546245 errors:0 dropped:0 overruns:0 frame:0
TX packets:5060698 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:609657145 (581.4 MiB) TX bytes:456487826 (435.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1860 errors:0 dropped:0 overruns:0 frame:0
TX packets:1860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:167192 (163.2 KiB) TX bytes:167192 (163.2 KiB)
The container is running alpine linux. I launch it with --net=host
If I try to resolve an address with nslookup that works:
/ # nslookup www.google.com
nslookup: can't resolve '(null)': Name does not resolve
Name: www.google.com
Address 1: 63.117.215.52 52.215.117.63.boston.google-ggc.verizon.com
Address 2: 63.117.215.54 54.215.117.63.boston.google-ggc.verizon.com
Address 3: 63.117.215.59 59.215.117.63.boston.google-ggc.verizon.com
Address 4: 63.117.215.58 58.215.117.63.boston.google-ggc.verizon.com
Address 5: 63.117.215.56 56.215.117.63.boston.google-ggc.verizon.com
Address 6: 63.117.215.55 55.215.117.63.boston.google-ggc.verizon.com
Address 7: 63.117.215.57 57.215.117.63.boston.google-ggc.verizon.com
Address 8: 63.117.215.53 53.215.117.63.boston.google-ggc.verizon.com
Address 9: 2607:f8b0:4006:80e::2004 lga25s40-in-x04.1e100.net
That first line looks suspect… but the dns resolution that follows looks good. If I try to fetch with curl that works:
curl -I -v www.google.com
* Rebuilt URL to: www.google.com/
* Trying 63.117.215.123...
* TCP_NODELAY set
* Connected to www.google.com (63.117.215.123) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.50.3
> Accept: */*
But, if I build a trivial program that tries to resolve dns:
#include "netdb.h"
#include "stdio.h"
int main( int argc, const char* argv[] )
{
const struct addrinfo* hints = 0;
struct addrinfo* aihead = 0;
int error = getaddrinfo( "www.google.com", "80", hints, &aihead);
if ( error )
{
printf( "Got error: %s\n", gai_strerror( error ) );
return error;
} else {
printf( "got dns ok." );
}
}
It does not work:
/ # dnscheck
Got error: Name or service not known
I’ve tried this without the alpine linux. That is, where I make a container “from scratch”, and load my trivial program, plus its dependent libraries and run that, and I also get the error.
Could it have something to do with the libraries I’m copying into the container? That is the programs that I’m running in the container to test I’m getting via “apk add”, and those are linked against the libc and other libraries that come with alpine.
For my program I’m using the libc and other libraries that come with the host system which is raspbian.
Update: I believe it may have something to do with the standard Linux libc vs. Alpine linux using musl libc. The alpine programs all use the musl version. The ones I’m running use gcc’s libc, which requires dynamic links to libnss.
I have included all the libnss files in the container, along with the nss configuration files and it still doesn’t work.