Docker DNS issues with getaddrinfo()

General
, ,
1

I have a docker container, where DNS resolution seems to work for everything - except for any c programs I build myself and use the standard getaddrinfo() system call.

First here is the output of docker info:

Containers: 9
 Running: 1
 Paused: 0
 Stopped: 8
Images: 28
Server Version: 1.10.3
Storage Driver: overlay
 Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
 Volume: local
 Network: bridge null host
Kernel Version: 4.4.13-v7+
Operating System: Raspbian GNU/Linux 8 (jessie)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 925.5 MiB
Name: node00
ID: RM73:J3WA:3OTC:XEZR:KSA4:774Q:PMV5:BIMQ:MLKW:FMVZ:ZBFA:4WWE
Debug mode (server): true
 File Descriptors: 20
 Goroutines: 38
 System Time: 2016-10-03T14:41:55.486755361Z
 EventsListeners: 0
 Init SHA1: 0db326fc09273474242804e87e11e1d9930fb95b
 Init Path: /usr/lib/docker/dockerinit
 Docker Root Dir: /var/lib/docker
WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpuset support

I’ve carefully checked DNS settings. resolv.conf, as visible from inside container:

domain mydomain.com
search mydomain.com
nameserver 8.8.8.8
nameserver 8.8.4.4

ifconfig:

docker0   Link encap:Ethernet  HWaddr 02:42:B6:C9:A7:2C
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr B8:27:EB:B8:6A:17
          inet addr:192.168.1.64  Bcast:192.168.255.255  Mask:255.255.0.0
          inet6 addr: fe80::ba27:ebff:feb8:6a17/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5546245 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5060698 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:609657145 (581.4 MiB)  TX bytes:456487826 (435.3 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1860 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1860 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:167192 (163.2 KiB)  TX bytes:167192 (163.2 KiB)

The container is running alpine linux. I launch it with --net=host

If I try to resolve an address with nslookup that works:

/ # nslookup www.google.com
nslookup: can't resolve '(null)': Name does not resolve

Name:      www.google.com
Address 1: 63.117.215.52 52.215.117.63.boston.google-ggc.verizon.com
Address 2: 63.117.215.54 54.215.117.63.boston.google-ggc.verizon.com
Address 3: 63.117.215.59 59.215.117.63.boston.google-ggc.verizon.com
Address 4: 63.117.215.58 58.215.117.63.boston.google-ggc.verizon.com
Address 5: 63.117.215.56 56.215.117.63.boston.google-ggc.verizon.com
Address 6: 63.117.215.55 55.215.117.63.boston.google-ggc.verizon.com
Address 7: 63.117.215.57 57.215.117.63.boston.google-ggc.verizon.com
Address 8: 63.117.215.53 53.215.117.63.boston.google-ggc.verizon.com
Address 9: 2607:f8b0:4006:80e::2004 lga25s40-in-x04.1e100.net

That first line looks suspect… but the dns resolution that follows looks good. If I try to fetch with curl that works:

curl -I -v www.google.com
* Rebuilt URL to: www.google.com/
*   Trying 63.117.215.123...
* TCP_NODELAY set
* Connected to www.google.com (63.117.215.123) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.50.3
> Accept: */*

But, if I build a trivial program that tries to resolve dns:

#include "netdb.h"
#include "stdio.h"

int main( int argc, const char* argv[] )
{
   const struct addrinfo* hints = 0;
   struct addrinfo* aihead = 0;

   int error = getaddrinfo( "www.google.com", "80", hints, &aihead);
   if ( error )
   {
      printf( "Got error: %s\n", gai_strerror( error ) );
      return error;
   } else {
      printf( "got dns ok." );
   }
}

It does not work:

/ # dnscheck
Got error: Name or service not known

I’ve tried this without the alpine linux. That is, where I make a container “from scratch”, and load my trivial program, plus its dependent libraries and run that, and I also get the error.

Could it have something to do with the libraries I’m copying into the container? That is the programs that I’m running in the container to test I’m getting via “apk add”, and those are linked against the libc and other libraries that come with alpine.

For my program I’m using the libc and other libraries that come with the host system which is raspbian.

Update: I believe it may have something to do with the standard Linux libc vs. Alpine linux using musl libc. The alpine programs all use the musl version. The ones I’m running use gcc’s libc, which requires dynamic links to libnss.

I have included all the libnss files in the container, along with the nss configuration files and it still doesn’t work.

2

I am also facing the same issue. Does anyone has solution for it?