Docker on Raspbian unable to pull

General
, , ,
1

System

I have a Raspberry Pi 3 Model B Plus Rev 1.3, running Debian GNU/Linux 12 (bookworm). uname -a prints:

Linux raspberrypi 6.12.25+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.25-1+rpt1 (2025-04-30) aarch64 GNU/Linux

It is running Docker version 28.5.1, build e180ab8.

Problem

Currently, on my Pi, I am unable to pull…pretty much anything. docker pull hello-world gives this error:

Error response from daemon: Get “[https] registry-1 [dot] docker [dot] io/v2/library/hello-world/manifests/sha256:6dc565aa630927052111f823c303948cf83670a3903ffa3849f1488ab517f891”: dial tcp [2600:1f18:2148:bc00:3649:ffc9:b91:577a]:443: connect: network is unreachable

And attempting to pull an image I built from ghcr.io gives:

Error response from daemon: Get “[https] ghcr [dot] io/v2/”: dial tcp: lookup ghcr.io on 10.0.2.3:53: no such host

Both of these work totally fine if I pull the same images from Docker in Powershell on my Windows desktop.

Attempted fixes

It’s not a general connectivity problem: ping ghcr.io works fine, and curl -I [https] registry-1 [dot] docker [dot] io/v2/ gives a 401.

I created /etc/docker/daemon.json and included "ipv6": "false". This did not help.
I also added the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Which also didn’t work.

I’ve also tried adding 9.9.9.9 and 149.112.112.112 (quad9 and quad9’s alternate IP) to daemon.json, as well as as nameservers (after my router) in /etc/resolv.conf.

I don’t know why in the first case, Docker is trying to use an IPv6 address when my network does not support IPv6 and I have done everything I can find to tell it not to. I also don’t know why it’s attempting to use 10.0.2.3 in the second case, I don’t know what machine that is supposed to refer to.

2

Docker and AWS had a major service outage today, maybe it’s related to that: https://www.dockerstatus.com/

3

If the cause was the mentioned service outage, it should work now. Does it?

4

Unfortunately not. I was having the problem weeks ago, and just started trying to troubleshoot it some more today and was having the problem a few hours before the outage. Decided to come to the forums to post when the outage happened and further troubleshooting was made impossible :sweat_smile:

5

Can you please share the following details?

  1. How did you install Docker? Sharing the platform almost answers it, but only almost. Direct links to the followed guide can be useful.

  2. On debian based Linux, the following commands can give us some idea and recognize incorrectly installed Docker:

    docker info
docker version

    Review the output before sharing and remove confidential data if any appears (public IP for example)

    dpkg -l 'docker*' | grep '^ii'
snap list docker

    When you share the outputs, always format your posts according to the following guide: How to format your forum posts

If it is not a machine in your network, it is like Docker is running in an isolated network already, but I still can’t tell you see that IP as I don’t remember that either. The information I asked for above should help us to recognize something that brings us closer to the solution.

1 Like
6

I’m sorry I can’t remember which installation guide I followed or how I installed it. But I ran history | grep docker just now and this was (the start of) the output:

docker history 
   25  for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
   27  sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
   30  sudo curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
   31  sudo chmod a+r /etc/apt/keyrings/docker.asc
   32  echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/raspbian \
   33    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
   35  sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
   36  vim /etc/apt/keyrings/docker.asc
   37  less /etc/apt/keyrings/docker.asc
   38  less /etc/apt/sources.list.d/docker.list
   39  cat /etc/apt/sources.list.d/docker.list
   42  sudo apt install docker-ce
   43  sudo apt install docker.io
   44  docker run hello-world
   45  sudo docker run hello-world
   47  sudo apt uninstall docker.io
   48  sudo apt autoremove docker.io
   49  curl -fsSL https://get.docker.com -o get-docker.sh
   51  sudo sh ./get-docker.sh --dry-run
   52  sudo sh ./get-docker.sh
   54  dockerd-rootless-setuptool.sh install
   58  dockerd-rootless-setuptool.sh install
   59  sudo groupadd docker
   60  sudo usermod -aG docker $USER
   61  docker run hello-world

But I couldn’t tell you the output of those commands to know which worked/didn’t etc.

docker info ouput 
Client: Docker Engine - Community
 Version:    28.5.1
 Context:    rootless
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.40.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 28.2.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
 runc version: v1.3.0-0-g4ca628d1
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  rootless
  cgroupns
 Kernel Version: 6.12.25+rpt-rpi-v8
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 906.7MiB
 Name: raspberrypi
 ID: e66abbfc-f547-4c2d-96c1-46372604ec8a
 Docker Root Dir: /home/jim/.local/share/docker
 Debug Mode: false
 Username: jimcullen
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) support
docker version output 
Client: Docker Engine - Community
 Version:           28.5.1
 API version:       1.50 (downgraded from 1.51)
 Go version:        go1.24.8
 Git commit:        e180ab8
 Built:             Wed Oct  8 12:18:25 2025
 OS/Arch:           linux/arm64
 Context:           rootless

Server: Docker Engine - Community
 Engine:
  Version:          28.2.2
  API version:      1.50 (minimum version 1.24)
  Go version:       go1.24.3
  Git commit:       45873be
  Built:            Fri May 30 12:07:27 2025
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runc:
  Version:          1.3.0
  GitCommit:        v1.3.0-0-g4ca628d1
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.3.4
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /run/user/1000/dockerd-rootless
 slirp4netns:
  Version:          1.2.0
  GitCommit:        656041d45cfca7a4176f6b7eed9e4fe6c11e8383
dpkg -l output 
ii  docker-buildx-plugin      0.29.1-1~debian.12~bookworm   arm64        Docker Buildx plugin extends build capabilities with BuildKit.
ii  docker-ce                 5:28.5.1-1~debian.12~bookworm arm64        Docker: the open-source application container engine
ii  docker-ce-cli             5:28.5.1-1~debian.12~bookworm arm64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras 5:28.5.1-1~debian.12~bookworm arm64        Rootless support for Docker.
ii  docker-compose-plugin     2.40.1-1~debian.12~bookworm   arm64        Docker Compose (V2) plugin for the Docker CLI.

Snap is not installed.

Yeah my local network is a 192.168.x.0/24, so I think the 10.0.0.0/8 is internal to Docker.

Thank you for the help!!

7

That shows you are using rootless Docker.

It i is a special mode in which you run the docker daemon as a non-root user, but it comes with limitations. The IP address that you saw as nameserver must be the IP in the network namespace of the isolated rootless Docker daemon. If you didn’t switch to this mode intentionally, you can switch back

docker context use default

Let’s see if that solves your current problem.

8

Oh that’s interesting! I thought rootless was just so I don’t have to do sudo docker

I ran that and then did sudo systemctl restart docker. It doesn’t solve the problem, but does change it slightly:

$ docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp [2600:1f18:2148:bc00:fbbf:c3a5:9ece:2618]:443: connect: cannot assign requested address
$ docker pull ghcr.io/[my-repo]
Error response from daemon: Head "https://ghcr.io/v2/[my-repo]/manifests/[my-tag]": Get "https://ghcr.io/token?scope=repository%3A[my-repo]%3Apull&service=ghcr.io": dial tcp: lookup ghcr.io on [my-router-ip]:53: no such host
9

I could not reproduce issues with IPv6. Docker pull worked even when I disabled IPv6, but I have an Ubuntu. VM.
I don’t use Debian often, but I remember more networking issues on that. And I never used Rasberry PI.

I would check if any firewall is enabled like “ufw”

sudo ufw status
10

ufw is not installed, and from what I can tell, nothing else should be acting as a firewall.

11

Docker relies on your dns server to resolve the ip address. I guess the easiest way would be to deactivate aaaa record responses in your dns server.

Please share the output of ip address show (without the veth interfaces).

12 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:[...] brd ff:ff:ff:ff:ff:ff
    inet 192.168.[...]/24 brd 192.168.[...].255 scope global dynamic noprefixroute eth0
       valid_lft 74921sec preferred_lft 74921sec
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:[...] brd ff:ff:ff:ff:ff:ff

That’s the full output (minus the [...] redactions). There were no veth interfaces.

13

I would check the daemon logs when the daemon starts.

journalctl -e -u docker

Or when you see the error message, you can also try not filtering to docker errors

journalctl -e
14 
Oct 31 10:49:47 raspberrypi dockerd[72199]: time="2025-10-31T10:49:47.467021054+10:00" level=warning msg="Error getting v2 registry: Get \"https://docker.mirrors.ustc.edu.cn/v2/\": dial tcp: lookup docker.mirrors.ustc.edu.cn on 192.168.[...]:53: no such host"
Oct 31 10:49:47 raspberrypi dockerd[72199]: time="2025-10-31T10:49:47.467161886+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://docker.mirrors.ustc.edu.cn/v2/\": dial tcp: lookup docker.mirrors.ustc.edu.cn on 192.168.[...]:53: no such host"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.643995584+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:56433a6be3fda188089fb548eae3d91df3ed0d6589f7c2656121b911198df065\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.653080384+10:00" level=warning msg="Error getting v2 registry: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.653235436+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.660403057+10:00" level=error msg="Handler for POST /v1.51/images/create returned error: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
And here's the result from the same time, plus & minus a little, without the docker filter: 
Oct 31 10:49:18 raspberrypi NetworkManager[514]: <warn>  [1761871758.1581] platform-linux: do-add-ip6-address[2: fe80::4a9a:f765:e3e7:8fb4]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:20 raspberrypi NetworkManager[514]: <warn>  [1761871760.1607] platform-linux: do-add-ip6-address[2: fe80::27bc:14d9:c644:5740]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:22 raspberrypi NetworkManager[514]: <warn>  [1761871762.1608] ipv6ll[3f714c4230aaefac,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
Oct 31 10:49:32 raspberrypi NetworkManager[514]: <warn>  [1761871772.1640] platform-linux: do-add-ip6-address[2: fe80::f6e0:39f7:c5d4:f124]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:34 raspberrypi NetworkManager[514]: <warn>  [1761871774.1671] platform-linux: do-add-ip6-address[2: fe80::4038:ee1f:8f0:83de]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:36 raspberrypi NetworkManager[514]: <warn>  [1761871776.1687] platform-linux: do-add-ip6-address[2: fe80::348b:e55c:9c33:39a1]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:38 raspberrypi NetworkManager[514]: <warn>  [1761871778.1714] platform-linux: do-add-ip6-address[2: fe80::112b:a63:6452:6265]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:40 raspberrypi NetworkManager[514]: <warn>  [1761871780.1740] platform-linux: do-add-ip6-address[2: fe80::4a9a:f765:e3e7:8fb4]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:42 raspberrypi NetworkManager[514]: <warn>  [1761871782.1760] platform-linux: do-add-ip6-address[2: fe80::27bc:14d9:c644:5740]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:44 raspberrypi NetworkManager[514]: <warn>  [1761871784.1777] ipv6ll[3f714c4230aaefac,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
Oct 31 10:49:47 raspberrypi dockerd[72199]: time="2025-10-31T10:49:47.467021054+10:00" level=warning msg="Error getting v2 registry: Get \"https://docker.mirrors.ustc.edu.cn/v2/\": dial tcp: lookup docker.mirrors.ustc.edu.cn on 192.168.[...]:53: no such host"
Oct 31 10:49:47 raspberrypi dockerd[72199]: time="2025-10-31T10:49:47.467161886+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://docker.mirrors.ustc.edu.cn/v2/\": dial tcp: lookup docker.mirrors.ustc.edu.cn on 192.168.[...]:53: no such host"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.643995584+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:56433a6be3fda188089fb548eae3d91df3ed0d6589f7c2656121b911198df065\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.653080384+10:00" level=warning msg="Error getting v2 registry: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.653235436+10:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:49 raspberrypi dockerd[72199]: time="2025-10-31T10:49:49.660403057+10:00" level=error msg="Handler for POST /v1.51/images/create returned error: Get \"https://registry-1.docker.io/v2/\": dial tcp [2600:1f18:2148:bc02:794:dfb9:9a9:6172]:443: connect: cannot assign requested address"
Oct 31 10:49:54 raspberrypi NetworkManager[514]: <warn>  [1761871794.1830] platform-linux: do-add-ip6-address[2: fe80::f6e0:39f7:c5d4:f124]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:56 raspberrypi NetworkManager[514]: <warn>  [1761871796.1839] platform-linux: do-add-ip6-address[2: fe80::4038:ee1f:8f0:83de]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:49:58 raspberrypi NetworkManager[514]: <warn>  [1761871798.1865] platform-linux: do-add-ip6-address[2: fe80::348b:e55c:9c33:39a1]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:00 raspberrypi NetworkManager[514]: <warn>  [1761871800.1892] platform-linux: do-add-ip6-address[2: fe80::112b:a63:6452:6265]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:02 raspberrypi NetworkManager[514]: <warn>  [1761871802.1920] platform-linux: do-add-ip6-address[2: fe80::4a9a:f765:e3e7:8fb4]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:04 raspberrypi NetworkManager[514]: <warn>  [1761871804.1947] platform-linux: do-add-ip6-address[2: fe80::27bc:14d9:c644:5740]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:06 raspberrypi NetworkManager[514]: <warn>  [1761871806.1950] ipv6ll[3f714c4230aaefac,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
Oct 31 10:50:16 raspberrypi NetworkManager[514]: <warn>  [1761871816.1969] platform-linux: do-add-ip6-address[2: fe80::f6e0:39f7:c5d4:f124]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:18 raspberrypi NetworkManager[514]: <warn>  [1761871818.1996] platform-linux: do-add-ip6-address[2: fe80::4038:ee1f:8f0:83de]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:20 raspberrypi NetworkManager[514]: <warn>  [1761871820.2019] platform-linux: do-add-ip6-address[2: fe80::348b:e55c:9c33:39a1]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:22 raspberrypi NetworkManager[514]: <warn>  [1761871822.2039] platform-linux: do-add-ip6-address[2: fe80::112b:a63:6452:6265]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:24 raspberrypi NetworkManager[514]: <warn>  [1761871824.2065] platform-linux: do-add-ip6-address[2: fe80::4a9a:f765:e3e7:8fb4]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:26 raspberrypi NetworkManager[514]: <warn>  [1761871826.2079] platform-linux: do-add-ip6-address[2: fe80::27bc:14d9:c644:5740]: failure 13 (Permission denied - ipv6: IPv6 is disabled on this device)
Oct 31 10:50:28 raspberrypi NetworkManager[514]: <warn>  [1761871828.2094] ipv6ll[3f714c4230aaefac,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
15

I was having this same issue on my Raspberry Pi 4. I came across another forum thread that resolved the issue for me by adding more nameservers.
Link to the post:
stackoverflow - Error response from daemon…

Heres the OP if you dont want to use the link:

"I had similar issue on Ubuntu 16.04 and manage to solve it by adding more nameservers

You can try too.

Open config file sudo nano /etc/resolv.conf and add the following under existing nameservers

nameserver 8.8.8.8
nameserver 8.8.4.4

run following commands to restart daemon and docker service

sudo systemctl daemon-reload

sudo systemctl restart docker

Now try to pull image you want docker pull hello-world "

Note: I did use docker compose up -d to create my container instead of ‘docker pull…’ as I already had the dir and yaml file setup. So that’s the only part I cant confirm works or not.

1 Like
16

Glad that it works now.

You still might want to check out why your local dns server returns ipv6 ips when resolving hostnames, on hosts with deactivated ipv6. Did you try, to configure the google dns servers as upstream in your local dns server? If the dns is embedded in your router, it should have a setting for upstream dns servers.

Personally, I would not recommend to disable ipv6, because you would lose the ability to access ipv6 only sites.

17

Unfortunately that doesn’t work for me. For context, right now my /etc/resolv.conf consists of:

# Generated by NetworkManager
search Home
nameserver 192.168.[...].1
nameserver 9.9.9.9
nameserver 149.112.112.112
nameserver 8.8.8.8
nameserver 8.8.4.4
options single-request

I still get this:

 $ docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp [2600:1f18:2148:bc00:d9d9:8986:fd08:ba7a]:443: connect: cannot assign requested address
18

The thing is, I don’t get this if I run the same commands from my local PC, or from my Synology NAS. Only the Raspberry Pi.

19

Ok actually, thanks in part to @larryfisherman4 and @meyay’s comments, I tried removing my router as one of the nameservers from /etc/resolv.conf (I also updated my router, which had 9.9.9.9, 1.1.1.1 as the WAN DNS settings, and 9.9.9.9, 0.0.0.0 as the LAN ones—not really sure what the difference is between WAN and LAN DNS—to use the two Quad9 servers, just to have consistency, though this was done after the fact).

That did solve the problem. I can now pull from both Docker Hub and GitHub Container Repository successfully.

Thanks all for the assistance with this! I’d love to know why exactly the problem occurred, but fundamentally the problem is gone, and that’s the main thing.

2 Likes
20

The WAN dns is used for traffic that originates from the router to the internat, and is used as upstream resolver for the router’s internal dns server.

The LAN dns setting usually affects what dns server is announced via dhcp. You would use it, if you run another dns server (e.g. pihole, unbound, bind, …) in your network and want your clients to use it, instead of your routers internal dns server. Changing the value, usually does not deactive the router’s internal dns, it just doesn’t annouce it anymore. If you use another dns server, you could use your routers internal dns as it’s upstream, which would allow to resolve hostnames from your lan.

Note about the nameservers in resolv.conf: it is like a fallback list. It will use the first dns server, unless it’s unreachable, then it will use the next. It will not cycle through the namservers until it finds one that is able to the resolve the hostname.

1 Like