Using Oracle Linux 8.2 with firewall activated
Running this command…
docker run -i --rm alpine ping www.google.es
does not resolve DNS.
docker run -i --rm alpine ping 8.8.8.8
works fine
same results with other images/containers.
But when you disable firewall and restart docker daemon you can reach DNS resolution.
SO IT IS BEST OPTION FOR SECURITY REASONS
-you have installed a firewall in your docker host
-you prefer maximum security
-deploy your image in other host or disconnect firewall
-build process can resolve DNS from inside “dockerfile” commands once firewall disabled
-run your image and connect your container ports to your host
-enable again firewall
-you are now secure because nobody inside a running container can reach internet DNS
(in case somebody build an image with “some script” inside)