Hi,

I’m using docker to host a bunch of services (18 containers) for a month now. Because I was moving from a VM orriented workflow to docker, I made some tweaks to have a deeper control over the network my containers can use. This means that I disabled ipv6 (more because of a legacy issue with my nic which shouldn’t impact docker in any way but would be a pain to revert in all the configurations (ipv6 stack is disabled in kernel too)), I forbid docker to alter iptable (I really want to be aware of all the rules in my firewall don’t ask why) and I created a network to replace the default bridge. This is a bridged network with a defined subnet. I have a DNS (Bind) configured and running on the host. It is also used by the containers specifying the --dns option when they are created.

Ok, here comes the issue. Time to time and without any message in the logs, I suspect docker embedded DNS is failing to resolve domains. The Bind DNS which is also used by the host is totally fine outside the containers, but every containers can’t resolve domain names. I do not see anything relevant in the logs …

Maybe those informations will be relevant too, I have other issues with the engine, but they should be unrelated. Anyway, there is a known issue with my system and overlay’s index. I’m currently using the work arround (index is disabled until I can upgrade to 17.12). I also can’t manage to stop some containers time to time, the docker stop command never returns and when I stop it and try to relaunch it, it reports that the pid is unknown (the first command surely killed the pid inside the container but fails to clean it after that). Only a service restart resolve the problem.

My environnement :

Archlinux - kernel 4.14.8-1-ARCH
Docker version 17.12.0-ce, build 486a48d270

Hoping I’m clear enough

Thanks in advance