I’m using Docker for Mac on a machine with a complex VPN setup, and hostnet seems to work well.
However, the only address reachable over UDP is the host. All others swallow packets whole.
➜ pinata diagnose -u
OS X: version 10.11.3 (build: 15D21)
Docker.app: version v1.11.0-beta6
Running diagnostic tests:
[OK] docker-cli
[OK] Moby booted
[OK] driver.amd64-linux
[OK] vmnetd
[OK] osxfs
[OK] db
[OK] slirp
[OK] menubar
[OK] environment
[OK] Docker
[OK] VT-x
Docker logs are being collected into /tmp/20160407-141156.tar.gz.
Your unique id in bugsnag is: EA6641F7-AC78-49A7-9047-9899171D78BD
Please quote this in all correspondence.
➜ docker run -it debian /bin/bash
root@b4b3bb61941b:/# cat /etc/resolv.conf
search local
nameserver 192.168.64.1
root@b4b3bb61941b:/# dig @192.168.64.1 filippo.io
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @192.168.64.1 filippo.io
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39716
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;filippo.io. IN A
;; ANSWER SECTION:
filippo.io. 300 IN A 104.20.68.137
filippo.io. 300 IN A 104.20.69.137
;; Query time: 150 msec
;; SERVER: 192.168.64.1#53(192.168.64.1)
;; WHEN: Thu Apr 07 13:25:48 UTC 2016
;; MSG SIZE rcvd: 60
root@b4b3bb61941b:/# dig @8.8.8.8 google.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
root@b4b3bb61941b:/# tcptraceroute 8.8.8.8 53
Selected device eth0, address 172.17.0.2, port 40332 for outgoing packets
Tracing the path to 8.8.8.8 on TCP port 53 (domain), 30 hops max
1 172.17.0.1 0.080 ms 0.115 ms 0.062 ms
2 google-public-dns-a.google.com (8.8.8.8) [open] 51.755 ms 35.229 ms 42.058 ms
This obviously means that any image that doesn’t set the host as the DNS server is not functioning.