Help with DNS configuration for "isolated" hosts

General
1

I am investigating some of the features around DNS to see how we can “dockerize” our existing application. I am having two problems:

  1. Without specifying DNS options when I create a simple container (centos:latest) I can synchronize a non-empty /etc/resolv.conf file from the host to the container. But, when I update the /etc/resolv.conf file (e.g. via DHCP request) on the host, the changes are not propagated into the container. inotify is working on the host.

HOST
[sysadmin@vmr-132-9 ~]# cat /etc/resolv.conf

WARNING: This file is written, modified and/or deleted based on SoLOS

configuration and subsequent DNS server reachability polling.

Do not modify this file directly.

nameserver 192.168.130.192

CONTAINER
[sysadmin@vmr-132-9 ~]$ docker run -it --rm --name=dns centos:latest /bin/bash
[root@552708be056f /]# cat /etc/resolv.conf

WARNING: This file is written, modified and/or deleted based on SoLOS

configuration and subsequent DNS server reachability polling.

Do not modify this file directly.

nameserver 192.168.130.192

HOST
[sysadmin@vmr-132-9 ~]# echo “nameserver 10.10.10.10” >> /etc/resolv.conf
[sysadmin@vmr-132-9 ~]# cat /etc/resolv.conf

WARNING: This file is written, modified and/or deleted based on SoLOS

configuration and subsequent DNS server reachability polling.

Do not modify this file directly.

nameserver 192.168.130.192
nameserver 10.10.10.10

CONTAINER
[root@552708be056f /]# cat /etc/resolv.conf

WARNING: This file is written, modified and/or deleted based on SoLOS

configuration and subsequent DNS server reachability polling.

Do not modify this file directly.

nameserver 192.168.130.192
[root@552708be056f /]# exit
exit
sysadmin@vmr-132-9 docker run -it --rm --name=dns centos:latest /bin/bash
[root@20f2ead9a1e3 /]# cat /etc/resolv.conf

WARNING: This file is written, modified and/or deleted based on SoLOS

configuration and subsequent DNS server reachability polling.

Do not modify this file directly.

nameserver 192.168.130.192
nameserver 10.10.10.10

  1. When the host /etc/resolv.conf is empty, I get the google public nameservers in the container (as expected). But, I’d rather have an empty /etc/resolv.conf. Although I can successfully override the nameserver list in a number of ways (create command line, DOCKER_OPTS, daemon.json) it does not look like you can supply an empty list. I’ve tried puting this in /etc/docker/daemon.json:

{ “dns” : [] }

[sysadmin@vmr-132-9 ~]# docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64

Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64

2

Sorry about the formatting… first post! Not sure why some of the information is BOLD and large font.