Name resolution failure

Hi,

I’m running Docker CE on Ubuntu 22.04.

Any image I try to run - e.g. Ubuntu, Debian, nicolaka/netshoot - has trouble performing name resolution, it’s unable to reach DNS servers, and just pinging 8.8.8.8 fails.

My /etc/docker/daemon.json :

{
  "bip" : "20.0.0.1/24",
  "dns" : ["8.8.8.8"]
}

Output of “ip a” for docker0 :

5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:96:9f:92:b2 brd ff:ff:ff:ff:ff:ff
    inet 20.0.0.1/24 brd 20.0.0.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:96ff:fe9f:92b2/64 scope link 
       valid_lft forever preferred_lft forever

My /etc/resolve.conf inside the container:

search corporate_domain1.com, corporate_domain2.com
nameserver 8.8.8.8

Output of “ip r” inside a container :

default via 20.0.0.1 dev eth0 
20.0.0.0/24 dev eth0 proto kernel scope link src 20.0.0.2

Trying to ping default gateway inside a container gives no output:

PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data.
( no output )

I’ve tried restarting Docker but it changed nothing.

My machine is on a corporate network, so that’s probably the reason - trouble is, our IT department won’t help, so I’ve turned to help here.

Any ideas?

The ip indicates that you are using a public ip (range) provided your isp.
Is this correct?

If it is supposed to be a private network range, you might want to look at Private network - Wikipedia for a list of valid cidr ranges.

My router gives 192.168.0.* IPv4 (and also an IPv6, which I don’t think matters here) - so I edited /etc/docker/daemon.json with this address. I could have used 10.0.0.1/24 but my corporate VPN uses that.

Do you think trying 10.1.0.1/24 or 172.16.0.1/24 might help?

By the way the issue happens even when I’m not connected from the corporate VPN

Can you use 8.8.8.8 from the host? If you are in a corporate network and not just conected to the VPN, it is also possible that using the name server of Google is not allowed. It is not allowed where I work.

That would be the default range, but as long as you use a valid ip address it shouldn’t affect name resolution.

We can help with Docker related questions but only your IT deparment can tell you which IP ranges you should use and even what you are allowed to use.

Using 8.8.8.8 or 1.1.1.1 absolutely works on the host when I’m on the VPN and when I’m off of it.