Ping fails on internal host, but nslookup works

intdocker · June 30, 2016, 1:46am

Expected behavior

Ping to an internal host (a host that’s resolved by company dns) should succeed from within a container.

Actual behavior

Ping hangs from within the container, even though nslookup succeeds from within the container.

Information

I have an internal host internalhost.corp.mycompany.net. Both ping and nslookup work from the Mac:

Mac$ nslookup internalhost.corp.mycompany.net
Server:   172.a.b.c
Address:  172.a.b.c#ef

Non-authoritative answer:
Name: internalhost.corp.mycompany.net
Address: 172.a.j.k

Mac $ ping internalhost.corp.mycompany.net
PING internalhost.corp.mycompany.net (172.a.j.k): 56 data bytes
64 bytes from 172.a.j.k: icmp_seq=0 ttl=58 time=1.666 ms
64 bytes from 172.a.j.k: icmp_seq=1 ttl=58 time=3.368 ms

The ping hangs from within a container:

Mac $ docker run busybox ping internalhost.corp.mycompany.net
^CPING internalhost.corp.mycompany.net (172.a.j.k): 56 data bytes

--- internalhost.corp.mycompany.net ping statistics ---
15 packets transmitted, 0 packets received, 100% packet loss

The ping also hangs when passing dns options to container:

Mac $ docker run --dns 172.a.b.c --dns 172.x.y.z --dns-search corp.mycompany.net busybox ping internalhost.corp.mycompany.net
^CPING internalhost.corp.mycompany.net (172.a.j.k): 56 data bytes

--- internalhost.corp.mycompany.net ping statistics ---
126 packets transmitted, 0 packets received, 100% packet loss

The nslookup does work in the container, however:

Mac $ docker run busybox nslookup internalhost.corp.mycompany.net
Server:    192.168.65.1
Address 1: 192.168.65.1

Name:      internalhost.corp.mycompany.net
Address 1: 172.a.j.k internalhost.corp.mycompany.net

The Mac’s /etc/resolve.conf:

Mac $ cat /etc/resolv.conf
domain corp.mycompany.net
nameserver 172.a.b.c
nameserver 172.x.y.z

The docker Moby linux vm’s /etc/resolve.conf:

moby login: root
Welcome to the Moby alpha, based on Alpine Linux.
moby:~# cat /etc/resolv.conf
search local
nameserver 192.168.65.1

The ping to the internal host also hangs from the Moby linux vm:

moby:~# ping internalhost.corp.mycompany.net
PING internalhost.corp.mycompany.net (172.a.j.k): 56 data bytes
^C

pings to google.com work everywhere: from the container, the Mac, and the Moby linux vm.

My mac is running OS X El Capitan
Version 10.11.3
MacBook Pro (Retina, 15-inch, Mid 2015)

Docker version:
Version 1.12.0-rc2-beta17 (build: 9779)
ff18c0c63c5ff3c4a4a925d191d5592d655779d7

Steps to reproduce the behavior

Mac $ docker run busybox ping internalhost.corp.mycompany.net

govinda · August 30, 2017, 12:52pm

I have the same problem. Did you find a solution in the meantime?