Docker Community Forums

Share and learn in the Docker community.

Private DNS not working inside Docker containers on Ubuntu host

I am trying to understand how to get DNS to work inside Docker containers on Ubuntu 20 host. More specifically, the private DNS entries of all of my AWS resources are not propagating while on VPN.

Of course, these DNS names resolve fine on Ubuntu host. But as soon as I try to work on my application or use pgadmin4 to connect to databases in AWS, I just get errors like “failure in name resolution.”

We use Openvpn3 to connect to our VPN running in AWS VPC.

I tried to use dnsmasq based on the articles linked below, but was not successful configuring it. Well, more accurately, I believe I configured it properly, but it didn’t solve the issue.

I have tried using docker-compose with and without a custom network. Nothing seems to work.

The resources online are either outdated or too specific to other cases.

I would really appreciate it if someone would be willing to assist with a configuration that is reliable and pushes custom DNS from my VPN’s name server into the docker network.

Referefences:

I should mention that after a few hours of fiddling with various settings, I am able to get things to work temporarily by using the --dns flag for docker run, or a dns: stanza in docker-compose.yml, but I would still like to know the approprate way to simply bridge DNS server details from the host into the docker environment.

I assume you use a AWS Client VPN configuration and created a DNS Resolver which you configured in the VPN’s endpoint configuration? And your docker host uses openvpn/awsvpnclient to dial in into the vpn? If so the dns settings should be pushed to the client and should end up in containers (since docker mounts /etc/resolv.conf into a container, it should see the actualy configuration - at least that’s what I asume)

By default Ubuntu creates a stub dns (running on 127.0.0.1) to dns cache entries and forward them to the upstream dns servers.

You can disable the dns stub in /etc/systemd/resolved.conf.d/resolved.conf, by adding the line DNSStubListener=no to the configuration, then restart the systemd resover service: systemctl restart systemd-resolved.service

Though, additionaly netplan plays also a role in contributing what actualy is generated in /etc/resolv.conf. Make sure you see the dns servers you expect in /etc/resolv.conf and they should not be 127.0.0.1, as localhost for a container is not localhost on the host.