Strange DNS behavior with docker

General
1

I have a home router (192.168.1.1) for local network with static dns record: box.lan = 192.168.1.5 and I have host (box.lan) and running docker container (pig) on it.

On host:

cat /etc/resolv.conf
# Resolver configuration file.
# See resolv.conf(5) for details.
nameserver 192.168.1.1
domain lan
search lan

Why:

docker exec -it pig nslookup ping box.lan
ping: bad address 'box.lan'

docker exec -it pig ping google.com
PING google.com (108.177.14.138): 56 data bytes
64 bytes from 108.177.14.138: seq=0 ttl=100 time=67.234 ms

I do not have access to hosts in my local network from container! (but have access to internet hosts from this container)

Some details:

docker exec -it pig nslookup box.lan

Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   box.lan
Address: 192.168.1.5

** server can't find box.lan: NXDOMAIN


docker exec -it pig nslookup -q=A box.lan
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   box.lan
Address: 192.168.1.5

docker exec -it pig nslookup -q=AAAA box.lan
Server:         127.0.0.11
Address:        127.0.0.11:53

** server can't find box.lan: NXDOMAIN

cat /etc/docker/daemon.json
{
  "dns" : ["192.168.1.1"],
  "dns-search" : ["lan"],
  "ipv6" : false
}

If I add AAAA record for box.lan with fake ipv6 address (from google.com): box.lan = 2a00:1450:4010:c0f::66 everything start to work as desired:

docker exec -it pig ping box.lan
PING box.lan (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.054 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.119 ms

How to get same result without such trick? (tried to switch off ipv6 on host, and make precedence of ipv4 over ipv6 - nothing helps)

docker info
Client:
 Version:    27.1.2
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  2.29.2
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 10
  Running: 10
  Paused: 0
  Stopped: 0
 Images: 86
 Server Version: 27.1.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353.m
 runc version:
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.10.5-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.49GiB
 Name: box
 ID: 55f3f45d-dd9d-4146-a57a-4b9d7fcae339
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  box.lan:5000
  127.0.0.0/8
 Registry Mirrors:
  http://box.lan:5000/
 Live Restore Enabled: false
 Default Address Pools:
   Base: 10.10.0.0/16, Size: 24
2

Using anything like PiHole or AdGuard that messes with DNS?

3

Nothing like that, just fresh installed ArchLinux + docker, docker-compose

4

Problem solved, it was bug in Mikrotik (router) DNS-server