In my Fedora 32 machine DNS is working better. DNS lookup is working when ping google.com.
PING google.com (172.217.160.174) 56(84) bytes of data.
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=1 ttl=117 time=41.5 ms
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=2 ttl=117 time=47.2 ms
I build following simple docker image using default bridge network. (I need bridge network. My issue is working when i using host network. And DockerImage will have more commands)
FROM tailor/docker-libvips:node-10.9
docker build --tag dinuka/video-file-service-test-sandbox:node-10.9 .
docker run -dit --name video-test-1 dinuka/video-file-service-test-sandbox:node-10.9
I have logged to the container using following command.
docker attach video-test-1
After that i have tried to ping an IP. It is success.
/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=42.5 ms
But it is not working to domain
/# ping google.com
ping: google.com: Temporary failure in name resolution
The container DNS is correct. It is same as my machine name server.
/# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
My machine OS is Fedora 32. I have disable selinux and firewalld. I have tried many solutions in stackoverflow. But any can't solve this.
You need to manually add masquerading to the network interface:
ZONE=$(sudo firewall-cmd --get-zone-of-interface=<internet facing interface>)
sudo firewall-cmd --zone=$ZONE --add-masquerade --permanent success
sudo firewall-cmd --reload success
sudo systemctl restart docker
Related
I have a problem with all my docker containers, they don't has internet access, cannot reach external resources. Im using centos7 and I had installed CSF (configserver firewall) with the docker=1 setting.
I made a test using the next command:
docker run -itd --name=alpine1 alpine
then I enter to it using the next command:
docker exec -it alpine1 /bin/sh
inside the container I try to ping google
ping google.com
but I only get the next error message:
ping: bad address 'google.com'
But if I run the command:
docker run -itd --network host --name=alpine1 alpine
now i can ping google.com and get a success response:
PING google.com (2a00:1450:400f:804::200e): 56 data bytes
64 bytes from 2a00:1450:400f:804::200e: seq=0 ttl=119 time=6.741 ms
64 bytes from 2a00:1450:400f:804::200e: seq=1 ttl=119 time=6.836 ms
64 bytes from 2a00:1450:400f:804::200e: seq=2 ttl=119 time=6.842 ms
I think the solution not is run all the containers over host network, and this not apply to container using docker-compose
Any idea to fix that without using --network host?
thanks in advance
I just installed Docker on CentOS 8. Everything went fine, I’ve run the hello_world test container and the result was successful. The issue is that inside the containers I cannot resolve any DNS queries.
For example when I type ping 8.8.8.8 (on any kind of base container such as Ubuntu or CentOS) I get the correct answer but when I try running ping google.com I don’t get any answer, meaning that the container is unable to resolve the DNS for any URL.
I’ve also tried running a base container like this:
docker run busybox ping -c 1 192.203.230.10
and I’m getting this (correct) output:
[server#localhost ~]$ docker run busybox ping -c 1 192.203.230.10
PING 192.203.230.10 (192.203.230.10): 56 data bytes
64 bytes from 192.203.230.10: seq=0 ttl=51 time=32.413 ms
--- 192.203.230.10 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 32.413/32.413/32.413 ms
But now trying resolving the domain google.com with the command:
docker run busybox nslookup google.com
I get this output:
[server#localhost ~]$ docker run busybox nslookup google.com
nslookup: write to '8.8.8.8': No route to host
nslookup: write to '8.8.4.4': No route to host
;; connection timed out; no servers could be reached
I’m finding this problem really frustrating since I’ve not found a way to solve it. I'm attaching for completeness a cat /etc/resolv.conf of both the machine running Docker and the container itself
On the machine with CentOS 8:
[server#localhost ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
Inside any Docker container:
bash-4.4# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
Which looks like a normal and working configuration, but when I try to ping google.com (inside the containers) I get:
bash-4.4# ping google.com
ping: google.com: Try again
What new things can I try?
The solution to the problem seems to be adding docker as a trusted interface on firewalld using the command:
firewall-cmd --permanent --zone=trusted --add-interface=docker0
and then reloading firewalld with:
firewall-cmd --reload
After it should work correctly (remember to reboot)
I am trying to access devices on my network with .local domain, but it doesn't seem to work in Docker.
Ping from host is working:
$ ping test1.local
PING test1.local (192.168.1.90) 56(84) bytes of data.
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=1 ttl=255 time=1.41 ms
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=2 ttl=255 time=1.54 ms
Docker demon config:
$ cat /etc/docker/daemon.json
{
"dns": ["192.168.1.1","8.8.8.8"]
}
If I try to ping test1.local from Docker:
$ sudo docker run --network host busybox ping -c 3 test1.local
ping: bad address 'test1.local'
Pinging device with IP works:
$ sudo docker run --network host busybox ping -c 3 192.168.1.90
PING 192.168.1.90 (192.168.1.90): 56 data bytes
64 bytes from 192.168.1.90: seq=0 ttl=255 time=4.855 ms
64 bytes from 192.168.1.90: seq=1 ttl=255 time=1.566 ms
So I assume something is wrong name resolution.
madrian#ubuntudev:~$ cat /etc/resolv.conf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.1
search localdomain
Any ideas how to resolve this issue?
Try run your code without --network host argument. The problem is in the DNS resolution.
When you use default bridge (which will be used if you omit network parameter), containers inherit DNS configuration from host, and that is what you need:
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/configure-dns/
When you use user-defined bridge, Docker updates DNS records to enable seamless communication between containers by their names:
https://docs.docker.com/v17.09/engine/userguide/networking/configure-dns/
Unfortunately, I was unable to find explicit explanation on how DNS works with host mode, so I assume this is a problem
exploring Docker 17.06.
I've installed docker on Centos 7 and created a container. Started the container with the default bridge. I can ping both host adapters, but not the outside world e.g. www.google.com
All advise out there is based on older versions of Docker and it's iptables settings.
I would like to understand how to ping to the outside world, what is required please?
TIA!
If you able to ping www.google.com from host machine try following these steps :
run on host machine:
sudo ip addr show docker0
You will get output which includes :
inet 172.17.2.1/16 scope global docker0
The docker host has the IP address 172.17.2.1 on the docker0 network interface.
Then start the container :
docker run --rm -it ubuntu:trusty bash
and run
ip addr show eth0
output will include :
inet 172.17.1.29/16 scope global eth0
Your container has the IP address 172.17.1.29. Now look at the routing table:
run:
route
output will include:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.2.1 0.0.0.0 UG 0 0 0 eth0
It Means the IP Address of the docker host 172.17.2.1 is set as the default route and is accessible from your container.
try ping now to your host machine ip :
root#e21b5c211a0c:/# ping 172.17.2.1
PING 172.17.2.1 (172.17.2.1) 56(84) bytes of data.
64 bytes from 172.17.2.1: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 172.17.2.1: icmp_seq=2 ttl=64 time=0.211 ms
64 bytes from 172.17.2.1: icmp_seq=3 ttl=64 time=0.166 ms
If this works most probably you'll be able to ping www.google.com
Hope it will help!
In my case restarting docker daemon helped
sudo systemctl restart docker
If iptables is not a reason and if you have no some limitation for change containers network mode - set it to "host" mode. This should solve this issue.
Please verify your existing iptables:
iptables --list
It should show you list of iptables with source and destination details.
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
If it is anywhere for both source and destination it should ping outside IPs.(By Default its anywhere)
If not use this command to set your iptable(DOCKER-USER)
iptables -I DOCKER-USER -i eth0 -s 0.0.0.0/0 -j ACCEPT
Hope this will help!
I had a similar problem, an api docker container needed connection to outside, but the others containers not. So my option was add the flag --dns 8.8.8.8 to the docker run command , and with that the container can ping to outside. I consider this a solution for one container, if you need for more containers, maybe other responses are better. Here the documentation. And full line example:
docker run -d --rm -p 8080:8080 --dns 8.8.8.8 <docker-image-name>
where:
-d, detach mode for run containers in background
--rm, remove containers if is stop (careful if you are testing and maybe you need to inspect logs, with docker logs , don't use it)
-p, specify the port ( <host-port> : <container-port> )
--dns, the container can resolve internet domains
I have a CentOS 7 host on which I am running Docker. When I do a ping from my host to 8.8.8.8, ping was successful whereas same inside a docker container is not working.
From Host
[root#linux1 ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=31.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=31.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.592/31.617/31.643/0.179 ms
From Docker Container (I am using basic ubuntu image):
[root#linux1 ~]# docker run ubuntu ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable
From 172.17.0.1 icmp_seq=4 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5000ms
pipe 4
Any suggestions would be helpful. Thanks
Restart the Docker daemon on Debian9
service docker restart
and the connections and networks works fine
Recently I faced a similar network issue. The other answers here didn't help: DNS was working fine and restarting Docker wouldn't change a thing. I've found that specifying the network as host solved it.
There are three ways of doing it:
In docker-compose:
By setting network_mode in the yaml file:
services:
worker:
build: .
network_mode: host
In the image building stage for RUN commands:
docker build --network=host
In the execution stage for the application:
docker run --network=host <image>
Try this:
docker run --dns=8.8.8.8 -it ubuntu ping 8.8.8.8
Ref: DOCKER DNS
I figured out the issue. It is not an issue with the DNS but an issue with the network connection itself inside Docker containers. Drilled down the issue is the default IP assigned to docker0 interface, which conflicted with my network address. Forced docker daemon to assign an IP so that it won't conflict and my issue is resolved.
Thanks
I had the same issue when stop and start container separately. I have just rebuild and re up containers.
docker-compose down
docker-compose build
docker-compose up -d
And then problem gone.