I just installed Docker on CentOS 8. Everything went fine, I’ve run the hello_world test container and the result was successful. The issue is that inside the containers I cannot resolve any DNS queries.
For example when I type ping 8.8.8.8 (on any kind of base container such as Ubuntu or CentOS) I get the correct answer but when I try running ping google.com I don’t get any answer, meaning that the container is unable to resolve the DNS for any URL.
I’ve also tried running a base container like this:
docker run busybox ping -c 1 192.203.230.10
and I’m getting this (correct) output:
[server#localhost ~]$ docker run busybox ping -c 1 192.203.230.10
PING 192.203.230.10 (192.203.230.10): 56 data bytes
64 bytes from 192.203.230.10: seq=0 ttl=51 time=32.413 ms
--- 192.203.230.10 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 32.413/32.413/32.413 ms
But now trying resolving the domain google.com with the command:
docker run busybox nslookup google.com
I get this output:
[server#localhost ~]$ docker run busybox nslookup google.com
nslookup: write to '8.8.8.8': No route to host
nslookup: write to '8.8.4.4': No route to host
;; connection timed out; no servers could be reached
I’m finding this problem really frustrating since I’ve not found a way to solve it. I'm attaching for completeness a cat /etc/resolv.conf of both the machine running Docker and the container itself
On the machine with CentOS 8:
[server#localhost ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
Inside any Docker container:
bash-4.4# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
Which looks like a normal and working configuration, but when I try to ping google.com (inside the containers) I get:
bash-4.4# ping google.com
ping: google.com: Try again
What new things can I try?
The solution to the problem seems to be adding docker as a trusted interface on firewalld using the command:
firewall-cmd --permanent --zone=trusted --add-interface=docker0
and then reloading firewalld with:
firewall-cmd --reload
After it should work correctly (remember to reboot)
Related
i'm trying to set up pihole in a docker container (on a raspberry pi) and as such, have my DNS on my ip: 192.160.170.10. The docker container runs the dns and exposes its port 53, where the dns is available
when running iplookup google.com on the host, i get the correct output:
Server: 192.160.170.10
Address: 192.160.170.10#53
Non-authoritative answer:
Name: google.com
Address: 172.217.16.78
My resolv.conf also contains this address.
when running a docker container, i am unable to do this nslookup however:
docker run busybox nslookup google.com
outputs:
;; connection timed out; no servers could be reached
Following this tutorial i've tried specifying the dns with the following command:
docker run --dns 192.160.170.10 busybox nslookup google.com
but this also does not solve the problem. I've also tried adding the dns to /etc/docker/daemon.json, which also does nothing.
the docker container's resolv.conf output is: nameserver 192.160.170.10
What is wrong with my configuration / How can i further debug this DNS issue?
edit:
output from docker run --rm --net=host busybox nslookup google.com:
Server: 192.160.170.10
Address: 192.160.170.10:53
Non-authoritative answer:
Name: google.com
Address: 172.217.16.78
*** Can't find google.com: No answer
In my Fedora 32 machine DNS is working better. DNS lookup is working when ping google.com.
PING google.com (172.217.160.174) 56(84) bytes of data.
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=1 ttl=117 time=41.5 ms
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=2 ttl=117 time=47.2 ms
I build following simple docker image using default bridge network. (I need bridge network. My issue is working when i using host network. And DockerImage will have more commands)
FROM tailor/docker-libvips:node-10.9
docker build --tag dinuka/video-file-service-test-sandbox:node-10.9 .
docker run -dit --name video-test-1 dinuka/video-file-service-test-sandbox:node-10.9
I have logged to the container using following command.
docker attach video-test-1
After that i have tried to ping an IP. It is success.
/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=42.5 ms
But it is not working to domain
/# ping google.com
ping: google.com: Temporary failure in name resolution
The container DNS is correct. It is same as my machine name server.
/# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
My machine OS is Fedora 32. I have disable selinux and firewalld. I have tried many solutions in stackoverflow. But any can't solve this.
You need to manually add masquerading to the network interface:
ZONE=$(sudo firewall-cmd --get-zone-of-interface=<internet facing interface>)
sudo firewall-cmd --zone=$ZONE --add-masquerade --permanent success
sudo firewall-cmd --reload success
sudo systemctl restart docker
I am trying to access devices on my network with .local domain, but it doesn't seem to work in Docker.
Ping from host is working:
$ ping test1.local
PING test1.local (192.168.1.90) 56(84) bytes of data.
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=1 ttl=255 time=1.41 ms
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=2 ttl=255 time=1.54 ms
Docker demon config:
$ cat /etc/docker/daemon.json
{
"dns": ["192.168.1.1","8.8.8.8"]
}
If I try to ping test1.local from Docker:
$ sudo docker run --network host busybox ping -c 3 test1.local
ping: bad address 'test1.local'
Pinging device with IP works:
$ sudo docker run --network host busybox ping -c 3 192.168.1.90
PING 192.168.1.90 (192.168.1.90): 56 data bytes
64 bytes from 192.168.1.90: seq=0 ttl=255 time=4.855 ms
64 bytes from 192.168.1.90: seq=1 ttl=255 time=1.566 ms
So I assume something is wrong name resolution.
madrian#ubuntudev:~$ cat /etc/resolv.conf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.1
search localdomain
Any ideas how to resolve this issue?
Try run your code without --network host argument. The problem is in the DNS resolution.
When you use default bridge (which will be used if you omit network parameter), containers inherit DNS configuration from host, and that is what you need:
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/configure-dns/
When you use user-defined bridge, Docker updates DNS records to enable seamless communication between containers by their names:
https://docs.docker.com/v17.09/engine/userguide/networking/configure-dns/
Unfortunately, I was unable to find explicit explanation on how DNS works with host mode, so I assume this is a problem
$ docker run -it busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
90e01955edcd: Pull complete
Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
Status: Downloaded newer image for busybox:latest
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
285 packets transmitted, 0 packets received, 100% packet loss
/ #
Why does this happen? What can I do to resolve it?
hi can you check your network interface eth0 or whatever name
or restart network interface
ifdown eth0
ifup eth0
if instance in vpc then check NAT or internet gateway is there to make connection to internet
I was behind a proxy and the solution was to set the ip number of the proxy in ~/.docker/config.json instead of the name.
I have a CentOS 7 host on which I am running Docker. When I do a ping from my host to 8.8.8.8, ping was successful whereas same inside a docker container is not working.
From Host
[root#linux1 ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=31.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=31.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.592/31.617/31.643/0.179 ms
From Docker Container (I am using basic ubuntu image):
[root#linux1 ~]# docker run ubuntu ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable
From 172.17.0.1 icmp_seq=4 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5000ms
pipe 4
Any suggestions would be helpful. Thanks
Restart the Docker daemon on Debian9
service docker restart
and the connections and networks works fine
Recently I faced a similar network issue. The other answers here didn't help: DNS was working fine and restarting Docker wouldn't change a thing. I've found that specifying the network as host solved it.
There are three ways of doing it:
In docker-compose:
By setting network_mode in the yaml file:
services:
worker:
build: .
network_mode: host
In the image building stage for RUN commands:
docker build --network=host
In the execution stage for the application:
docker run --network=host <image>
Try this:
docker run --dns=8.8.8.8 -it ubuntu ping 8.8.8.8
Ref: DOCKER DNS
I figured out the issue. It is not an issue with the DNS but an issue with the network connection itself inside Docker containers. Drilled down the issue is the default IP assigned to docker0 interface, which conflicted with my network address. Forced docker daemon to assign an IP so that it won't conflict and my issue is resolved.
Thanks
I had the same issue when stop and start container separately. I have just rebuild and re up containers.
docker-compose down
docker-compose build
docker-compose up -d
And then problem gone.