I am trying to access devices on my network with .local domain, but it doesn't seem to work in Docker.
Ping from host is working:
$ ping test1.local
PING test1.local (192.168.1.90) 56(84) bytes of data.
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=1 ttl=255 time=1.41 ms
64 bytes from 192.168.1.90 (192.168.1.90): icmp_seq=2 ttl=255 time=1.54 ms
Docker demon config:
$ cat /etc/docker/daemon.json
{
"dns": ["192.168.1.1","8.8.8.8"]
}
If I try to ping test1.local from Docker:
$ sudo docker run --network host busybox ping -c 3 test1.local
ping: bad address 'test1.local'
Pinging device with IP works:
$ sudo docker run --network host busybox ping -c 3 192.168.1.90
PING 192.168.1.90 (192.168.1.90): 56 data bytes
64 bytes from 192.168.1.90: seq=0 ttl=255 time=4.855 ms
64 bytes from 192.168.1.90: seq=1 ttl=255 time=1.566 ms
So I assume something is wrong name resolution.
madrian#ubuntudev:~$ cat /etc/resolv.conf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.1
search localdomain
Any ideas how to resolve this issue?
Try run your code without --network host argument. The problem is in the DNS resolution.
When you use default bridge (which will be used if you omit network parameter), containers inherit DNS configuration from host, and that is what you need:
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/configure-dns/
When you use user-defined bridge, Docker updates DNS records to enable seamless communication between containers by their names:
https://docs.docker.com/v17.09/engine/userguide/networking/configure-dns/
Unfortunately, I was unable to find explicit explanation on how DNS works with host mode, so I assume this is a problem
Related
I have a problem with all my docker containers, they don't has internet access, cannot reach external resources. Im using centos7 and I had installed CSF (configserver firewall) with the docker=1 setting.
I made a test using the next command:
docker run -itd --name=alpine1 alpine
then I enter to it using the next command:
docker exec -it alpine1 /bin/sh
inside the container I try to ping google
ping google.com
but I only get the next error message:
ping: bad address 'google.com'
But if I run the command:
docker run -itd --network host --name=alpine1 alpine
now i can ping google.com and get a success response:
PING google.com (2a00:1450:400f:804::200e): 56 data bytes
64 bytes from 2a00:1450:400f:804::200e: seq=0 ttl=119 time=6.741 ms
64 bytes from 2a00:1450:400f:804::200e: seq=1 ttl=119 time=6.836 ms
64 bytes from 2a00:1450:400f:804::200e: seq=2 ttl=119 time=6.842 ms
I think the solution not is run all the containers over host network, and this not apply to container using docker-compose
Any idea to fix that without using --network host?
thanks in advance
Here is my /etc/resolve.conf file from my host machine. I have commented both the public nameservers
# Generated by NetworkManager
# nameserver 8.8.8.8
# nameserver 4.2.2.2
When I try to ping google.com from my host machine, it didn't work since I have commented the public DNS server.
ping: google.com: Name or service not known
Here is my /etc/resolve.conf file from the docker container
nameserver 127.0.0.11
options ndots:0
When I try to ping google.com from my docker container, it works.
PING google.com (216.58.209.14): 56 data bytes
64 bytes from 216.58.209.14: seq=0 ttl=117 time=131.562 ms
64 bytes from 216.58.209.14: seq=1 ttl=117 time=191.746 ms
Since docker container network by default resolves to /etc/resolve.conf file from host machine, then how this scenario works? And what does the /etc/resolve.conf file from docker container refers to? Please help me out to understand more on this.
In my Fedora 32 machine DNS is working better. DNS lookup is working when ping google.com.
PING google.com (172.217.160.174) 56(84) bytes of data.
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=1 ttl=117 time=41.5 ms
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=2 ttl=117 time=47.2 ms
I build following simple docker image using default bridge network. (I need bridge network. My issue is working when i using host network. And DockerImage will have more commands)
FROM tailor/docker-libvips:node-10.9
docker build --tag dinuka/video-file-service-test-sandbox:node-10.9 .
docker run -dit --name video-test-1 dinuka/video-file-service-test-sandbox:node-10.9
I have logged to the container using following command.
docker attach video-test-1
After that i have tried to ping an IP. It is success.
/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=42.5 ms
But it is not working to domain
/# ping google.com
ping: google.com: Temporary failure in name resolution
The container DNS is correct. It is same as my machine name server.
/# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
My machine OS is Fedora 32. I have disable selinux and firewalld. I have tried many solutions in stackoverflow. But any can't solve this.
You need to manually add masquerading to the network interface:
ZONE=$(sudo firewall-cmd --get-zone-of-interface=<internet facing interface>)
sudo firewall-cmd --zone=$ZONE --add-masquerade --permanent success
sudo firewall-cmd --reload success
sudo systemctl restart docker
Question
I'm using docker 19.03.9, on Ubuntu 18.04; docker daemon is configured to start automatically.
When I connect to my employer VPN, docker DNS configuration is not updated, unless I restart the docker daemon.
Is there a way to update automatically docker DNS configuration when host DNS configuration is changing?
Investigation
My scenario: I want to ping a server inside my company network (let's say server.mycompany.com) from home. I'm trying to ping it from my host (laptop running Ubuntu), and then from inside a container on my host
Note: all IP addresses are masked in examples below
I've created a small docker image to test my scenario:
FROM ubuntu:18.04
RUN apt-get update \
&& apt-get install -yqq iputils-ping
CMD cat /etc/resolv.conf \
&& echo \
&& ping -c 2 server.mycompany.com
Then I've built this image: docker build -t test_dns .
1- test without VPN connection
In a terminal on my Ubuntu laptop, I execute the 3 commands below:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search home
$ ping server.mycompany.com
ping: server.mycompany.com: Name or service not known
$ docker run test_dns
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 192.168.xxx.xxx
nameserver 198.235.yyy.yyy
search home
ping: server.mycompany.com: Name or service not known
As expected, server.mycompany.com can not be resolved and is not reachable (neither from my host nor from a container)
Note that:
192.168.xxx.xxx is my wifi router IP address
198.235.yyy.yyy is my ISP DNS server address
2- After connecting to my company VPN
Once connected to mycompany VPN, I execute the 3 same commands:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 10.xxx.xxx.xxx
nameserver 10.yyy.yyy.yyy
nameserver 10.zzz.zzz.zzz
nameserver 127.0.0.53
search mycompany.com mycompany-other-domain.com home
$ ping -c 2 server.mycompany.com
PING server.mycompany.com (10.sss.sss.sss) 56(84) bytes of data.
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=1 ttl=120 time=15.6 ms
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=2 ttl=120 time=16.4 ms
--- server.mycompany.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 15.681/16.058/16.435/0.377 ms
$ docker run test_dns
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 192.168.xxx.xxx
nameserver 198.235.yyy.yyy
search home
ping: server.mycompany.com: Name or service not known
on my host:
Connecting to mycompany VPN has updated DNS configuration: we can see mycompany 3 private DNS servers (10.xxx.xxx.xxx, 10.yyy.yyy.yyy and 10.zzz.zzz.zzz)
As expected, server.mycompany.com is resolved and reached by my ping request
in a container:
Docker is still using previous DNS configuration. It was not updated with host DNS changes (when connecting to VPN).
Is there a way to make docker update its DNS configuration automatically (when it changes on host)?
3- Restarting docker daemon (still connected to my company VPN)
I restart docker daemon: sudo service docker restart
Then I execute the 3 same commands again:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 10.xxx.xxx.xxx
nameserver 10.yyy.yyy.yyy
nameserver 10.zzz.zzz.zzz
nameserver 127.0.0.53
search mycompany.com mycompany-other-domain.com home
$ ping -c 2 server.mycompany.com
PING server.mycompany.com (10.sss.sss.sss) 56(84) bytes of data.
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=1 ttl=120 time=23.3 ms
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=2 ttl=120 time=11.7 ms
--- server.mycompany.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 11.786/17.551/23.317/5.767 ms
$ docker run test_dns
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 10.xxx.xxx.xxx
nameserver 10.yyy.yyy.yyy
nameserver 10.zzz.zzz.zzz
search mycompany.com mycompany-other-domain.com home
PING server.mycompany.com (10.sss.sss.sss) 56(84) bytes of data.
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=1 ttl=119 time=11.5 ms
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=2 ttl=119 time=10.7 ms
--- server.mycompany.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 10.750/11.159/11.569/0.422 ms
on my host: still working perfectly: server.mycompany.com is still resolved and reachable
in a container: docker DNS configuration now uses mycompany VPN settings; server.mycompany.com is now resolved and reached by my ping request inside any docker container.
4- Disconnect from my company VPN
I disconnect from mycompany VPN, and execute the 3 same commands again:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 127.0.0.53
search home
$ ping -c 2 server.mycompany.com
ping: server.mycompany.com: Name or service not known
$ docker run test_dns
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
search home
nameserver 8.8.8.8
nameserver 8.8.4.4
ping: server.mycompany.com: Name or service not known
on my host: exact same behavior as it was at step 1: I'm outside mycompany network, an thus server.mycompany.com can neither be resolved nor reached
in a container: this time, DNS configuration has been automatically updated to use Google public DNS servers. server.mycompany.com can neither be resolved nor reached (as expected)
5- Connect again to my company VPN
I connect again to mycompany VPN, and execute the 3 same commands again:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 10.xxx.xxx.xxx
nameserver 10.yyy.yyy.yyy
nameserver 10.zzz.zzz.zzz
nameserver 127.0.0.53
search mycompany.com mycompany-other-domain.com home
$ ping -c 2 server.mycompany.com
PING server.mycompany.com (10.sss.sss.sss) 56(84) bytes of data.
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=1 ttl=120 time=20.5 ms
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=2 ttl=120 time=12.3 ms
--- server.mycompany.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 12.308/16.442/20.577/4.136 ms
$ docker run test_dns
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
nameserver 10.xxx.xxx.xxx
nameserver 10.yyy.yyy.yyy
nameserver 10.zzz.zzz.zzz
search mycompany.com mycompany-other-domain.com home
PING server.mycompany.com (10.sss.sss.sss) 56(84) bytes of data.
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=1 ttl=119 time=13.2 ms
64 bytes from 10.sss.sss.sss (10.sss.sss.sss): icmp_seq=2 ttl=119 time=14.3 ms
--- server.mycompany.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.257/13.791/14.325/0.534 ms
on my host: DNS configuration has been changed when connecting again to VPN; thus server.mycompany.com can be resolved and reached again
in a container: this time, DNS configuration has been automatically updated to use mycompany DNS servers!! server.mycompany.com can be resolved and reached.
6- Conclusion and questions:
Why docker is behaving differently in steps 2 and 5 ? What does make these steps different?
Is there a way to make docker update its DNS configuration automatically in step 2?
Is this a bug in docker daemon?
Stop docker service: sudo systemctl stop docker (or if you have docker installed via snap: sudo snap stop docker)
Restart systemd-resolved: sudo service systemd-resolved restart
Start docker service again: sudo systemctl start docker (or snap: sudo snap start docker).
I'm on Ubuntu 20.04 and tried everything (from adding docker dns arguments in DOCKER_OPTS to deleting the docker0 network interface and re-creating) but what ended up finally solving it though was the above steps.
After that hostnames that could only be resolved behind the VPN I connect to were being resolved inside docker containers running and during the docker build step.
I have a CentOS 7 host on which I am running Docker. When I do a ping from my host to 8.8.8.8, ping was successful whereas same inside a docker container is not working.
From Host
[root#linux1 ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=31.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=31.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.592/31.617/31.643/0.179 ms
From Docker Container (I am using basic ubuntu image):
[root#linux1 ~]# docker run ubuntu ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable
From 172.17.0.1 icmp_seq=4 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5000ms
pipe 4
Any suggestions would be helpful. Thanks
Restart the Docker daemon on Debian9
service docker restart
and the connections and networks works fine
Recently I faced a similar network issue. The other answers here didn't help: DNS was working fine and restarting Docker wouldn't change a thing. I've found that specifying the network as host solved it.
There are three ways of doing it:
In docker-compose:
By setting network_mode in the yaml file:
services:
worker:
build: .
network_mode: host
In the image building stage for RUN commands:
docker build --network=host
In the execution stage for the application:
docker run --network=host <image>
Try this:
docker run --dns=8.8.8.8 -it ubuntu ping 8.8.8.8
Ref: DOCKER DNS
I figured out the issue. It is not an issue with the DNS but an issue with the network connection itself inside Docker containers. Drilled down the issue is the default IP assigned to docker0 interface, which conflicted with my network address. Forced docker daemon to assign an IP so that it won't conflict and my issue is resolved.
Thanks
I had the same issue when stop and start container separately. I have just rebuild and re up containers.
docker-compose down
docker-compose build
docker-compose up -d
And then problem gone.