Unable to pull images from docker.io registry even after successful login (`dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout`)

[amantur]

I am trying to run nerdctl inside WSL 2 (Ubuntu 20.04). Everything is setup and running (following this guide: https://medium.com/geekculture/move-away-from-docker-now-and-utilize-wsl2-systemd-genie-containerd-with-nerdctl-d5f729dcf227). But I ran into problems when trying to pull any images.

nerdctl run -d httpd
docker.io/library/httpd:latest: resolving      |--------------------------------------|
elapsed: 9.9 s                  total:   0.0 B (0.0 B/s)
INFO[0010] trying next host                              
     error="failed to do request: Head \"https://registry-1.docker.io/v2/library/httpd/manifests/latest\": 
           dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: 
           read udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout" host=registry-1.docker.io
FATA[0010] failed to resolve reference "docker.io/library/httpd:latest": failed to do request: 
      Head "https://registry-1.docker.io/v2/library/httpd/manifests/latest": 
      dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read 
      udp 10.0.2.100:47063->10.0.2.3:53: i/o timeout

I have performed successful login using nerdctl login --username <myuser> --password <mypwd> docker.io

How can I fix this?

---

nerdctl:

nerdctl version Client: Version: v0.15.0 Git commit: b72b5ca14550b2e23a42787664b6182524c5053f

Server: containerd: Version: v1.5.8 GitCommit: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71

Containerd:

containerd --version containerd github.com/containerd/containerd v1.5.8 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71

OS:

Edition Windows 11 Pro Version 21H2 OS build 22000.376 Experience Windows Feature Experience Pack 1000.22000.376.0

WSL 2 Kernel (Ubuntu 20.04)

uname -r 5.10.60.1-microsoft-standard-WSL2

PS: I tried the following:

nerdctl --debug-full login DEBU[0000] attempting v2 login to registry endpoint https://registry-1.docker.io/v2/ Login Succeeded

and just after that it still fails with same error.

[AkihiroSuda]

Perhaps a duplicate of https://github.com/containerd/nerdctl/issues/622 , but not sure. (#622 only happens occasionally on CirrusCI)

Workaround: sudo nerdctl

[AkihiroSuda]

Another potential workaround: enter the rootlesskit namespaces with containerd-rootless-setuptool.sh nsenter bash, and vi /etc/resolv.conf to use an alternative DNS such as 8.8.8.8

[amantur]

Thanks for tagging and replying @AkihiroSuda. It is not a connectivity issue.

[AkihiroSuda]

slirp4netns process might have been killed accidentally, or you might have too old (< 0.4.0) slirp4netns in the $PATH?

[bmurphey]

I was having this same issue (although without attempting to log in), and changing the DNS resolver fixed it. Happy to help troubleshoot in any way I can.

nerdctl version 0.16.1
containerd github.com/containerd/containerd v1.5.9 1407cab509ff0d96baa4f0eb6ff9980270e6e620
uname -r: 5.10.16.3-microsoft-standard-WSL2

[amantur]

well, it was not dns, I would not be able to login if DNS is not working.

[navels]

I'm having the same problem with (co)lima but only with >2 cpus: https://github.com/abiosoft/colima/issues/137

[JuanTorchia]

I was having the same problem and I solved it by restarting the daemon of docker

[licryle]

I'm new to Docker, and I had the same TCP I/O error (not using nerdctl though). It turns out virtualization was off in the BIOS and Docker Desktop would stay stuck at starting. The TCP error was a red herring of the underlying virtualization crashing. Leaving that here if someone ever run into this use case.

[sakthisunda]

Check if UDP port for 10.0.2.3:53 is blocked by firewall (likely) set in your setup. If yes, it will work after unblocking and remove/recreate the pod

[yaroslawww]

I was having the same problem and I solved it by restarting the daemon of docker

On debian based OS to restart docker you can run: sudo systemctl restart docker