Issues with resolving specific domain names (github.com) in Docker with Alpine Linux

[bobwilkinson20]

• [x] This is a bug report
• [ ] This is a feature request
• [x] I searched existing issues before opening this one

Expected behavior

github.com should be reachable for use via git, ping, etc.

Actual behavior

github.com resolves successfully in dig and nslookup (although it appears there may be 2 responses - one non-authoritative and successful, and another that returns NXDOMAIN), but ping reports 'bad address' and git reports 'Could not resolve host'. Note that the issue is seemingly only occurring for github.com - I tried numerous other public domains (google.com, yahoo.com, etc.) and none showed the issue. There is no configuration specific to github.com in /etc/hosts on either container or host (see those and other details below).

The only workaround for the underlying resolver issue I have found after much trial and error is replacing the default docker resolver (127.0.0.11) in the container /etc/resolv.conf with an external resolver such as 8.8.8.8 but that has other obvious consequences. Adding github.com to /etc/hosts on the container also works around the issue.

Note that this flux issue appears quite similar in the observed behavior. One of the resolution comments mentions something about CloudFlare but it's hard to see that would relate here.

Steps to reproduce the behavior

Output of docker version:

Client: Docker Engine - Community
 Cloud integration: 1.0.2
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 16:58:31 2020
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:07:04 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker info:

Client:
 Debug Mode: false
 Plugins:
  scan: Docker Scan (Docker Inc., v0.3.4)

Server:
 Containers: 26
  Running: 6
  Paused: 0
  Stopped: 20
 Images: 249
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.4.39-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 6
 Total Memory: 1.941GiB
 Name: docker-desktop
 ID: M4KY:35JE:UNJE:WWK4:UCNL:AU6M:APHY:KFJY:KV6L:JPUZ:OYOC:V4IU
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: gateway.docker.internal:3128
 HTTPS Proxy: gateway.docker.internal:3129
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Additional environment details (AWS, VirtualBox, physical, etc.) Container: Alpine Linux v3.13 Host: MacOS 10.15.7

container /etc/resolv.conf:

nameserver 127.0.0.11
options ndots:0

container /etc/hosts:

127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.19.0.6  f64c0e0ba97b

container /etc/nsswitch.conf:

hosts: files dns

host /etc/resolv.conf:

domain hsd1.wa.comcast.net
nameserver 8.8.8.8

Output of ping github.com from container:

ping: bad address 'github.com'

Output of nslookup github.com from container:

Server:     127.0.0.11
Address:    127.0.0.11#53

Non-authoritative answer:
Name:   github.com
Address: 192.30.255.113
** server can't find github.com: NXDOMAIN

Output of dig github.com from container:

; <<>> DiG 9.16.11 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30329
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;github.com.            IN  A

;; ANSWER SECTION:
github.com.     75  IN  A   192.30.255.113

;; Query time: 2 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Sun Mar 14 21:47:52 UTC 2021
;; MSG SIZE  rcvd: 44

[paullegrand]

I had almost the exact same issue on Docker for Mac. I could ping api.github.com and github.com fine on my host, but when ran in the container, it returned ping: bad address 'github.com'

nslookup's error was ** server can't find github.com: NXDOMAIN

I was previously on Docker 2.5.0.1, and updating to the latest Docker for Mac resolved the issue

[bernardwiesner]

same issue as @paullegrand

Seems like an issue in combination with Docker Desktop for mac and the alpine version. After updating docker desktop, I could ping github.com again.

[yodahuang]

I observe the same issue, but not on Mac. I'm on Synology's NAS, DS 920+, which is a highly customized Linux distro. Output of docker version:

Client:
 Version:           20.10.3
 API version:       1.41
 Go version:        go1.15.6
 Git commit:        b455053
 Built:             Mon Jun 21 02:03:40 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.3
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.15.6
  Git commit:       a3bc36f
  Built:            Mon Jun 21 02:05:07 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.4.3
  GitCommit:        ea3508454ff2268c32720eb4d2fc9816d6f75f88
 runc:
  Version:          v1.0.0-rc93
  GitCommit:        31cc25f16f5eba4d0f53e35374532873744f4b31
 docker-init:
  Version:          0.19.0
  GitCommit:        **ed96d00**