docker / for-linux

Docker Engine for Linux
https://docs.docker.com/engine/installation/
756 stars 86 forks source link

Container should use the same dns as the host. #341

Open runephilosof opened 6 years ago

runephilosof commented 6 years ago

Expected behavior

$ host non-public.dns.name # should output ip from private dns $ tcpdump port domain # on the host Should show the container querying the same dns server as the host would do.

Actual behavior

$ host non-public.dns.name # outputs ip from public dns (or not found if only available in private). $ tcpdump port domain # on the host Shows the container querying 8.8.8.8

Steps to reproduce the behavior

On AWS:

Output of docker version:

Client:
 Version:   17.12.1-ce
 API version:   1.35
 Go version:    go1.10.1
 Git commit:    7390fc6
 Built: Wed Apr 18 01:23:11 2018
 OS/Arch:   linux/amd64

Server:
 Engine:
  Version:  17.12.1-ce
  API version:  1.35 (minimum version 1.12)
  Go version:   go1.10.1
  Git commit:   7390fc6
  Built:    Wed Feb 28 17:46:05 2018
  OS/Arch:  linux/amd64
  Experimental: false

Output of docker info:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 2
Server Version: 17.12.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: v0.13.0 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-1010-aws
Operating System: Ubuntu 18.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 479.9MiB
Name: ip-172-30-1-73
ID: RGL6:J4TK:53R4:LQ2Q:V2TY:RQQZ:ZXWH:HRJC:5HVH:7WVK:7PIH:ZTM7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.)

On AWS EC2 with an Ubuntu 18.04 the /etc/resolv.conf looks similar to:

:~$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
search eu-west-1.compute.internal

Running systemd-resolve --status gives:

:~$ systemd-resolve --status
Global
         DNS Servers: 172.30.0.2
...more...

When I create a docker container and queries dns it goes directly to 8.8.8.8. Instead, it should use the same dns server as the host.

On one of my hosts: If I edit the /etc/resolv.conf on the host to contain nameserver 172.30.0.2, it starts working as expected. Docker should recognize this by itself.

But on the host I just created to test my steps to replicate it doesn't help to change the /etc/resolv.conf, on that host the /etc/resolv.conf is reverted to 127.0.0.53 when I run the container.

karbica commented 6 years ago

+1

tomekit commented 6 years ago

Temporary solution is to run container in the --net=host network. https://stackoverflow.com/a/43314989/2263395

EDIT: One of the Github users added this as a solution, however he deleted his comments, not sure if this works though:

a better solution than @tomekit's would be to use --dns 172.30.0.2

oliver-dungey commented 5 years ago

I've just bumped into this issue using AWS ECS EC2 using Windows Server 2016 (that's a lot of context acronyms!). The Docker host DNS setup is all correct and resolves Route53 names (DNS + DNS search suffix), the containers have an extra stray DNS entry (the Docker host) that will resolve public names but not Route53 private zones.

Here is the container network config:

PS C:\ssp> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 3522fe3b78c6
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : services-dev.local        <------- CORRECT

Ethernet adapter vEthernet (Container NIC afe9c470):

   Connection-specific DNS Suffix  . : services-dev.local        <------ CORRECT
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
   Physical Address. . . . . . . . . : 00-15-5D-84-EB-FD
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d850:2564:2392:7ff9%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.18.124.89(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.18.112.1
   DNS Servers . . . . . . . . . . . : 172.18.112.1 <--- WRONG, this is the Docker host
                                       10.0.0.2     <------ CORRECT
   NetBIOS over Tcpip. . . . . . . . : Disabled

Strangely most network tools work with this configuration except for nslookup, the one I was using! The standard install of Windows nslookup. ping, Test-NetConnection and Resolve-DnsName all work fine (although I'm not quite sure how).

ghost commented 4 years ago

+1