search

docker / for-win

Bug reports for Docker Desktop for Windows
https://www.docker.com/products/docker#/windows
1.85k stars 287 forks source link

Cannot perform reverse DNS lookups within containers on Windows WSL2 #13681

Open Bilge opened 1 year ago

Bilge commented 1 year ago

Description

This issue is a repost of #10876 in its entirety, with the addition of reproduction steps, because it was closed prematurely but is still relevant today.

I've been developing on remote Docker on Linux installations for a while now. Recently I've been transitioning to local development on my Windows desktop. One thing I noticed right away is that reverse DNS lookups in containers on Docker Desktop for Windows appear to be broken:

# In a Debian WSL2 terminal:
$  docker run -it --rm alpine ash
/ # apk update && apk add bind-tools
...

# Using the container's DNS server doesn't work:
/ # dig -x 8.8.8.8

; <<>> DiG 9.16.11 <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18337
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.          IN      PTR

;; Query time: 0 msec
;; SERVER: 192.168.65.5#53(192.168.65.5)
;; WHEN: Fri Apr 09 04:55:23 UTC 2021
;; MSG SIZE  rcvd: 38

# Querying the authoritative nameserver directly works:
/ # dig @ns1.google.com -x 8.8.8.8

; <<>> DiG 9.16.11 <<>> @ns1.google.com -x 8.8.8.8
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28072
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.          IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.   86400   IN      PTR     dns.google.

;; Query time: 40 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Fri Apr 09 04:58:44 UTC 2021
;; MSG SIZE  rcvd: 73

# Querying my local DNS server directly works:
/ # dig @192.168.80.2 -x 8.8.8.8

; <<>> DiG 9.16.11 <<>> @192.168.80.2 -x 8.8.8.8
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3180
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.          IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.   64339   IN      PTR     dns.google.

;; Query time: 0 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Fri Apr 09 05:37:03 UTC 2021
;; MSG SIZE  rcvd: 73

# Forward resolution works:
/ # dig dns.google

; <<>> DiG 9.16.11 <<>> dns.google
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53491
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dns.google.                    IN      A

;; ANSWER SECTION:
dns.google.             592     IN      A       8.8.4.4
dns.google.             592     IN      A       8.8.8.8

;; Query time: 30 msec
;; SERVER: 192.168.65.5#53(192.168.65.5)
;; WHEN: Fri Apr 09 05:09:48 UTC 2021
;; MSG SIZE  rcvd: 60

I've tried several different IP addresses and container images all with the same result.

Reverse lookups work from the Debian WSL2 host. This all works inside containers on my Docker on Linux installations as well.

DNS resolution inside containers on Windows appears to be working as expected otherwise. The only thing not working is reverse lookups.

Reproduce

  1. docker run --rm alpine nslookup 8.8.8.8

Expected behavior

Should be able to perform reverse DNS lookups in a container on Windows.

docker version

Client: Docker Engine - Community
 Cloud integration: v1.0.35-desktop+001
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:35:45 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Desktop
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:35:45 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    24.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /usr/local/lib/docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /usr/local/lib/docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-scout

Server:
 Containers: 4
  Running: 3
  Paused: 0
  Stopped: 1
 Images: 11
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
 Kernel Version: 5.15.90.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.67GiB
 Name: docker-desktop
 ID: 42b4a95e-46d9-4d39-b1ba-492047c9030f
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Diagnostics ID

C0FD2EB2-C125-4336-BA42-1881A5BDFA74/20230914134311

Additional Info

No response

chaitanyawho commented 7 months ago

I'm facing the same issue.

Docker version 25.0.2, build 29cf629 Image: ubuntu:24.04 Host OS: Windows 11 22H2 with WSL 2 backend

Are there any workarounds?

qujck commented 2 months ago

any news on this as it's impacting me too?

Docker version: 4.31.1 (153621) Image: Ubuntu 22.04 Host OS: Windows 11 Pro 23H2

Jacob-Gray commented 2 months ago

A workaround is to configure the DNS server for the container to use, ie docker run --dns 8.8.8.8 --rm alpine nslookup 8.8.8.8 or

services:
  my_service:
    dns:
      - 8.8.8.8

in a compose file.

This would sometimes break host.docker.internal for me, so you have to manually add it as a host:

services:
  my_service:
    dns:
      - 8.8.8.8
    extra_hosts:
      - host.docker.internal:host-gateway