Open cnsquare opened 2 months ago
You may try removing the default nameserver
and add a public DNS server into the /etc/resolv.conf
, like: nameserver 1.1.1.1
/tmp # cat /etc/resolv.conf
## Generated by Docker Engine.
`This` file can be edited; Docker Engine will not make further changes once it has been modified.
nameserver 1.1.1.1
# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: []
Still doesn't work. nslookup and ping failed
/tmp # nslookup google.com
;; connection timed out; no servers could be reached
/tmp # ping google.com
ping: bad address 'google.com'
Looks like a Docker setup issue.
Can you ping 1.1.1.1
? What about nslookup www.google.com 1.1.1.1
?
On what system are you running Docker ?
Ping works, but nslookup fails. I am running Debian 12 (bookworm)
/tmp # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=58 time=6.545 ms
64 bytes from 1.1.1.1: seq=1 ttl=58 time=7.014 ms
64 bytes from 1.1.1.1: seq=2 ttl=58 time=5.926 ms
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5.926/6.495/7.014 ms
/tmp # nslookup www.google.com 1.1.1.1
;; connection timed out; no servers could be reached
Do you have any firewall running (on the machine or the network) that might affect DNS traffic ?
It's related to running this image on Debian. I launched an Ubuntu server and spawned up this image, and the DNS is functioning properly. When I went back to the Debian server and ran a standard Alpine image, the DNS problem persisted
DNS works on image jlesage/firefox:v1.17.1 but not on any newer tags.
root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v22.10.2 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v22.10.2' locally
v22.10.2: Pulling from jlesage/firefox
213ec9aee27d: Already exists
4f4fb700ef54: Pull complete
0aea5b1c4f9a: Already exists
887681b33af1: Already exists
8201ac41c85a: Already exists
90d4fbb34eed: Already exists
d12017c039af: Already exists
19f20acdb4b5: Already exists
073675541289: Already exists
1247747b7f09: Pull complete
7aaee11755ca: Pull complete
4233f1bf692b: Pull complete
a0072ffaff86: Pull complete
04175379f0ae: Pull complete
5f1c83aa16bb: Pull complete
c2b2ab1d94dd: Pull complete
4506eb1fd941: Pull complete
17a0dcb57549: Pull complete
77f0cff18438: Pull complete
bc448769a119: Pull complete
489aba639253: Pull complete
c6d225597046: Pull complete
ff2c7f983f8f: Pull complete
3fceb30094b9: Pull complete
3d9985bb4d94: Pull complete
f30607339ef8: Pull complete
3a13340674d3: Pull complete
7adeb1d65f90: Pull complete
71546c29c15f: Pull complete
aabffcac20c9: Pull complete
14d33641aea6: Pull complete
eccf336b71a7: Pull complete
8564cf813727: Pull complete
f078fea79b97: Pull complete
Digest: sha256:bfca8a5d1493a690477e68788a3a048f948e5b34e14553434b0895fb4425327c
Status: Downloaded newer image for jlesage/firefox:v22.10.2
ping: bad address 'google.com'
root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v1.18.0 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v1.18.0' locally
v1.18.0: Pulling from jlesage/firefox
59bf1c3509f3: Pull complete
126d442b4d47: Pull complete
6a3bdaf3a44d: Pull complete
e5d40421cb28: Pull complete
ab9a82d47718: Pull complete
e2e0541872cc: Pull complete
ac06d5b576f5: Pull complete
e1ce9a70cf92: Pull complete
677037cc019f: Pull complete
95cb0d9e8733: Pull complete
d75d5f214ecc: Pull complete
3130042cb5fc: Pull complete
42e6d2ad6179: Pull complete
3c6293625e86: Pull complete
57e95b9d459e: Pull complete
bb327bab7e11: Pull complete
7b4dbec48c2a: Pull complete
0cc5cbede6ba: Pull complete
d38c4b230195: Pull complete
39abde921049: Pull complete
639b376ed1ba: Pull complete
368a56b0b6ee: Pull complete
1aa0e680696a: Pull complete
03d4939772cb: Pull complete
24a3ee6726d2: Pull complete
Digest: sha256:a8e75ca67f7b145d57850dcbadfe13d4bccb6ddcf90ecc5539e99d45fa596270
Status: Downloaded newer image for jlesage/firefox:v1.18.0
ping: bad address 'google.com'
root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v1.17.1 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v1.17.1' locally
v1.17.1: Pulling from jlesage/firefox
532819f3e44c: Pull complete
ae204b32d40f: Pull complete
1a5680e9f6cf: Pull complete
8bc8cd2482dd: Pull complete
07f9edd9d766: Pull complete
fcb0e57ce707: Pull complete
76e40d713c42: Pull complete
1938062d7bee: Pull complete
aa15a1f2194c: Pull complete
d9bcf3a8827f: Pull complete
fb5ea3142131: Pull complete
fb4cfbcb1d41: Pull complete
d25272dca9ff: Pull complete
6e76f3de4e93: Pull complete
d3cab8a785cf: Pull complete
227a1561b348: Pull complete
2a6beab40f77: Pull complete
498a9fc87bbe: Pull complete
d47571e23658: Pull complete
689428c9242c: Pull complete
9ad5e2271b27: Pull complete
bf25e4916ae6: Pull complete
1740370aa31d: Pull complete
1583358a0ce6: Pull complete
dddc4132ee32: Pull complete
Digest: sha256:29fed88ccfd2753cb48de4c803363a37a0e79fad4db993298fadba1be42bb2c3
Status: Downloaded newer image for jlesage/firefox:v1.17.1
PING google.com (172.253.63.138): 56 data bytes
64 bytes from 172.253.63.138: seq=0 ttl=107 time=7.064 ms
--- google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 7.064/7.064/7.064 ms
I have the same issue, running Ubuntu 22.04.4 LTS as the host VM.
(TL/DR setting dns: 1.1.1.1 in the firefox container docker compose yaml file works)
I run 4 instances of pihole on 4 machines locally as DNS servers. One of them, my main one, is in another docker container on the same host.
jlesage/firefox:v1.17.1 didn't help.
Pihole on my main DNS server is set to use the ports:
- '192.168.61.5:53:53/tcp'
- '192.168.61.5:53:53/udp'
(following https://github.com/pi-hole/docker-pi-hole/issues/1166)
which resolved a few issues I had with other docker containers, but not firefox (which might have worked previously, I don't recall)
Here is an example
sudo docker exec -ti firefox sh
/tmp # nslookup google.com Server:127.0.0.11 Address:127.0.0.11:53
;; connection timed out; no servers could be reached
/tmp # nslookup google.com 1.1.1.1 Server:1.1.1.1 Address:1.1.1.1:53
Non-authoritative answer: Name:google.com Address: 2a00:1450:4009:823::200e
Non-authoritative answer: Name:google.com Address: 216.58.212.238
It does work if I use the IP address of my pihole!
/tmp # nslookup google.com 192.168.61.5 Server:192.168.61.5 Address:192.168.61.5:53
Non-authoritative answer: Name:google.com Address: 216.58.212.206
Non-authoritative answer: Name:google.com Address: 2a00:1450:4009:816::200e
If I set the dns in the firefox yaml docker compose file to 1.1.1.1 (or anything else, including 192.168.61.5), that works.
Current Behavior
DNS not working. I can't access any website with their domain name, but I can with their IP address.
I can ping 142.251.46.206 but can't ping google.com
docker exec -ti firefox sh
/tmp # cat /etc/resolv.conf Generated by Docker Engine. This file can be edited; Docker Engine will not make further changes once it has been modified. nameserver 172.30.40.83 nameserver 172.30.0.1
Based on host file: '/etc/resolv.conf' (legacy) Overrides: [] /tmp # ping google.com ping: bad address 'google.com' /tmp # ping 142.251.46.206 PING 142.251.46.206 (142.251.46.206): 56 data bytes 64 bytes from 142.251.46.206: seq=0 ttl=118 time=64.486 ms 64 bytes from 142.251.46.206: seq=1 ttl=118 time=64.713 ms 64 bytes from 142.251.46.206: seq=2 ttl=118 time=64.450 ms 64 bytes from 142.251.46.206: seq=3 ttl=118 time=64.818 ms --- 142.251.46.206 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 64.450/64.616/64.818 ms /tmp #
Expected Behavior
No response
Steps To Reproduce
No response
Environment
Container creation
Docker Image Version: 24.05.1
Container log