Docker and DNS
- Last modified: tis okt 22, 2019 02:29
- Sign: JN
- Tested on: Xubuntu 18.04
- Solved: Yes
Can't access internet from within a docker container started on a computer behind the NRM firewall.
Specify an address to a NRM DNS server at run time.
Basically, the file /etc/resolv.conf is copied in to the docker container
when started, and if the settings there doesn't work, your container can't
access internet (DNS lookups will fail).
On Ubuntu 18.04, the /etc/resolv.conf file is generated by systemd-resolved
and will default to a "local DNS cache" 127.0.0.53, which will not work
inside a container. Docker then changes the default DNS addresses to Googles
DNS servers (8.8.8.8), which access appear to be blocked by the NRM firewall.
One workaround is to specify an IP to a NRM DNS server when running docker. For example:
$ docker run --dns 172.16.0.5 -it debian:sid /bin/bash
The DNS address(es) currently in use can be found by running, e.g.,
systemd-resolve --status, or nmcli device show eth0 | grep IP4.DNS (you might have to change eth0 to the name of your active
network device -- which can be found by, e.g., nmcli dev status.)
There are potentially other ways of making sure docker sees the NRM DNS addresses (see https://stackoverflow.com/questions/20430371/my-docker-container-has-no-internet), but I haven't settled with a long-term, stable, solution.
For detailed information on this issue, see the Docker documentation on https://docs.docker.com/v17.09/engine/installation/linux/linux-postinstall/#ip-forwarding-problems
Description on a working solution is most welcome.
