--dns-opt breaks resolving of external names by internal DNS server #1404
Description
- This is a bug report
- I searched existing issues before opening this one
mynetwork is a vanilla bridge network.
$ docker run --net mynetwork -it ubuntu:focal bash
root@4aa270323fd5:/# cat /etc/resolv.conf
search local
nameserver 127.0.0.11
options edns0 trust-ad ndots:0
root@4aa270323fd5:/# apt update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:3 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [876 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
With some --dns-opt:
$ docker run --net mynetwork --dns-opt attempts:10 -it ubuntu:focal bash
root@6f38ca654cef:/# apt update
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]^C
root@6f38ca654cef:/# cat /etc/resolv.conf
search local
nameserver 127.0.0.11
options attempts:10 ndots:0
root@6f38ca654cef:/# apt update
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]^C
Trying to replace resolv.conf with "working" configuration:
$ docker run --net mynetwork --dns-opt attempts:10 -it ubuntu:focal bash
root@9c0efdf32f40:/# echo "search local
> nameserver 127.0.0.11
> options edns0 trust-ad ndots:0
> " > /etc/resolv.conf
root@9c0efdf32f40:/# apt update
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]
0% [Connecting to archive.ubuntu.com] [Connecting to security.ubuntu.com]^C
On the Internet, people generally tend to think out some ugly workarounds, like here:
I managed to solve this issue in a different way. I joined the containers that had problems with DNS resolution to the docker network of the adguard container and specified the IP-adress of the adguard container as the DNS server for these containers.
$ docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:54:09 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:16 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
$ docker inspect mynetwork
[
{
"Name": "mynetwork",
"Id": "141a8e9fcb58b44bcf65c415f882383a3e8f387d042db928997ee094e8804e80",
"Created": "2022-06-05T10:19:33.668565987+03:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4aa270323fd5dff8bfb27d3e1b08041f0890383bf028747b7e1a346e2e4c1be6": {
"Name": "suspicious_boyd",
"EndpointID": "66557136efc717ec98b1eed5c2a6b803a29cb855656ce477000f79bc03bd694f",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
$ lsb_release -a
LSB Version: core-11.1.0ubuntu2-noarch:printing-11.1.0ubuntu2-noarch:security-11.1.0ubuntu2-noarch
Distributor ID: Ubuntu
Description: Ubuntu 20.10
Release: 20.10
Codename: groovy