Docker should use the host network DNS server #23910
Description
Summary
In networks where external DNS servers are blocked, Docker containers running on Ubuntu hosts can't resolve DNS at all because they are trying to use 8.8.8.8 as their DNS server. Docker should detect the network DNS server.
Detail
When spinning up a container, Docker will by default check for a DNS server defined in /etc/resolv.conf in the host OS, and if it doesn't find one, or finds only 127.0.0.1, will opt to use Google's public DNS server 8.8.8.8.
My development machine is running Ubuntu 16.04 which uses dnsmasq by default, so /etc/resolv.conf is always set to 127.0.0.1, even though it is usually actually getting its DNS settings from whatever network its connected to:
$ cat /etc/resolv.conf | grep nameserver # What Docker sees
nameserver 127.0.1.1
$ nmcli dev show | grep IP4.DNS # My actual DNS server
IP4.DNS[1]: 10.1.1.3
and so Docker containers always default to using 8.8.8.8 rather than using the same DNS server as the host OS.
In my office network external DNS servers are blocked, and so me and my whole team are finding docker containers failing with obscure errors which result from failing to resolve DNS.
There is a workaround, which I help walk all my team members through so they can still use Docker. Although it's frustrating that whenever Docker gets updated, it seems the daemon config file is overwritten and we have to implement the fix all over again. This is less of a problem for me, but is causing significant trouble for our less systems-focused developers.
Is there any hope that Docker might be able to intelligently pick up the network's DNS server in the future?
Steps to reproduce the issue
- Use a host OS that makes use of
dnsmasq(e.g. Ubuntu since12.04) - Connect to a network that blocks access to external DNS servers like
8.8.8.8 - Try to resolve DNS with Docker (
docker run busybox nslookup google.com)
What I get
$ docker run busybox nslookup google.com
Server: 8.8.8.8
Address 1: 8.8.8.8
nslookup: can't resolve 'google.com'
What I expected
$ docker run busybox nslookup google.com
Server: 10.1.1.3
Address 1: 10.1.1.3
Name: google.com
Address 1: 2a00:1450:4009:811::200e lhr26s02-in-x200e.1e100.net
Address 2: 216.58.198.174 lhr25s10-in-f14.1e100.net
System information
I'm running Xenial natively on a Dell XPS 13 9350.
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
UBUNTU_CODENAME=xenial
$ docker version
Client:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Tue Apr 26 23:43:49 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Tue Apr 26 23:43:49 2016
OS/Arch: linux/amd64
$ docker info
Containers: 61
Running: 3
Paused: 0
Stopped: 58
Images: 421
Server Version: 1.11.1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 441
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.0-24-generic
Operating System: Ubuntu 16.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.54 GiB
Name: xps
ID: G4MN:GTXD:4KZP:PTZC:DBYK:WOLA:R3GF:TKLW:ZOOX:NXZT:ALNG:F22D
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): false
Username: nottrobin
Registry: https://index.docker.io/v1/
WARNING: No swap limit support