resolv.conf generation disregards static config when 127.0.0.53 is found #49903
Description
Description
When setting up docker with a daemon.json with a dns entry the expectation is that those dns values are always used. Even though I have such a config in place, the docker service uses /run/systemd/resolve/resolv.conf anyway.
In my case, when working over a VPN a split tunnel setup is used. As /run/systemd/resolve/resolve.conf only contains the DNS servers of the default route that means I can't resolve any names from the VPN namespace.
Reproduce
/etd/docker/daemon.json:
{
"dns": [
"private-dns-1",
"private-dns-2",
"8.8.8.8"
]
}
/etc/resolv.conf:
nameserver 127.0.0.53
Even though the dns entry is in place I get this in the journal when starting the docker service:
msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
When running a docker build I can confirm this by having a:
RUN wget private-name
in the Dockerfile which cannot be reached when doing a docker build
Another way to reproduce is to run any docker image interactively and cat /etc/resolv.conf in it. Instead of the expected nameservers from daemon.json the ones from /run/systemd/resolve/resolv.conf are there.
Expected behavior
When daemon.json has a valid dns entry, that should be used regardless of content in /etc/resolv.conf
docker version
Client: Docker Engine - Community
Version: 28.1.1
API version: 1.49
Go version: go1.23.8
Git commit: 4eba377
Built: Fri Apr 18 09:52:14 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.1.1
API version: 1.49 (minimum version 1.24)
Go version: go1.23.8
Git commit: 01f442b
Built: Fri Apr 18 09:52:14 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.27
GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da
runc:
Version: 1.2.5
GitCommit: v1.2.5-0-g59923ef
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client: Docker Engine - Community
Version: 28.1.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.23.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.35.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 129
Running: 0
Paused: 0
Stopped: 129
Images: 362
Server Version: 28.1.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
runc version: v1.2.5-0-g59923ef
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.11.0-24-generic
Operating System: Ubuntu 24.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 31.06GiB
Name: REDACTED
ID: 45e7693a-54ac-4841-a123-8eab2cd5b4f3
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Registry Mirrors:
REDACTED
Live Restore Enabled: falseAdditional Info
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.2 LTS
Release: 24.04
Codename: noble
$ uname -r
6.11.0-24-generic