Tell docker to use the DNS server in the host system
I have dnsmasq running in the host, and I want the docker containers to use that, instead of the default Google servers (8.8.8.8)
My host /etc/resolv.conf looks as follows:
» cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search mydomain.netAnd the container's /etc/resolv.conf looks as follows:
root@ubuntu:/# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
search mydomain.net
nameserver 8.8.8.8
nameserver 8.8.4.4It seems that docker is reusing the host's /etc/resolv.conf but discarding the 127.0.0.1 entry, and instead adding Google's nameservers.
I have tried adding a dns entry referring to the docker0 interface:
» ifconfig docker0
docker0 Link encap:Ethernet HWaddr 02:42:8e:65:b0:88 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:8eff:fe65:b088/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:55824 errors:0 dropped:0 overruns:0 frame:0 TX packets:74365 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15702804 (15.7 MB) TX bytes:60639605 (60.6 MB)As follows:
docker run \ -it \ --name ubuntu.bionic \ --restart always \ --dns 172.17.0.1 \ ubuntu:bionicBut dns is not working:
root@ubuntu:/# apt-get update
Err:1 bionic-security InRelease Temporary failure resolving 'security.ubuntu.com'How can I dell a docker container to use the dns server in the host system?
EDIT
It seems that I need to tell dnsmasq to bind to the docker0 interface:
listen-address=127.0.0.1,172.17.0.1I still do not like that I need to give the IP address of the docker0 interface twice, once for the docker run command for each container that I want to create, and also for the dnsmasq configuration.
EDIT2
I can tell docker to use by default my local DNS server (which is runninng in a container, and reachable to the other containers in the docker0 interface: 172.17.0.1):
» sudo cat /etc/docker/daemon.json
{ "dns": ["172.17.0.1", "8.8.8.8"]
}And then restart the docker daemon:
sudo service docker restartI am still somewhat worried that docker could decide to change the IP address of the docker0 interface, and I will be forced to reconfigure docker and dnsmasq, and rebuild the containers.
1 Answer
You can use the host's local DNS resolver (e.g. dnsmasq) from your Docker containers if they are on a user defined network. In that case a container's /etc/resolv.conf will have the nameserver 127.0.0.11 (a.k.a. the Docker's embedded DNS server), which can forward DNS requests to the host's loopback address properly.
$ cat /etc/resolv.conf
nameserver 127.0.0.1
$ docker run --rm alpine cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
$ docker network create demo
557079c79ddf6be7d6def935fa0c1c3c8290a0db4649c4679b84f6363e3dd9a0
$ docker run --rm --net demo alpine cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0 If you use docker-compose, it will set up a custom network for your services automatically (with a file format v2+). Note, however, that while docker-compose runs containers in a user-defined network, it still builds them in the default network. To use a custom network for builds you can specify the network parameter in the build configuration (requires file format v3.4+).
