Ytdyklly

I have dnsmasq running in the host, and I want the docker containers to use that, instead of the default Google servers (8.8.8.8)

My host /etc/resolv.conf looks as follows:

» cat /etc/resolv.conf 

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 127.0.0.1

search mydomain.net

And the container's /etc/resolv.conf looks as follows:

root@ubuntu:/# cat /etc/resolv.conf 

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

search mydomain.net



nameserver 8.8.8.8

nameserver 8.8.4.4

It seems that docker is reusing the host's /etc/resolv.conf but discarding the 127.0.0.1 entry, and instead adding Google's nameservers.

I have tried adding a dns entry referring to the docker0 interface:

» ifconfig docker0

docker0   Link encap:Ethernet  HWaddr 02:42:8e:65:b0:88  

          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0

          inet6 addr: fe80::42:8eff:fe65:b088/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:55824 errors:0 dropped:0 overruns:0 frame:0

          TX packets:74365 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:15702804 (15.7 MB)  TX bytes:60639605 (60.6 MB)

As follows:

docker run 

    -it 

    --name ubuntu.bionic 

    --restart always 

    --dns 172.17.0.1 

    ubuntu:bionic

But dns is not working:

root@ubuntu:/# apt-get update

Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease        

  Temporary failure resolving 'security.ubuntu.com'

How can I dell a docker container to use the dns server in the host system?

EDIT

It seems that I need to tell dnsmasq to bind to the docker0 interface:

listen-address=127.0.0.1,172.17.0.1

I still do not like that I need to give the IP address of the docker0 interface twice, once for the docker run command for each container that I want to create, and also for the dnsmasq configuration.

EDIT2

I can tell docker to use by default my local DNS server (which is runninng in a container, and reachable to the other containers in the docker0 interface: 172.17.0.1):

» sudo cat /etc/docker/daemon.json

{

    "dns": ["172.17.0.1", "8.8.8.8"]

}

And then restart the docker daemon:

sudo service docker restart

I am still somewhat worried that docker could decide to change the IP address of the docker0 interface, and I will be forced to reconfigure docker and dnsmasq, and rebuild the containers.

You can use the host's local DNS resolver (e.g. dnsmasq) from your Docker containers if they are on a user defined network. In that case a container's /etc/resolv.conf will have the nameserver 127.0.0.11 (a.k.a. the Docker's embedded DNS server), which can forward DNS requests to the host's loopback address properly.

$ cat /etc/resolv.conf

nameserver 127.0.0.1

$ docker run --rm alpine cat /etc/resolv.conf

nameserver 8.8.8.8

nameserver 8.8.4.4

$ docker network create demo

557079c79ddf6be7d6def935fa0c1c3c8290a0db4649c4679b84f6363e3dd9a0

$ docker run --rm --net demo alpine cat /etc/resolv.conf

nameserver 127.0.0.11

options ndots:0    

If you use docker-compose, it will set up a custom network for your services automatically (with a file format v2+). Note, however, that while docker-compose runs containers in a user-defined network, it still builds them in the default network. To use a custom network for builds you can specify the network parameter in the build configuration (requires file format v3.4+).