Skip to content

Instantly share code, notes, and snippets.

@JPvRiel

JPvRiel/ubunut_network_manager_docker_dns_workaround.md

Last active July 18, 2022 23:09
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save JPvRiel/dcb9e2866a9d0aa19042028cca3306c7 to your computer and use it in GitHub Desktop.
Save JPvRiel/dcb9e2866a9d0aa19042028cca3306c7 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu, NetworkManager and Docker DNS workaround
Raw
ubunut_network_manager_docker_dns_workaround.md

Docker issues are frequently logged for DNS resolution in containers because it doens't inhert or get values for DNS from NetworkManager which leverages a built in dnsmasq to inteligently manage DNS.

Perminant workarround

sudo bash -c "echo listen-address=$(ip -4 addr show dev docker0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') > /etc/NetworkManager/dnsmasq.d/docker-bridge"
sudo systemctl reload NetworkManager
sudo bash -c 'echo -e "{\n\t\"dns\": [\"$(ip -4 addr show dev docker0 | grep -oP "(?<=inet\s)\d+(\.\d+){3}")\"]\n}" > /etc/docker/daemon.json'
sudo systemctl restart docker

Note:

  • makes dnsmasq plugin for network manager listen on the host's docker bridge interface
  • adds (clobbers!) the daemon.json - take care, could overwrite other customisations you already have there...

Per run workarround

The bash one liner below generates the dns attributes needed for docker

nm_dns=$(for d in $(nmcli device show | grep -E "^IP4.DNS" | grep -oP '(\d{1,3}\.){3}\d{1,3}'); do echo -n " --dns $d"; done)
sudo -E docker run -it --rm -e http_proxy -e https_proxy -e no_proxy $nm_dns ubuntu

Ain't pretty, but works... (until they change the nmcli output format or something)

Related Issues

Related issues with docker DNS:

@metal3d
Copy link

metal3d commented Dec 5, 2018

Great ! but that's not sufficient for Fedora with firewalld.

What we need to do is to apply rules to let docker0 be able to accept dns requests. I'm using "internal" zone:

sudo firewall-cmd --add-interface=docker0 --zone=internal
sudo firewall-cmd --add-service=dns --zone=internal

# To make that permanent
sudo firewall-cmd --add-interface=docker0 --zone=internal --permanent
sudo firewall-cmd --add-service=dns --zone=internal --permanent
sudo firewall-cmd --reload

@metal3d
Copy link

metal3d commented Dec 5, 2018

If you're interessed, I did a little service that add DNS entries in dnsmasq from docker hostnames, and a documentation to configure the system:
https://github.com/metal3d/docker-auto-dnsmasq

@zioalex
Copy link

zioalex commented Mar 22, 2019
edited

This works! Many thanks. I do not get how dnsmasq work locally at the host level at the ip address 127.0.0.1 if I specify to listen only at 172.17.0.1 !
...
Just found in the doc that Dnsmasq add the loopback interface by default. Great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment