I was running a docker swarm network overlay. It was using the company internal dns to resolv (10.0.0.1)
I created the network using:
docker -H :4000 network create test
docker -H :4000 network inspect test
[
{
"Name": "test",
"Id": "29b9a2cb98de53fb48c2233c91ed364b27db49c2718dd9be6b9da70ac8f9c48a",
"Scope": "global",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.0.0.0/24",
"Gateway": "10.0.0.1/24"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
Now, when starting a container using the network, DNS resolution failed.
docker -H :4000 run -it --net=test busybox bash
ping google.com.... failed
The docker network test has the same subnet ip address as our company wide network (both 10.0.0/24) Therefore, the docker network (Docker embedded DNS server) could not resolv to the correct 10.0.0.1 DNS Nameserver
Our Solution was, to create another network with a different subnet adress thaan 10.0.0/24:
docker -H :4000 network create test2
docker -H :4000 network inspect test2
[
{
"Name": "test2",
"Id": "b1e4a1c046e78eb0db54d6bac153be798551a148462d3d73db44d47ab5072c27",
"Scope": "global",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.0.1.0/24",
"Gateway": "10.0.1.1/24"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
Now, when starting a container using the network, DNS resolution works :).
docker -H :4000 run -it --net=test busybox bash
ping google.com.... failed
On the host, I ran tcpdump to intercept all DNS traffic:
tcpdump -vvv -s 0 -l -n port 53 | tee /tmp/dns.cap
When trying to ping google.com, it did not show up in the host DNS tcpdump logs. Therefore I was sure, docker was the issue.