DCA 13 - Setting Up Container DNS

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
360
Reaction score
403
Credits
13,016
It can be imperative for a Docker Container, Service, or other to be able to resolve Domain Names. The Docker systems should need access to a Domain Name System (DNS).

There are multiple ways to manage DNS for Docker systems.

Default Name Resolution

The Host system on which Docker is running has its own name resolution. You can look at the file '/etc/resolv.conf'. The DNS Server will be listed on a line with 'nameserver' at the beginning. Sometimes, it may list the DNS Server being used, but if not, we can find it.

Depending on your system, you can use one of the following to determine the DNS Server:

nmcli dev show | grep 'IP4.DNS'
systemd-resolve --status | grep "DNS Servers"


Usually the first command works, but just in case, I included both.

If the 'nameserver' line is not included in '/etc/resolv.conf', then you can add it.

Unless changed, the Docker container will use the same DNS Server as the Host system. Let's look at the default setting.

On my Host system, the DNS IP Address is the Gateway of my network (192.168.1.1).

If I load an Ubuntu container in Docker:

docker image pull ubuntu
docker run -it ubuntu /bin/bash


The commands should download and start Ubuntu as a container.

From the Command Line Interface (CLI) prompt, run the commands:

apt update
apt install iputils-ping
cat /etc/resolv.conf


The first line updates the Repository list. The second command will download the 'ping' utility so we can test the DNS resolution. The last line will print the contents of the file 'resolv.conf' to the screen. You should see that the 'nameserver' will list the same name servers that we saw in the Host.

Now that we downloaded 'Ping', we can use it to test that we get a name resolution, such as 'ping www.ubuntu.com'. The ping should show the DNS name was resolved to an IP Address such as '185.125.190.29'.

We have verified the default source of the name server. What if we wanted to set the IP Address for a container?

Specify DNS Server for a Container

Let's say we want to use the Google DNS Servers that have the IP Address of '8.8.8.8' and '8.8.4.4'.

We need to stop the current container by typing 'exit' and pressing 'Enter'. If we use the command 'docker ps', we should see that the container is not running. If we use the command 'docker ps -a', we can see that the container has exited. We can clear the exited list with the command 'docker rm $(docker ps -a -f status=exited -q)'.

So, we need to restart the Ubuntu container with the specified DNS Server IP Addresses. The command is:

docker run -it --dns=8.8.8.8 --dns=8.8.4.4 ubuntu /bin/bash

If you use the command 'cat /etc/resolv.conf', you should see that the name servers are the same as we specified on the command line.

To test things further, you can install 'ping' again as above, and test that the name resolution does work.

So, we changed one container, but what if you want to set a default for all containers that are executed?

Set Global DNS Server for Docker

On the Host system may be a file named '/etc/docker/daemon.json'. Edit the file to create it, if it doesn't exist, or open the existing file.

Add the following section to the file:

{
"dns":["1.1.1.1", "9.9.9.9"]
}


My JSON file already existed and became:

{
"storage-driver":"devicemapper",
"dns":["1.1.1.1","9.9.9.9"]
}


NOTE: If you have multiple lines, then they need to be separated by a comma at the end of the line. The last data line will not contain a comma.

The DNS Server at '1.1.1.1' is Cloudflare and '9.9.9.9' is Quad9. I changed them from the last example to show that no addresses are being held over from the previous defaults.

Perform a 'sudo systemctl restart docker' so the changes take effect for Docker.

Execute the next line to start Ubuntu with the new DNS Servers:

docker run -it ubuntu /bin/bash

Use 'cat' to see the contents of /etc/resolv.conf' and see that the DNS Servers are '1.1.1.1' and '9.9.9.9'. If you start another container, the results for the 'resolv.conf' should be identical unless you specify the DNS Servers on the command line using 'dns=#.#.#.#'.

If you need to not set the DNS Servers globally in this manner, just remove the settings from the JSON file and restart the service.

Conclusion

Setting the DNS Servers using these methods for Docker Containers is quick and handy. For most systems running Docker, the default of using the Host system's settings may work best. It is good to know that the DNS Servers used by the Docker container can be changed.

For some containers, it is best to be sure that name resolution works well. It may also be best to have an external DNS Server used by the container instead of adding a load to an internal server that is only going to send a query to the Internet anyway.

Practice these methods so you know that they work and you are familiar with them if you plan to get Docker Certified.
 




Top