Skip to content

Instantly share code, notes, and snippets.

@JPvRiel

JPvRiel/ubunut_network_manager_docker_dns_workaround.md

Last active July 18, 2022 23:09
Show Gist options
  • Save JPvRiel/dcb9e2866a9d0aa19042028cca3306c7 to your computer and use it in GitHub Desktop.
Save JPvRiel/dcb9e2866a9d0aa19042028cca3306c7 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu, NetworkManager and Docker DNS workaround
Raw
ubunut_network_manager_docker_dns_workaround.md

Docker issues are frequently logged for DNS resolution in containers because it doens't inhert or get values for DNS from NetworkManager which leverages a built in dnsmasq to inteligently manage DNS.

Perminant workarround

sudo bash -c "echo listen-address=$(ip -4 addr show dev docker0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') > /etc/NetworkManager/dnsmasq.d/docker-bridge"
sudo systemctl reload NetworkManager
sudo bash -c 'echo -e "{\n\t\"dns\": [\"$(ip -4 addr show dev docker0 | grep -oP "(?<=inet\s)\d+(\.\d+){3}")\"]\n}" > /etc/docker/daemon.json'
sudo systemctl restart docker

Note:

  • makes dnsmasq plugin for network manager listen on the host's docker bridge interface
  • adds (clobbers!) the daemon.json - take care, could overwrite other customisations you already have there...

Per run workarround

The bash one liner below generates the dns attributes needed for docker

nm_dns=$(for d in $(nmcli device show | grep -E "^IP4.DNS" | grep -oP '(\d{1,3}\.){3}\d{1,3}'); do echo -n " --dns $d"; done)
sudo -E docker run -it --rm -e http_proxy -e https_proxy -e no_proxy $nm_dns ubuntu

Ain't pretty, but works... (until they change the nmcli output format or something)

Related Issues

Related issues with docker DNS:

@nicoulaj
Copy link

The permanent fix works for me, but not at boot:

Nov 21 18:28:13 NetworkManager[283]: dnsmasq: failed to create listening socket for 172.17.0.1: Cannot assign requested address
Nov 21 18:28:13 dnsmasq[530]: failed to create listening socket for 172.17.0.1: Cannot assign requested address
Nov 21 18:28:13 dnsmasq[530]: FAILED to start up
Nov 21 18:28:13 NetworkManager[283]: <warn>  [1542821293.1743] dnsmasq[0x55cab5d25c50]: dnsmasq exited with error: Network access problem (address in use, permissions) (2)

If I restart NetworkManager after the boot, it works. Did you have this issue as well ?

@metal3d
Copy link

metal3d commented Dec 5, 2018

Great ! but that's not sufficient for Fedora with firewalld.

What we need to do is to apply rules to let docker0 be able to accept dns requests. I'm using "internal" zone:

sudo firewall-cmd --add-interface=docker0 --zone=internal
sudo firewall-cmd --add-service=dns --zone=internal

# To make that permanent
sudo firewall-cmd --add-interface=docker0 --zone=internal --permanent
sudo firewall-cmd --add-service=dns --zone=internal --permanent
sudo firewall-cmd --reload

@metal3d
Copy link

metal3d commented Dec 5, 2018

If you're interessed, I did a little service that add DNS entries in dnsmasq from docker hostnames, and a documentation to configure the system:
https://github.com/metal3d/docker-auto-dnsmasq

@zioalex
Copy link

zioalex commented Mar 22, 2019
edited
Loading

This works! Many thanks. I do not get how dnsmasq work locally at the host level at the ip address 127.0.0.1 if I specify to listen only at 172.17.0.1 !
...
Just found in the doc that Dnsmasq add the loopback interface by default. Great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment