containers
`podman login` works fine and authenticates but `podman pull` fails with `dial tcp: lookup: Temporary failure in name resolution`
Issue Description
When attempting to run the command podman pull, the operation fails with a dial tcp: lookup: Temporary failure in name resolution error, despite successful authentication using podman login. This issue persists even after verifying that the DNS cache is cleared and all required Docker credentials are correct.
Note: Private Registry is in some other Network and accessed via VPN(Corporate Proxy)
I am using Podman Desktop v1.14.2 on MacOS 15.1.1 [OS/Arch: darwin]
Steps to reproduce the issue
Observed Behavior:
The podman login command completes successfully, indicating authentication with the Private Registry.
The podman pull command fails with an error message containing "Temporary failure in name resolution".
Describe the results you received
podman login private-registry.local Authenticating with existing credentials for private-registry.local Existing credentials are valid. Already logged in to private-registry.local
podman pull private-registry.local/image-repo/test-image:latest Trying to pull private-registry.local/image-repo/test-image:latest... Error: initializing source docker://private-registry.local/image-repo/test-image:latest: pinging container registry private-registry.local: Get "https://private-registry.local/v2/": dial tcp: lookup private-registry.local: Temporary failure in name resolution
Describe the results you expected
Expected Behavior:
The podman pull command should successfully retrieve images from a registry without encountering any network-related errors if it was able to authenticate prior.
FYI: docker pull works fine in the exact same scenario
podman info output
host:
arch: arm64
buildahVersion: 1.36.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.10-1.fc40.aarch64
path: /usr/bin/conmon
version: 'conmon version 2.1.10, commit: '
cpuUtilization:
idlePercent: 99.78
systemPercent: 0.09
userPercent: 0.13
cpus: 6
databaseBackend: sqlite
distribution:
distribution: fedora
variant: coreos
version: "40"
eventLogger: journald
freeLocks: 2043
hostname: localhost.localdomain
idMappings:
gidmap: null
uidmap: null
kernel: 6.8.11-300.fc40.aarch64
linkmode: dynamic
logDriver: journald
memFree: 10300002304
memTotal: 15562801152
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.11.0-1.20240628130058229856.main.10.g5ad6420.fc40.aarch64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.12.0-dev
package: netavark-1.11.0-1.20240702123536284903.main.32.g49fb0c2.fc40.aarch64
path: /usr/libexec/podman/netavark
version: netavark 1.12.0-dev
ociRuntime:
name: crun
package: crun-1.15-1.20240708144150212138.main.51.g6c158dd.fc40.aarch64
path: /usr/bin/crun
version: |-
crun version UNKNOWN
commit: 54f958d21c4e2299eae6b0f4d8b742304540dce6
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240624.g1ee2eca-1.fc40.aarch64
version: |
pasta 0^20240624.g1ee2eca-1.fc40.aarch64-pasta
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.2-2.fc40.aarch64
version: |-
slirp4netns version 1.2.2
commit: 0ee2d87523e906518d34a6b423271e4826f71faf
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.5
swapFree: 0
swapTotal: 0
uptime: 39h 31m 54.00s (Approximately 1.62 days)
variant: v8
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 2
paused: 0
running: 2
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.imagestore: /usr/lib/containers/storage
overlay.mountopt: nodev,metacopy=on
overlay.use_composefs: "false"
graphRoot: /var/lib/containers/storage
graphRootAllocated: 106769133568
graphRootUsed: 31234764800
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 34
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.1.2
Built: 1720569600
BuiltTime: Tue Jul 9 20:00:00 2024
GitCommit: ""
GoVersion: go1.22.5
Os: linux
OsArch: linux/arm64
Version: 5.1.2
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
No response
I have tested it by adding entry into hosts file of my MacOS, and this issue still persist
I'm having a very similar issue. I'm trying to access a registry behind a VPN, and while podman login <registry> seem to work:
output
❯ podman login registry.private.some-domain.com --verbose
Username: <user>
Password:
Used: /Users/userhome/.config/containers/auth.json
Login Succeeded!
❯ podman login registry.private.some-domain.com --verbose
Authenticating with existing credentials for registry.private.some-domain.com
Existing credentials are valid. Already logged in to registry.private.some-domain.com
either podman pull or podman search fail with an error
output
❯ podman pull registry.private.some-domain.com/path_to/image:master
Trying to pull registry.private.some-domain.com/path_to/image:master...
Error: initializing source docker://registry.private.some-domain.com/path_to/image:master: pinging container registry registry.private.some-domain.com: Get "https://registry.private.some-domain.com/v2/": dial tcp: lookup registry.private.some-domain.com: no such host
❯ podman search registry.private.some-domain.com/
Error: 1 error occurred:
* couldn't search registry "registry.private.some-domain.com": pinging container registry registry.private.some-domain.com: Get "https://registry.private.some-domain.com/v2/": dial tcp: lookup registry.private.some-domain.com: no such host
Notice that in my case the error is not about "Temporary failure in name resolution", but directly "no such host", but otherwise the behavior seems equivalent.
podman info output
I'm using macOS 15.2 and podman desktop 1.15.0
host:
arch: arm64
buildahVersion: 1.38.0
cgroupControllers:
- cpu
- io
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.12-2.fc40.aarch64
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: '
cpuUtilization:
idlePercent: 99.67
systemPercent: 0.16
userPercent: 0.17
cpus: 6
databaseBackend: sqlite
distribution:
distribution: fedora
variant: coreos
version: "40"
eventLogger: journald
freeLocks: 2048
hostname: localhost.localdomain
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 1000000
uidmap:
- container_id: 0
host_id: 502
size: 1
- container_id: 1
host_id: 100000
size: 1000000
kernel: 6.11.3-200.fc40.aarch64
linkmode: dynamic
logDriver: journald
memFree: 1522900992
memTotal: 2042683392
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.12.2-2.fc40.aarch64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.12.2
package: netavark-1.12.2-1.fc40.aarch64
path: /usr/libexec/podman/netavark
version: netavark 1.12.2
ociRuntime:
name: crun
package: crun-1.17-1.fc40.aarch64
path: /usr/bin/crun
version: |-
crun version 1.17
commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
rundir: /run/user/502/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240906.g6b38f07-1.fc40.aarch64
version: |
pasta 0^20240906.g6b38f07-1.fc40.aarch64-pasta
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: unix:///run/user/502/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.2-2.fc40.aarch64
version: |-
slirp4netns version 1.2.2
commit: 0ee2d87523e906518d34a6b423271e4826f71faf
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.5
swapFree: 0
swapTotal: 0
uptime: 0h 24m 30.00s
variant: v8
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /var/home/core/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/home/core/.local/share/containers/storage
graphRootAllocated: 106769133568
graphRootUsed: 4700618752
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/user/502/containers
transientStore: false
volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
APIVersion: 5.3.1
Built: 1732147200
BuiltTime: Thu Nov 21 01:00:00 2024
GitCommit: ""
GoVersion: go1.22.7
Os: linux
OsArch: linux/arm64
Version: 5.3.1
To rule out any external issue, I tried uninstalling podman and testing it with rancher desktop, which works as expected in the same setup
either docker pull or docker search fail with an error Did you mean to specify podman pull and podman search?
either docker pull or docker search fail with an error Did you mean to specify podman pull and podman search?
Yes, my bad 🙈 already fixed it in my comment
Did you find a solution for this ? @rhatdan / @mgab / @Luap99 / @mtrmac / @vrothberg / @jwhonce / @l0rd / @baude / @robbmanes
I see a similar issue #8032
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
No I did not find any solution. I had to move to Rancher Desktop as I couldn't find any workaround to get podman to work in my case, nor much activity on this issue 😞