buildx icon indicating copy to clipboard operation
buildx copied to clipboard
verified publisher icon docker

DNS Resolution fails to resolve Registry

Open AffiTheCreator opened this issue 3 years ago • 4 comments

There is a issue in docker compose github but its not actually related to docker compose but to buildx. I'm leaving the link to the issue here

###@io7m - issue Author

Issue Contents(quote)

I'm unable to get any kind of DNS resolution inside a container started with docker-compose. The same problem does not occur when using the plain docker command.

The closest related issue I could see was https://github.com/docker/compose/issues/8598, but that didn't appear to have a satisfying resolution. I've tried every combination of dns and network type, and can't get anything useful to happen. I'm using systemd-networkd and systemd-resolved on the system and have no issues with DNS resolution elsewhere.

Steps to reproduce the issue:

See this repos: https://github.com/io7m/docker-compose-issue-20220609

Confirm that docker build . works correctly. Delete the image afterwards to avoid any cache issues.
Edit docker-compose.yml to use a dns entry with a server you can actually reach (like 8.8.8.8); My LAN only allows DNS requests to the server specified in the example dns entry, by design.
Run docker-compose up --build. DNS resolution for the apt-get command fails.

Describe the results you received:

Any kind of DNS resolution fails. Inspection shows that /etc/resolv.conf is nonexistent, and some casual spying with wireshark shows that no DNS requests appear to be made.

Describe the results you expected:

DNS resolution works as it does with docker build.

end quote

My situation and why im posting this

I'm having the same issue describe in the issue but with more updated versions

I also have a company registry and i did a docker login <copmany.registry> and worked, I has able to push and pull images and docker compose has working. I stopped being able to use docker buildx build/ docker compose when change wifis, now nothing works only docker build

Docker compose version Docker Compose version v2.12.2

Output for docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.9.1)
  compose: Docker Compose (Docker Inc., v2.12.2)
  dev: Docker Dev Environments (Docker Inc., v0.0.3)
  extension: Manages Docker extensions (Docker Inc., v0.2.13)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.21.0)

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 4
 Server Version: 20.10.21
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1c90a442489720eec95342e1789ee8a5e1b9536f
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.15.74.2-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 5.791GiB
 Name: docker-desktop
 ID: 57Q4:K5VN:EP3B:3GNS:462K:T4ZT:T7AS:KKNE:7B5G:5JN5:JU2C:YBUX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

AffiTheCreator avatar Dec 09 '22 16:12 AffiTheCreator

For anyone landing on this issue, I found a workaround**(not really) for now:

Since the cmd docker build . worked as expected (able to pull images from custom registry and also from registry.docker.io).

I reverted buildx builder to the default using docker buildx use default and removed my dns: ["dns1" , "dns2"] configuration from the daemon.json after docker restart, everything worked as expected.

AffiTheCreator avatar Dec 13 '22 14:12 AffiTheCreator

This may be related to Issue #1461 where buildx builds can't push when using the docker-compose driver.

ben-kemister avatar Dec 20 '22 08:12 ben-kemister

Sharing from linked issue if it helps. If you are building with the docker-container buildx driver, create one with host mode networking and it should avoid those issues AFAIK.

ArchWiki Docker does specifically mention systemd-networkd as being problematic due to disabling IP forwarding. There's also mention of iptables / nftables contributing to network issues that might be relevant.

For me though, building an image with host network is acceptable and works without issue.

polarathene avatar Jan 18 '23 05:01 polarathene

@polarathene Thanks for the info! Using host mode networking solved this issue for me (on Fedora 40). Regarding the "how" part, I took these options --driver-opt network=host and --buildkitd-flags '--allow-insecure-entitlement network.host' from https://github.com/docker/buildx/issues/835#issuecomment-966496802

attila123 avatar Oct 07 '24 16:10 attila123