docker
Unable to Resolve host.docker.internal from Custom Network
Contributing guidelines
- [X] I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- [X] ... the documentation does not mention anything about my problem
- [X] ... there are no open or closed issues that are related to my problem
Description
You cannot resolve host.docker.internal while building with a custom builder that has been created with --driver-opt network=custom-net.
Expected behaviour
The host.docker.internal can be successfully resolved.
Actual behaviour
The resolution of host.docker.internal is not successful.
Buildx version
github.com/docker/buildx v0.11.2-desktop.4 b9955a86a20bf0112ebb4f14424bf59fc46ee179
Docker info
Client:
Version: 24.0.6
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2-desktop.4
Path: C:\Program Files\Docker\cli-plugins\docker-buildx.exe
compose: Docker Compose (Docker Inc.)
Version: v2.21.0-desktop.1
Path: C:\Program Files\Docker\cli-plugins\docker-compose.exe
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: C:\Program Files\Docker\cli-plugins\docker-dev.exe
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: C:\Program Files\Docker\cli-plugins\docker-extension.exe
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.7
Path: C:\Program Files\Docker\cli-plugins\docker-init.exe
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: C:\Program Files\Docker\cli-plugins\docker-sbom.exe
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: C:\Program Files\Docker\cli-plugins\docker-scan.exe
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.24.1
Path: C:\Program Files\Docker\cli-plugins\docker-scout.exe
Server:
Containers: 9
Running: 9
Paused: 0
Stopped: 0
Images: 76
Server Version: 24.0.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
runc version: v1.1.8-0-g82f18fe
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
Kernel Version: 5.15.90.1-microsoft-standard-WSL2
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 7.698GiB
Name: docker-desktop
ID: 085a0b16-6bb1-4d62-b3b2-d966429648ee
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: daemon is not using the default seccomp profile
Builders list
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
builder * docker-container
builder0 npipe:////./pipe/docker_engine running v0.12.2 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
test-builder docker-container
test-builder0 npipe:////./pipe/docker_engine running v0.12.2 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
default docker
default default running v0.11.6+616c3f613b54 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
desktop-linux docker
desktop-linux desktop-linux running v0.11.6+616c3f613b54 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
Configuration
FROM alpine
RUN cat /etc/resolv.conf
RUN nslookup host.docker.internal
docker network create test-net
docker buildx create --name test-builder --driver-opt network=test-net
docker build --builder=test-builder .
Build logs
[internal] load build definition from Dockerfile
transferring 109/0 0.038
[internal] load metadata for docker.io/library/alpine:latest
[internal] load .dockerignore
transferring 2/0 0.004
[1/3] FROM docker.io/library/alpine:latest@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978
resolve docker.io/library/alpine:latest@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 0/0 0.027
sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa 3401967/3401967 0.552
extracting 0/0 0.1
[2/3] RUN cat /etc/resolv.conf
options ndots:0
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
[3/3] RUN nslookup host.docker.internal
Server: 8.8.8.8
Address: 8.8.8.8:53
** server can't find host.docker.internal: NXDOMAIN
** server can't find host.docker.internal: NXDOMAIN
Additional info
When DOCKER_BUILDKIT is set to 0, running docker build --network=test-net . performs as expected, although a deprecation warning is displayed.
You cannot resolve
host.docker.internalwhile building with a custom builder
Not sure what's your use case here. Do you want to connect to a service on the host?
Yes, I need to connect to a service on the host, and it is possible, but only by using its IP address. Additionally, if I need to connect to another container that was started in the test network, it is also only possible by using its IP address.
I'm using Testcontainers. Application tests are initiated during the Dockerfile build process, and they require access to both the host and the container inside the build network, which I'm using to interact with Docker on the host. I relocated this container to a separate network to restrict access to Docker on the host from other containers.
Same here. When I try to access a custom docker network from a container started within docker:24.0.6-dind, I have to export DOCKER_BUILDKIT=0 to use the deprecated builder, otherwise the (host-)names of the containers in the custom docker network would not be resolved. I have a setup similar to @sbrajchuk wanting to fetch software from a repository provided by a container in the custom network.
build command inside the dind container is
docker build . -t my_fancy_new_container -f Containerfile --network=host
Same here, using Docker version 25.0.3 and BuildKit version 0.15.2.
If I'm understanding correctly, any Docker container belonging to a network forwards DNS requests to the Docker daemon. To do that, Docker replaces the default /etc/resolv.conf with custom configuration.
$ docker run -it --rm alpine cat /etc/resolv.conf
# DNS requests are forwarded to the host. DHCP DNS options are ignored.
nameserver 192.168.65.7
$ docker network create test-network
$ docker run -it --rm --network test-network alpine cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0
Instead, builder containers, even when created with the option --driver-opt network=<network>, don't seem to be forwarding DNS request to the Docker daemon, apparently relying on hardcoded configuration only (Google DNS).
options ndots:0
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
For this reason, builder containers are unable to resolve any Docker host name, like host.docker.internal, or any other container host name in the same network.
