Docker CE 17.06.0 has stopped respecting the host's DNS settings

[sohrab-]

Expected behavior

Before updating to the latest version of Docker, I used to be able to log into my private registry that is accessed via VPN.

$ docker login -p mytoken -u myuser myprivateregistry
Login Succeeded

Actual behavior

But after upgrading to below version, this has stopped working.

Version 17.06.0-ce-mac18 (18433)
Channel: stable
d9b66511e0

$ docker login -p mytoken -u myuser myprivateregistry
Error response from daemon: Get https://myprivateregistry/v2/: dial tcp: lookup myprivateregistry on 192.168.65.1:53: no such host

I am not entirely sure if the Docker client is a local OSX executable or if it goes to VM before it logs into a private registry. But here is the /etc/resolv.conf inside the VM:

# Generated by dhcpcd from eth0.dhcp
# Generated by dhcpcd from eth0.dhcp
# /etc/resolv.conf.head can replace this line
domain local
:nameserver 192.168.65.1
# /etc/resolv.conf.tail can replace this line

Which obviously does not match my host's DNS settings, managed by my VPN client.

Information

Diagnostic ID: B2A96BD4-8D88-4B98-8B2A-FF80F6267ED7

Docker for Mac: version: 17.06.0-ce-mac18 (4cdec4294a50b2233146b09469b49937dabdebdd)
macOS: version 10.12.5 (build: 16F73)
logs: /tmp/B2A96BD4-8D88-4B98-8B2A-FF80F6267ED7/20170706-151450.tar.gz
[OK]     db.git
[OK]     vmnetd
[OK]     dns
[OK]     driver.amd64-linux
[OK]     virtualization VT-X
[OK]     app
[OK]     moby
[OK]     system
[OK]     moby-syslog
[OK]     db
[OK]     env
[OK]     virtualization kern.hv_support
[OK]     slirp
[OK]     osxfs
[OK]     moby-console
[OK]     logs
[OK]     docker-cli
[OK]     menubar
[OK]     disk

Steps to reproduce the behavior

On a fresh install of Docker for Mac, while the host is pointing to another name server:

$ docker login -p mytoken -u myuser myprivateregistry

[mortensteenrasmussen]

We've experienced a similar issue. For us, we could no longer pull from our internal Docker registry.

From inside the docker-for-mac VM, we could resolve our docker registry host without the domain, but not with the domain.

E.g.
nslookup docker-repo works
nslookup docker-repo.ourdomain.local doesn't work

Our workaround was to add our registry FQDN to /etc/hosts on the Mac itself like this:

echo "192.168.15.25 docker-repo.ourdomain.local" | sudo tee -a /etc/hosts

After doing this, we can pull again. We also had some builds failing inside Docker containers by not being able to look up our Nexus repository by FQDN. Again, our workaround was to add the FQDN to the host.

echo "192.168.15.35 nexus.ourdomain.local" | sudo tee -a /etc/hosts

This is true even though we do have the search domain enabled on our hosts:

[morten@morten-osx-lap: ~]$ cat /etc/resolv.conf 
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
search ourdomain.local
nameserver 192.168.25.10

I assume this will affect a great many people. Hopefully, these workarounds can help weather the storm until it's fixed.

[christhomas]

I am running into this issue right now.

If I ping a fqdn managed by a local dns server running inside a docker container for dev purposes, depending on where I ping it, will succeed or fail accordingly.

from inside the container:

mycompany-chris-thomas:~ xyz$ docker exec -it corems_dev_phpfpm_1 ping search-lk-dev.mycompany.local
ping: unknown host

from output the container:

mycompany-chris-thomas:~ xyz$ ping search-lk-dev.mycompany.local
PING search-lk-dev.mycompany.local (10.254.254.254): 56 data bytes
64 bytes from 10.254.254.254: icmp_seq=0 ttl=64 time=0.044 ms

I expect them to work in both situations. I am running docker version:

Version 17.05.0-ce-mac11 (17656)
Channel: edge
ffbc5f5871

[djs55]

Thanks for your report. I think this is the same as #1811 -- there's a bug in 17.06 which prevents .local domains from resolving properly. This was fixed in moby/vpnkit#250 and the fix should be in 17.06.1, due to be released this week.

[djs55]

The fix for the .local domain issue has been released in the latest stable patch:

Version 17.06.0-ce-mac19 (18663)
Channel: stable
c98c1c25e0

If this doesn't fix the problem, could you upload a fresh diagnostic and let me know?

Thanks again for your report.

[sohrab-]

Yup, looks good. Thanks!

[aleksanderlech]

I was having the same with the newest version when using VPN and having Docker started before VPN connection was established. Restarting Docker after connecting to VPN solves the issue.

[inevity]

I use https proxy for minikube and docker. Need set https proxy env var before docker push.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked