Resolv.conf on containers not using data from host

[phlcastro]

Expected behavior

According to docs, all records on host file resolv.conf will be copied to the container.
So I create a few record lines in the /etc/resolv.conf file expecting to see them on resolv.conf file inside my containers.

Actual behavior

No record is copied from host to container (search or nameserver records)

Information

Diagnostic Id: 2819C68F-61EB-4BDB-89C9-FD673AF91D17

Docker for Mac: version: 1.12.1 (2d5b4d9)
OS X: version 10.11.6 (build: 15G31)
logs: /tmp/2819C68F-61EB-4BDB-89C9-FD673AF91D17/20160920-225600.tar.gz
[OK] docker-cli
[OK] virtualization kern.hv_support
[OK] menubar
[OK] moby-syslog
[OK] dns
[OK] disk
[OK] system
[OK] app
[OK] osxfs
[OK] virtualization VT-X
[OK] db
[OK] slirp
[OK] logs
[OK] env
[OK] vmnetd
[OK] moby-console
[OK] moby
[OK] driver.amd64-linux

Steps to reproduce the behavior

1. Customize host resolv.conf file
2. Run your image (ie.: ubuntu)
3. Check container resolv.conf file and verify if it matches

Other info

Tried with latest beta, same issue.
Records present on scutil --dns are also not imported to container.
The only way I made it work was using --dns= when first run a container

[dsheets]

Could you point out where in the docs we discuss copying resolv.conf into containers? I believe we source DNS resolution configuration from the host and handle it transparently in the network stack. Are you having issues with DNS resolution? Are particular parts of the configuration not being obeyed?

I don't believe you will see any change inside of a container file system when DNS settings are updated. One reason for this design is that it allows us to transparently switch DNS resolution configuration when mobile users move from network to network or onto/off-of a VPN without the container having to understand these changes.

[samoht]

This issue has been inactive for more than 14 days while marked as status/0-more-info-needed. It is being closed due to abandonment. Please feel free to re-open with more information about the problem.

MORE_INFO_EXPIRY_TIMEOUT

[markwilson]

Docker makes each container’s /etc/resolv.conf look like the /etc/resolv.conf of the host machine (where the docker daemon runs)

https://docs.docker.com/engine/userguide/networking/default_network/configure-dns/

I've been trying to work out how I can connect to my host machine to connect to a MySQL DB (running on my Mac) without providing this as an extra host. Providing it as an extra host means I need to regularly change it as I connect to different networks and have a different network IP. Using the bridge network's gateway IP doesn't allow me to connect to anything, only ICMP communications seem to work.

[samoht]

@markwilson I am not sure why you are commenting on this closed issue, but are you asking for #155 ? We have an update on this planning soon, so you might be interested to watch that issue for updates.

[phlcastro]

@samoht I dont think this issue is related to the #155

I didnt replied it before because I didnt receive the update from github and forgot to come back here.

@markwilson was replying @dsheets question of where did I find the documentation saying that records from resolv.conf on host would be copied to the container resolv.conf file.

[phlcastro]

@samoht sorry, but I dont know how to reopen this issue

[samoht]

@phlcastro no pb. Do you still have that issue with the latest beta/stable?

[phlcastro]

@samoht same problem using stable 1.13.0 (15072)

[samoht]

Ok sorry I read your issue again and this is indeed expected.

As @dsheets said above, Docker for Mac does some "magic" (using vpnkit) to transparently route the network traffic from the containers (running inside a Linux VM, as well as the docker daemon) to your macOS networking stack. VPNKit is automatically updated when you update /etc/resolv.conf but it doesn't update the VM (and containers) network configuration.

If your use-case is trying to connect back to your localhost from a container (for instance to access an open port), we are working on a solution to #155 which could help you. If not, we are very interested to hear about your use-case to see how we can handle it.

[phlcastro]

I was trying to have my container (Ubuntu) being able to resolve hostnames from a VPN connection.
So instead of updating the resolv.conf each time I ran the container, I wondered if I could set it on host and have it automatically updated on containers.

[dave-tucker]

Closing as 0-wont-fix as this behavior is expected.

I was trying to have my container (Ubuntu) being able to resolve hostnames from a VPN connection.

This should work, but there are some open issues with VPN DNS Servers not reliably being detected. That said, the support has got a lot better for this in the last few releases.

[rachelwilson]

I am also having this problem. What is the advice for people who are affected by these open issues. What are the open issues that we could follow please?

[swadeshp]

Same issue. Is it not the default behavior?
Docker update containers resolv.conf with information in host resolv.conf file, right?

[keepsimple1]

In our case, I see the same containers (built in the same way) has the "search <>" line in /etc/resolv.conf in some cases , but not in some other cases.

For both cases, the Docker version and the Mac network setup is the same. We are using Docker for Mac community edition 18.03.1-ce-mac65 (24312) .

My question is: why in some cases the search domains are NOT copied from the Mac network setting into the Docker container /etc/resolv.conf ? Thanks.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked