Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows container name DNS resolution issue #27499

Closed
friism opened this issue Oct 18, 2016 · 14 comments

Comments

Projects
None yet
10 participants
@friism
Copy link
Contributor

commented Oct 18, 2016

This is a tracking issue for a DNS problem with how container DNS resolution works on Windows. The problem will only manifest for some DNS configurations.

@msabansal is tracking resolution in Windows.

Workaround

Add this in the Dockerfile:

RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ServerPriorityTimeLimit -Value 0 -Type DWord

This causes the in-container Windows DNS Client to not start skipping the built-in Docker DNS server (used for resolving container names).

Steps to reproduce the issue:

version: '2'
services:
  db:
    image: microsoft/windowsservercore
    command: powershell /c sleep 3600

  web:
    image: microsoft/windowsservercore
    command: ping db
    depends_on:
      - "db"

networks:
  default:
    external:
      name: nat
FROM microsoft/windowsservercore

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]

# RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ServerPriorityTimeLimit -Value 0 -Type DWord
RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ScreenDefaultServers -Value 0 -Type DWord
# RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ScreenUnreachableServers -Value 0 -Type DWord

Then run docker-compose build --no-cache and docker-compose up --force-recreate.

Describe the results you received:

Ping doesn't work

Describe the results you expected:

Ping works

Additional information you deem important (e.g. issue happens only occasionally):

Failure depends on behavior of the hosts DNS server.

image

@shanselman

This comment has been minimized.

Copy link

commented Jan 24, 2017

I'm on 15007 and was able to get it working with just the networks section. Is this fixed? I didn't have to change the registry.

@friism

This comment has been minimized.

Copy link
Contributor Author

commented Jan 24, 2017

@msabansal I don't need this anymore either when testing, and I've removed the registry setting from my MusicStore Docker sample: https://github.com/aspnet/MusicStore/pull/736/files#diff-88a07c86b29f14008bf60577094d57d6R1

@msabansal do you want me to close the issue?

@msabansal

This comment has been minimized.

Copy link
Contributor

commented Jan 24, 2017

@friism Yes please

@colindembovsky

This comment has been minimized.

Copy link

commented Mar 31, 2017

I'm still getting this on Win10 14393 (not on the Insider builds) - I presume the fix will be in Creators Update?

@clawrenceks

This comment has been minimized.

Copy link

commented Apr 6, 2017

I can also confirm that I am seeing this issue on both Windows 10 and Windows Server 2016 - build numbers and Docker version numbers below.

Windows Server 2016

Build:

OS Name: Microsoft Windows Server 2016 Datacenter Evaluation
OS Version: 10.0.14393 N/A Build 14393

Docker Version

Client:
Version: 17.03.1-ee-3
API version: 1.27
Go version: go1.7.5
Git commit: 3fcee33
Built: Thu Mar 30 19:31:22 2017
OS/Arch: windows/amd64

Server:
Version: 17.03.1-ee-3
API version: 1.27 (minimum version 1.24)
Go version: go1.7.5
Git commit: 3fcee33
Built: Thu Mar 30 19:31:22 2017
OS/Arch: windows/amd64
Experimental: false

Windows 10

Build

OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.14393 N/A Build 14393

Docker Version

Client:
Version: 17.03.1-ce
API version: 1.27
Go version: go1.7.5
Git commit: c6d412e
Built: Tue Mar 28 00:40:02 2017
OS/Arch: windows/amd64

Server:
Version: 17.03.1-ce
API version: 1.27 (minimum version 1.24)
Go version: go1.7.5
Git commit: c6d412e
Built: Tue Mar 28 00:40:02 2017
OS/Arch: windows/amd64
Experimental: true

@msabansal

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2017

Yes the fix is in Creators update and in the next patch Tuesday patch aswell. For now using the workaround should work.

@Pete1138

This comment has been minimized.

Copy link

commented Jun 1, 2018

I'm getting this even with the registry workaround.
Windows 10 Pro 1803 Build 17134.48
Docker version 18.05.0-ce (non-experimental)

> docker-compose up -f dockercomposetest.yml

version: '3'
services:
  db:
    #image: microsoft/windowsservercore
    build:
      context: .
      dockerfile: test1dockerfile
    command: powershell /c sleep 3600

  web:
    #image: microsoft/windowsservercore
    build:
      context: .
      dockerfile: test2dockerfile
    command: ping db
    depends_on:
      - "db"

networks:
  default:
    external:
      name: nat

test1dockerfile and test2dockerfile:

FROM microsoft/windowsservercore

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]

RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ScreenDefaultServers -Value 0 -Type DWord

Error:
web_1 | Ping request could not find host db. Please check the name and try again

I can ping the alias that is generated by docker but not the container name

@abjrcode

This comment has been minimized.

Copy link

commented Aug 2, 2018

This seems to be an old thread but this still doesn't work for me with latest version of all the tools at the moment of writing this.
I tried the registry tweak but that doesn't help either
I opened an issue on docker-for-win repository but no one responds there.
@friism I appreciate if you have some insight or further knowledge on this

@daschott

This comment has been minimized.

Copy link

commented Aug 8, 2018

We will investigate this. Can you try these workarounds in the meanwhile?
Run the following inside affected containers:

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name MaxCacheTtl -Value 0 -Type DWord
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name MaxNegativeCacheTtl -Value 0 -Type DWord
Restart-Service dnscache 

If this still doesn't resolve the problem, then you may be forced to disable DNS caching completely as a last resort:

Set-Service dnscache -StartupType disabled
Stop-Service dnscache
@abjrcode

This comment has been minimized.

Copy link

commented Aug 9, 2018

Thank you @daschott . I have already solved the problem as described in the issue I linked too.

@stgraves

This comment has been minimized.

Copy link

commented Aug 9, 2018

@daschott I can confirm the reg keys provided resolved the issue on WS2016 1607 and Win10 1803.

@daschott

This comment has been minimized.

Copy link

commented Nov 5, 2018

on 1803, please also use program the following firewall rule to ensure Docker DNS isn't failing:
New-NetFirewallRule -DisplayName "Swarm DNS" -Direction Inbound -Action Allow -Protocol UDP -LocalPort 53
New-NetFirewallRule -DisplayName "Swarm DNS" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 53

@achrjulien

This comment has been minimized.

Copy link

commented Nov 8, 2018

@daschott How do you get through with this?
I get

Stop-Service : Service 'DNS Client (dnscache)' cannot be stopped due to the following error: Cannot open dnscache servi
ce on computer '.'.

And

New-NetFirewallRule : There are no more endpoints available from the endpoint
mapper.
At line:1 char:76
+ ... yContinue'; New-NetFirewallRule -DisplayName "Swarm DNS" -Direction I ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_NetFirewallRule:root/standar
   dcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException
    + FullyQualifiedErrorId : Windows System Error 1753,New-NetFirewallRule
@achrjulien

This comment has been minimized.

Copy link

commented Nov 29, 2018

I got my problems solved by running 18.06.1-ce on both Linux (Ubuntu/Debian) and Windows (server 1803) on physical servers. For Windows, you have to compile 18.06.1-ce yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.