Windows docker doesn't honor --dns-search option

[hongxima]

---

BUG REPORT INFORMATION

Description

--dns-search option doesn't take effect on Windows containers.

Steps to reproduce the issue:

docker run --rm -t --dns 8.8.8.8 --dns-search github.com --network [your-docker-network] microsoft/windowsservercore ifconfig /all
docker run --rm -t --dns 8.8.8.8 --dns-search github.com --network [your-docker-network] microsoft/windowsservercore ping help

Describe the results you received:
Output for ipconfig within container:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ac8fe16b0b10
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter vEthernet (Container NIC 02d5de47):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
   Physical Address. . . . . . . . . : 00-15-5D-16-E5-6D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8955:4b31:8eaf:fe34%48(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.31.1.121(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.31.1.1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Disabled

Output for ping within container:

Ping request could not find host help. Please check the name and try again.

Describe the results you expected:
items specified in --dns-search should be prsented in field "DNS Suffix Search List" of the ipconfig /all output.
ping help in the container should be the same as ping help.github.com which is reachable.

Output of docker version:

Client:
 Version:      1.14.0-dev
 API version:  1.26
 Go version:   go1.7.3
 Git commit:   f93c04d
 Built:        Sat Dec 17 15:16:54 2016
 OS/Arch:      windows/amd64

Server:
 Version:             1.14.0-dev
 API version:         1.26
 Minimum API version: 1.24
 Go version:          go1.7.3
 Git commit:          f93c04d
 Built:               Sat Dec 17 15:16:54 2016
 OS/Arch:             windows/amd64
 Experimental:        false

Output of docker info:

C:\Users\Administrator>docker info
Containers: 6
 Running: 2
 Paused: 0
 Stopped: 4
Images: 22
Server Version: 1.14.0-dev
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: l2bridge l2tunnel nat null overlay transparent
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 14393 (14393.351.amd64fre.rs1_release_inmarket.161014-1755)
Operating System: Windows Server 2016 Standard
OSType: windows
Architecture: x86_64
CPUs: 2
Total Memory: 3.999 GiB
Name: WIN2016-DOCKER-01
ID: MCVH:SYEM:X2IN:FRIH:CYGH:HGLB:PAKZ:XAME:2IE7:PNZF:XTTL:EDLM
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 192.168.180.200:5000
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):
It's an always behavior happens to both VMware virtual machine and AWS EC2 host.

[git-jiby-me]

@hongxima a couple of things doesnt work in windows docker ATM, these are documented at https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-networking, --dns-search is one of them

[hongxima]

The ability to resolve short domain name is very critical for dns-based service discovery in mainstream container orchestration implementations, it's a mandatory when the service names should be isolated by namespaces or tenants.

dns-search items are pass in as the configurations but not taking effect within container:

            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [
                "8.8.8.8"
            ],
            "DnsOptions": [],
            "DnsSearch": [
                "github.com"
            ],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,

[hongxima]

@git-jiby-me thanks for pointing me to that article! I think it's a bit outdated as "--dns" was an already supported item as you may see in the ipconfig output.
So I think it may be also doable to implement --dns-search and it's really helpful as the reason I stated in the above comment.

[thaJeztah]

/cc @msabansal @mavenugo

[msabansal]

Working on a fix. The platform work has been done. Docker patch will be coming after this PR is approved microsoft/hcsshim#98

[artisticcheese]

Is this issue resolved now?

[msabansal]

Yes. It should work with latest docker.

[artisticcheese]

Does not seem to be working for me. Also confusing if I need to = when supplying dns-search parameter
docker run --rm -it --dns-search a.com microsoft/windowsservercore powershell {ipconfig /all}
Does not inject anything in to "DNS Suffix"
Docker info

Containers: 5
 Running: 0
 Paused: 0
 Stopped: 5
Images: 14
Server Version: 17.03.1-ce-rc1
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: l2bridge l2tunnel nat null overlay transparent
Swarm: inactive
Default Isolation: hyperv
Kernel Version: 10.0 14393 (14393.693.amd64fre.rs1_release.161220-1747)
Operating System: Windows 10 Enterprise
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 15.92 GiB
Name: A-MOBL3
ID: 3R4A:PCYH:DRES:D3LG:FASM:AA6M:ICXR:Q5DW:Q2D4:EYEM:ZEOX:MEV7
Docker Root Dir: C:\ProgramData\Docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

[msabansal]

Sorry should have added more information. This requires platform plus docker support. Platform work was part of next windows milestone. I will check if this is part of the patch we are releasing next. If your list is static then you can perhaps use the following workaround:

SHELL ["powershell"]
RUN set-itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name SearchList -Value ""-Type String

to modify the images with the search list

[bsteciuk]

@msabansal Any news on this from the MS platform side? I'm still seeing the behavior reported here.

Docker info with OS version

 Running: 12
 Paused: 0
 Stopped: 4
Images: 10
Server Version: 17.03.1-ee-3
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: l2bridge l2tunnel nat null overlay transparent
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)
Operating System: Windows Server 2016 Datacenter
OSType: windows
Architecture: x86_64
CPUs: 4
Total Memory: 4 GiB
Name: bs-win0
ID: DEAD:ZAEG:SSTU:EZH7:72BU:D7YD:4OCY:2PII:YE7D:KZTU:KBJL:4KZB
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Thanks!

[friism]

Starting with 17.06 this should be available on older Windows versions: #33311

You can download and test release clients from here: https://master.dockerproject.org/windows/amd64/docker-17.06.0-dev.zip

[bsteciuk]

Very cool, thanks!

[thaJeztah]

@friism can this issue be closed, or anything left to be addressed?

[aserdean]

@thaJeztah this works on Windows version 1709 with the latest build.

Docker build

PS C:\go\src\github.com> git clone https://github.com/moby/moby.git docker/docker
Cloning into 'docker/docker'...
remote: Counting objects: 242109, done.
remote: Compressing objects: 100% (20/20), done.
remote: Total 242109 (delta 4), reused 4 (delta 3), pack-reused 242086
Receiving objects: 100% (242109/242109), 134.51 MiB | 1.06 MiB/s, done.
Resolving deltas: 100% (161471/161471), done.
PS C:\go\src\github.com> cd C:\go\src\github.com\docker\docker
PS C:\go\src\github.com\docker\docker> docker build -t nativebuildimage -f Dockerfile.windows .
Sending build context to Docker daemon  38.83MB
Step 1/7 : FROM microsoft/windowsservercore
 ---> 1fbef5019583
Step 2/7 : SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 ---> Using cache
 ---> 5ba4a5492a58
Step 3/7 : ENV GO_VERSION=1.9.2     GIT_VERSION=2.11.1     GOPATH=C:\go     FROM_DOCKERFILE=1
 ---> Using cache
 ---> fe9eb6d7bede
Step 4/7 : RUN   Function Test-Nano() {     $EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId;     return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer'));   }    Function Download-File([string] $source, [string] $target) {     if (Test-Nano) {       $handler = New-Object System.Net.Http.HttpClientHandler;       $client = New-Object System.Net.Http.HttpClient($handler);       $client.Timeout = New-Object System.TimeSpan(0, 30, 0);       $cancelTokenSource = [System.Threading.CancellationTokenSource]::new();       $responseMsg = $client.GetAsync([System.Uri]::new($source), $cancelTokenSource.Token);       $responseMsg.Wait();       if (!$responseMsg.IsCanceled) {         $response = $responseMsg.Result;         if ($response.IsSuccessStatusCode) {           $downloadedFileStream = [System.IO.FileStream]::new($target, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write);           $copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream);           $copyStreamOp.Wait();           $downloadedFileStream.Close();           if ($copyStreamOp.Exception -ne $null) { throw $copyStreamOp.Exception }         }       } else {       Throw ("Failed to download " + $source)       }    } else {       $webClient = New-Object System.Net.WebClient;       $webClient.DownloadFile($source, $target);     }   }     setx /M PATH $('C:\git\cmd;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin');     Write-Host INFO: Downloading git...;   $location='https://www.nuget.org/api/v2/package/GitForWindows/'+$Env:GIT_VERSION;   Download-File $location C:\gitsetup.zip;     Write-Host INFO: Downloading go...;   Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip;     Write-Host INFO: Downloading compiler 1 of 3...;   Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip;     Write-Host INFO: Downloading compiler 2 of 3...;   Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip;     Write-Host INFO: Downloading compiler 3 of 3...;   Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip;     Write-Host INFO: Extracting git...;   Expand-Archive C:\gitsetup.zip C:\git-tmp;   New-Item -Type Directory C:\git | Out-Null;   Move-Item C:\git-tmp\tools\* C:\git\.;   Remove-Item -Recurse -Force C:\git-tmp;     Write-Host INFO: Expanding go...;   Expand-Archive C:\go.zip -DestinationPath C:\;     Write-Host INFO: Expanding compiler 1 of 3...;   Expand-Archive C:\gcc.zip -DestinationPath C:\gcc -Force;   Write-Host INFO: Expanding compiler 2 of 3...;   Expand-Archive C:\runtime.zip -DestinationPath C:\gcc -Force;   Write-Host INFO: Expanding compiler 3 of 3...;   Expand-Archive C:\binutils.zip -DestinationPath C:\gcc -Force;     Write-Host INFO: Removing downloaded files...;   Remove-Item C:\gcc.zip;   Remove-Item C:\runtime.zip;   Remove-Item C:\binutils.zip;   Remove-Item C:\gitsetup.zip;     Write-Host INFO: Creating source directory...;   New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null;     Write-Host INFO: Configuring git core.autocrlf...;   C:\git\cmd\git config --global core.autocrlf true;     Write-Host INFO: Completed
 ---> Using cache
 ---> f7e069c80bd7
Step 5/7 : ENTRYPOINT ["powershell.exe"]
 ---> Using cache
 ---> 4c0bcd896163
Step 6/7 : WORKDIR C:\go\src\github.com\docker\docker
 ---> Using cache
 ---> 6b897bdb859a
Step 7/7 : COPY . .
 ---> e88b696baa98
Successfully built e88b696baa98
Successfully tagged nativebuildimage:latest
PS C:\go\src\github.com\docker\docker> $DOCKER_GITCOMMIT=(git rev-parse --short HEAD)
PS C:\go\src\github.com\docker\docker> docker run --name binaries -e DOCKER_GITCOMMIT=$DOCKER_GITCOMMIT nativebuildimage hack\make.ps1 -Binary
INFO: make.ps1 starting at 12/07/2017 16:53:41
INFO: Git commit (8fe0a759f) assumed from DOCKER_GITCOMMIT environment variable
INFO: Invoking autogen...
INFO: Building daemon...
INFO: Downloading docker/cli version 17.06.0-ce from edge...

 ________   ____  __.
 \_____  \ |    |/ _|
 /   |   \|      <
 /    |    \    |  \
 \_______  /____|__ \
         \/        \/

INFO: make.ps1 ended at 12/07/2017 16:55:10
PS C:\go\src\github.com\docker\docker> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\docker.exe
PS C:\go\src\github.com\docker\docker> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\dockerd.exe
PS C:\go\src\github.com\docker\docker> Stop-Service Docker
PS C:\go\src\github.com\docker\docker> cp 'C:\Program Files\Docker\docker.exe' C:\docker_old.exe
PS C:\go\src\github.com\docker\docker> cp 'C:\Program Files\Docker\dockerd.exe' C:\dockerd_old.exe
PS C:\go\src\github.com\docker\docker> cp C:\docker.exe 'C:\Program Files\Docker\docker.exe'
PS C:\go\src\github.com\docker\docker> cp C:\dockerd.exe 'C:\Program Files\Docker\dockerd.exe'
PS C:\go\src\github.com\docker\docker> Start-Service Docker
PS C:\go\src\github.com\docker\docker> cd \
PS C:\> docker info
Containers: 17
 Running: 0
 Paused: 0
 Stopped: 17
Images: 3
Server Version: 0.0.0-dev
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd gelf json-file logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 16299 (16299.15.amd64fre.rs3_release.170928-1534)
Operating System: Windows Server Standard
OSType: windows
Architecture: x86_64
CPUs: 4
Total Memory: 7.906GiB
Name: WIN-4S3SHUKUPQF
ID: DKLN:VWWU:YASC:WMTU:2ZEE:WWJL:EI5I:BHDP:PY25:Y26K:H3EH:2IGZ
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Docker network creation

PS C:\> docker network create -d nat --gateway 172.2.127.1 --subnet 172.2.127.0/24 -o com.docker.network.windowsshim.dnsservers=4.4.4.4,8.8.8.8 bla
a3cab95d91fb13b735961347db5bdf05f1e148cfb63d64bca6a657ab83b9f2b4
PS C:\> docker network ls
NETWORK ID          NAME                                                               DRIVER              SCOPE
a3cab95d91fb        bla                                                                nat                 local
73bb88756a8c        none                                                               null                local

Container run:

PS C:\> docker run --network bla --dns 8.8.4.4 --dns-search github.com microsoft/nanoserver:1709 ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : f600671fda0a
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : github.com

Ethernet adapter vEthernet (Ethernet):

   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #6
   Physical Address. . . . . . . . . : 00-15-5D-74-94-16
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::659b:3465:f69b:cc60%33(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.2.127.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.2.127.1
   DNS Servers . . . . . . . . . . . : 172.2.127.1
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled

[thaJeztah]

Thanks for confirming! I'll close this issue, as it's resolved 👍