Describe the bug
When Docker Engine creates containers using built-in Docker DNS Proxy on 127.0.0.11 - DNS fails to resolve any public names. DNS proxy IP is reachable and responds on UDP/TCP 53.
DNS to Orb namespace works.
This breaks containers from being able to reach any public resources outside of local Orb host. The breakage appears to be between OrbStack and macOS host.
To Reproduce
Steps to re-produce:
-
Latest OrbStack 2.0.5 on latest macOS 26.2 on M4 Mac
-
Clone small repo I created to reproduce:
git clone https://github.com/ctyrider/clab-broken-dns.git
-
Open repo on VSC on macOS, then open in container (Docker-outside-of-Docker DevPod):
F1 -> DevContainers Rebuild and Reopen in Container
-
Start the Containerlab in VSC container terminal:
clab deploy
You should have 3 containers running:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
acebf8c38873 ghcr.io/hellt/network-multitool "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp, 443/tcp linux1
cf3a8d53b253 ghcr.io/hellt/network-multitool "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp, 443/tcp linux2
07f98d9dd93c ghcr.io/srl-labs/containerlab/devcontainer-dood-slim:0.72.0 "/bin/sh -c 'echo Co…" 25 seconds ago Up 25 seconds nifty_hopper
- Enter terminal shell of Linux1 container:
docker exec -it linux1 sh
- We can now see that DNS to 127.0.0.11 isn't working:
bash-5.0# cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 127.0.0.11
options ndots:0
NSlookup fails to any public host:
bash-5.0# nslookup google.com
Server: 127.0.0.11
Address: 127.0.0.11#53
** server can't find google.com: SERVFAIL
However, DNS to other OrbStack containers works fine:
bash-5.0# nslookup linux2
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: linux2
Address: 172.20.20.2
Name: linux2
Address: 3fff:172:20:20::2
Expected behavior
DNS to 172.0.0.11 should resolve public resources. DNS in the same ContainerLab works fine, when not using OrbStack.
Diagnostic report (REQUIRED)
OrbStack info:
Version: 2.0.5
Commit: cfe47627f138ffd822c958553b0a93eaf2692c71 (v2.0.5)
System info:
macOS: 26.2 (25C56)
CPU: arm64, 10 cores
CPU model: Apple M4
Model: Mac16,10
Memory: 24 GiB
Full report: https://orbstack.dev/_admin/diag/orbstack-diagreport_2026-01-12T20-50-30.128281Z.zip
Screenshots and additional context (optional)
No response
Describe the bug
When Docker Engine creates containers using built-in Docker DNS Proxy on 127.0.0.11 - DNS fails to resolve any public names. DNS proxy IP is reachable and responds on UDP/TCP 53.
DNS to Orb namespace works.
This breaks containers from being able to reach any public resources outside of local Orb host. The breakage appears to be between OrbStack and macOS host.
To Reproduce
Steps to re-produce:
Latest OrbStack 2.0.5 on latest macOS 26.2 on M4 Mac
Clone small repo I created to reproduce:
git clone https://github.com/ctyrider/clab-broken-dns.gitOpen repo on VSC on macOS, then open in container (Docker-outside-of-Docker DevPod):
F1 -> DevContainers Rebuild and Reopen in Container
Start the Containerlab in VSC container terminal:
clab deployYou should have 3 containers running:
docker exec -it linux1 shNSlookup fails to any public host:
However, DNS to other OrbStack containers works fine:
Expected behavior
DNS to 172.0.0.11 should resolve public resources. DNS in the same ContainerLab works fine, when not using OrbStack.
Diagnostic report (REQUIRED)
OrbStack info:
Version: 2.0.5
Commit: cfe47627f138ffd822c958553b0a93eaf2692c71 (v2.0.5)
System info:
macOS: 26.2 (25C56)
CPU: arm64, 10 cores
CPU model: Apple M4
Model: Mac16,10
Memory: 24 GiB
Full report: https://orbstack.dev/_admin/diag/orbstack-diagreport_2026-01-12T20-50-30.128281Z.zip
Screenshots and additional context (optional)
No response