I have clean Ubuntu MATE 16.04.6 LTS installed.
I installed Docker from repository here with:
sudo apt-get install docker.io
and added my user to docker group with
sudo usermod -a -G docker $USER
then I downloaded Ubuntu 19.04 container with
docker pull ubuntu:19.04
and tried to run apt update inside it
docker run -it ubuntu:19.04 apt update
but got network errors:
$ docker run -it ubuntu:19.04 apt update Err:1 http://archive.ubuntu.com/ubuntu disco InRelease Temporary failure resolving 'archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu disco-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://archive.ubuntu.com/ubuntu disco-updates InRelease Temporary failure resolving 'archive.ubuntu.com' Err:4 http://archive.ubuntu.com/ubuntu disco-backports InRelease Temporary failure resolving 'archive.ubuntu.com' Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-updates/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/disco-backports/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/disco-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead.
The /etc/resolv.conf inside container is the following:
$ docker run -it ubuntu:19.04 cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTENnameserver 8.8.8.8 nameserver 8.8.4.4
The host system has internet, the NetworkManager is used with default settings:
$ cat /etc/NetworkManager/NetworkManager.conf [main] plugins=ifupdown,keyfile,ofono dns=dnsmasq[ifupdown] managed=false
all files on the system are unchanged - the debsums --changed --all --silent command returns nothing.
The requested output of iptables -S is below:
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
Which settings should I change to fix DNS (name resolution) from Docker container?
Notes:
- I know about disabling DNS masquerading (
#dns=dnsmasq), but I do not want to use this option. - I got the same result while using Docker-CE from docker.com.
- The system installed from netinstall mini.iso does not suffer from aforementioned problem. It uses
ifupdown. So the NetworkManager is the root of this problem.
docker.iopackage from the universe repo. Any specific reason you need that one? Otherwise I'd suggest uninstalling it and tryingdocker-cefrom Docker's own official repo instead. Follow https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-using-the-repository – Byte Commander Jul 30 '19 at 14:44sudo iptables -S). Maybe you're blocking traffic on the virtual interface docker uses? – Byte Commander Jul 30 '19 at 17:36