No internet connection inside Docker containers

networking docker ubuntu

I cannot execute any command requiring internet connection inside any Docker container.

Works:

docker run ubuntu /bin/echo 'Hello world'

Does not work:

docker run ubuntu apt-get update

Err:1 http://archive.ubuntu.com/ubuntu xenial InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu xenial-security InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-security/InRelease  Temporary failure resolving 'archive.ubuntu.com'

Similar with pip and ping.

I am on Ubuntu 16.04 and not using firewall or corporate proxy server and have tried to restart Docker.

Upd:

Update in interactive mode fails in the same fashion.

docker exec -ti angry_goodall /bin/bash
apt-get update
#fails
ping google.com
#fails with "unknown host" message
ping 8.8.8.8 
# shows PING 8.8.8.8 (8.8.8.8): 56 data bytes
# and than hangs indefinetly

sudo apt-get update runs successfully on host, i.e. on my computer outside docker.

Upd Docker version 1.12.1, build 23cf638


As suggested by creack on GitHub issue #866 for Docker:

pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
docker -d

"It will force docker to recreate the bridge and reinit all the network rules"


There is a similar issue at StackOverflow where a different solution solves this issue with Docker 17.09 on Ubuntu 16.04:

Check the contents of resolv.conf:

$ cat /etc/resolv.conf

If it includes a line like nameserver 127.0.1.1 it means the containers are obtaining an incorrect names server. To fix this edit the NetworkManager.conf file:

$ sudo pico /etc/NetworkManager/NetworkManager.conf

And comment out the line with dns=dnsmasq; the file should look like this:

[main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq

[ifupdown]
managed=false

Finally, restart the network manager:

$ sudo systemctl restart network-manager

Test again the container:

$ docker run ubuntu:16.04 apt-get update
Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]

I've already answered it here: https://stackoverflow.com/a/45644890/

I'm copying the answer below:

First thing to check is run cat /etc/resolv.conf in the docker container. If it has an invalid DNS server, such as nameserver 127.0.x.x, then the container will not be able to resolve the domain names into ip addresses, so ping google.com will fail.

Second thing to check is run cat /etc/resolv.conf on the host machine. Docker basically copies the host's /etc/resolv.conf to the container everytime a container is started. So if the host's /etc/resolv.conf is wrong, then so will the docker container.

If you have found that the host's /etc/resolv.conf is wrong, then you have 2 options:

  1. Hardcode the DNS server in daemon.json. This is easy, but not ideal if you expect the DNS server to change.

  2. Fix the hosts's /etc/resolv.conf. This is a little trickier, but it is generated dynamically, and you are not hardcoding the DNS server.

1. Hardcode DNS server in docker daemon.json

  • Edit /etc/docker/daemon.json

     {
     "dns": ["10.1.2.3", "8.8.8.8"]
 }  * Restart the docker daemon for those changes to take effect:      `sudo systemctl restart docker`

  • Now when you run/start a container, docker will populate /etc/resolv.conf with the values from daemon.json.

2. Fix the hosts's /etc/resolv.conf

A. Ubuntu 16.04 and earlier

  • For Ubuntu 16.04 and earlier, /etc/resolv.conf was dynamically generated by NetworkManager.

  • Comment out the line dns=dnsmasq (with a #) in /etc/NetworkManager/NetworkManager.conf

  • Restart the NetworkManager to regenerate /etc/resolv.conf : sudo systemctl restart network-manager

  • Verify on the host: cat /etc/resolv.conf

B. Ubuntu 18.04 and later

  • Ubuntu 18.04 changed to use systemd-resolved to generate /etc/resolv.conf. Now by default it uses a local DNS cache 127.0.0.53. That will not work inside a container, so Docker will default to Google's 8.8.8.8 DNS server, which may break for people behind a firewall.

  • /etc/resolv.conf is actually a symlink (ls -l /etc/resolv.conf) which points to /run/systemd/resolve/stub-resolv.conf (127.0.0.53) by default in Ubuntu 18.04.

  • Just change the symlink to point to /run/systemd/resolve/resolv.conf, which lists the real DNS servers: sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

  • Verify on the host: cat /etc/resolv.conf

Now you should have a valid /etc/resolv.conf on the host for docker to copy into the containers.

Related

How do I save an excel spreadsheet as a semi-colon separated values file?
Editing HTML source code with Google Chrome
How to open two independent instances of Foxit Reader?
Convert from MOV to MP4 Container format
Firefox writes megabytes of data per minute to disk, why?
Creating references that are bracketed numbers, not citation
Insert a column of text with sublime text 3
When I am prompted to restart after uninstalling software, is a shutdown okay too?
Windows 10 Media Creation Tool "We can't find a USB flash drive"
Why does the `ls` command sort files like this?
Icons not showing in windows 10 search
Can you share wisdom on using HISTIGNORE in bash?