https://bugzilla.redhat.com/show_bug.cgi?id=1128208
Bug ID: 1128208
Summary: docker io not using proper DNS
Product: Fedora
Version: 20
Component: docker-io
Assignee: lsm5(a)fedoraproject.org
Reporter: briemers(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, dgoodwin(a)redhat.com,
eparis(a)redhat.com, extras-qa(a)fedoraproject.org,
gansalmon(a)Gmail.com, golang(a)lists.fedoraproject.org,
hushan.jia(a)gmail.com, itamar(a)ispbrasil.com.br,
jeder(a)redhat.com, jonathan(a)jonmasters.org,
jpazdziora(a)redhat.com, jperrin(a)centos.org,
kernel-maint(a)redhat.com, lars(a)redhat.com,
lsm5(a)fedoraproject.org, madhu.chinakonda(a)gmail.com,
mattdm(a)redhat.com, mchehab(a)infradead.org,
mgoldman(a)redhat.com, pmoore(a)redhat.com,
rbriggs(a)redhat.com, s(a)shk.io, vbatts(a)redhat.com
Depends On: 1119849
The resolution for Bug #1119849 introduced a new problem.
I have a dockerfile that uses the command:
git clone
http://gitolite.corp.redhat.com/cgit/it-sales/sfjavasuite.git/
Up until the most recent update the dockerfile worked expected. Now it fails
with a hostname not found.
It seems part of the update is docker will now try and use fixed DNS values of
8.8.8.8 and 8.8.4.4. Which is of course in appropriate for anyone inside a
private network. In some cases it is even considered a security risk to have
DNS lookups leak to a public DNS server, as it gives outside user information
about the private network.
It is possible to update the docker options to work around the problem. But
of course the DNS servers obtained by DHCP, so it would require restarting
docker-io with new settings everytime a new network connection is
established...
Likewise another workaround is a set if iptable rules to override all DNS
lookups but again this introduces it's own set of problems.
And of course, I don't want to assume everyone who will use my Dockerfile has
updated their workstations and servers with whatever hack solution I use...
Reproduce steps:
1. docker run fedora cat /etc/resolv.conf
Expected results:
The DNS settings equivalent to the host, which in my case are:
$ cat /etc/resolv.conf
# Generated by NetworkManager
domain docbill.info
search docbill.info
nameserver 127.0.0.1
nameserver 172.31.253.1
nameserver 172.31.252.1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 10.11.255.155
nameserver 10.11.255.156
nameserver 10.5.26.21
nameserver 10.7.142.20
nameserver fe80::beae:c5ff:fee8:b5e%em1
nameserver fe80::4216:7eff:feea:a5b8%em1
nameserver 2001:470:1d:8a2::1
Actual results:
$ docker run fedora cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
search docbill.info
Note: I'm not sure how the previous docker-io version got the 127.0.0.1
correct. But somehow it figured out that was an instruction to use the dnsmasq
instance on my laptop.
Bill
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1119849
[Bug 1119849] su - postgres Results in System Error inside Fedora
20/rawhide containers
--
You are receiving this mail because:
You are on the CC list for the bug.