Docker DNS problems on a VPN
Ok, this is really a post to help my own memory as I’ve had these problems more than once and more than once had to solve from scratch :(
The symptoms vary depending on what you’re trying to do of course, but the symptoms are that resources that are through a VPN tunnel are accessible outside of docker, but inside a container fail with DNS-related errors, for example:
Failed to establish a new connection: [Error -3] Temporary failure in
name resolution: https://something.on.vpn.network/some/cool/resource
The reason for this is that when the docker daemon starts up, it seems to learn about DNS servers at that time, but will not be taught about other DNS servers that become available, for example those that are through the VPN tunnel and provide lookup for servers on the VPN.
The solution to this is to tell the docker daemon about these (assuming they have a fixed IP address) by providing details in /etc/docker/daemon.json:
{
"dns": ["173.33.0.22", "8.8.8.8"]
}
Obviously replacing the IP address above with the DNS server on your VPN, and other DNS servers you might want to also include (I’ve included the Google DNS server IP here).
The results of this change are translated into your /etc/resolv.conf file in the running container:
> docker run bash:latest cat /etc/resolv.conf
nameserver 173.33.0.22
nameserver 8.8.8.8
If you’re not sure of the address of your VPN DNS server, you should be able to find it using a command similar to:
resolvectl status
I’ve found that most VPN clients (such as those based on OpenVPN) use the tun0 interface.
Hopefully this is helpful to someone out there. I suspect podman doesn’t have such problems without the docker daemon, but as much as I want to just throw out docker in favour of this, it always feels a little too much like spitting into the wind…
Thanks for reading! Please share this post if you found it useful, check out my other posts, and of course, consider buying me a coffee!
