Issue
So I have a rather strange issue with my docker installation:
If I run
apt-get update
inside e.g. a debian container (docker run -it --rm debian) it always fails with error like
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Now this seems to be a DNS issue as discussed in so many other similar posts but here comes my spin on this issue: When I then try to ping the host
ping security.ubuntu.com
it works perfectly fine. The domain gets resolved and the pings work. e.g.
$ docker run -it —rm debian
root@0b6a6ec41a37:/# ping google.com
PING google.com (172.217.19.174): 56 data bytes
64 bytes from 172.217.19.174: icmp_seq=0 ttl=55 time=0.943 ms
I then tried an nslookup in a busybox container (docker run -it --rm busybox) which also works perfectly fine.
I started investigating this because I wanted to setup nextcloud with docker and the admin interface reports that the server could not verify a working internet connection because it can't resolve e.g. github.com.
The next amazing bit comes when I then connect to the running nextcloud container and do my tests on the commandline there. ping again works fine and this time even apt-get update works?!
I have done these tests both with ufw enabled and disabled. Same result.
I am now quite confused as to what is going on. Something must be wrong, either on my server or my networking around it but I can't figure out what the issue could be.
If someone already had such an issue it would be great to hear your take/solution. Thank you :)
Environment:
Host: Ubuntu 16.04.03-LTS
Docker: 17.09.0-ce
My daemon.json:
{
"graph": "/mnt/nfs/nas/docker",
"iptables": true,
"dns": ["10.0.16.1"],
"userland-proxy": true,
"ip": "127.0.0.1"
}
//Edit 02-10-2017
Regarding the resolv.conf and DNS Settings: Yes, I tried omitting the "dns" field in the daemon.json, then it just takes the value from the host resolv.conf and I also tried using "8.8.8.8" with the same result. My host resolv.conf contains:
nameserver 10.0.16.1
Solution
I seem to have fixed it but am not entirely sure which part fixed it. I did the following:
After a lot of trial and failure I decided to completely purge docker and all related folders from my system (I also removed the remaining bridge and reset my iptables), leaving only the daemon.json containing only:
{
"graph": "/mnt/nfs/nas/docker"
}
I then re-installed docker. It did not create the /var/lib/docker folder as I specified an NFS Volume as the graph root. I then tried again, but this time it couldn't even start the container! docker info gave me a "warning" that my nfs share does not support "d_type". I then stopped docker, removed my daemon.json and restarted. This of course created the /var/lib/docker and now I could launch the container and everything worked fine.
I guess my purge of the docker config and bridge fixed it or maybe my previous moving of graph root to my nfs volume broke it.
So everything behaves as it should but I still would have liked to have my volumes on my mounted NAS volume. I could probably switch to a different FS driver for docker, maybe then it would have worked from the beginning.
Answered By - Traspler
