Fixing Docker Container DNS Resolution Issues on Ubuntu 14.04 Host


2 views

When running Docker containers on Ubuntu 14.04, you might encounter a frustrating situation where DNS resolution fails inside containers while basic network connectivity (like ping) works perfectly. The error typically appears when trying to run apt-get update or other network operations requiring DNS:

Err http://archive.ubuntu.com trusty InRelease
Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8c01::19). 
- connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::19 80]

Key symptoms include:

  • Containers can ping external IPs (8.8.8.8) and domains (google.com)
  • DNS-based operations fail (apt-get, curl domain names)
  • IPv6 errors appear despite IPv6 being disabled on host
  • Changing to Google DNS (8.8.8.8) doesn't resolve the issue

First, check the container's network interfaces:

docker run -it ubuntu /bin/bash
root@container-id:/# cat /etc/resolv.conf
root@container-id:/# apt-get update -o Debug::Acquire::http=1

You'll likely see Docker's default bridge network configuration with proper IP assignment but broken DNS resolution.

The issue stems from how Docker handles DNS on Ubuntu 14.04. Here's the definitive fix:

# Stop Docker service
sudo service docker stop

# Edit Docker configuration
sudo nano /etc/default/docker

# Add these lines (or modify existing DOCKER_OPTS):
DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --dns-search=."

# Restart Docker
sudo service docker start

For newer Docker installations, use the daemon.json approach:

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<EOF
{
  "dns": ["8.8.8.8", "8.8.4.4"],
  "dns-search": ["."]
}
EOF

sudo service docker restart

After applying the changes, test DNS resolution:

docker run --rm ubuntu bash -c "cat /etc/resolv.conf; apt-get update"

You should now see successful package updates without DNS errors.

The solution works because:

  • Forces Docker to use reliable public DNS servers
  • Prevents conflicts with host network configurations
  • Works around Ubuntu 14.04's specific networking quirks
  • Maintains compatibility with both IPv4 and IPv6 operations

If issues persist, try these steps:

# Flush Docker networks
docker network prune

# Check iptables rules
sudo iptables -L -n

# Verify DNS in container
docker run --rm busybox nslookup google.com

When working with Docker on Ubuntu 14.04, I encountered a particularly frustrating scenario where containers suddenly lost DNS resolution after initially working fine. The containers could ping external IP addresses but failed to resolve domain names, making package management impossible.

# Typical error output showing IPv6 connection failures
Err http://archive.ubuntu.com trusty InRelease
Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8c01::19). 
- connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::19 80]

Before diving into solutions, let's verify some basic connectivity from within a container:

docker run -it ubuntu:14.04 /bin/bash

# Inside container:
ping 8.8.8.8  # Should work
ping google.com  # Might work initially but fail later
apt-get update  # Will likely fail

The key observations from my troubleshooting:

  • Ping to IP addresses succeeds (both IPv4 and IPv6)
  • DNS resolution fails for package repositories
  • Forcing IPv4 doesn't solve the issue
  • Even after changing to Google's DNS (8.8.8.8), problems persist

After extensive testing, here are the effective approaches:

Solution 1: Configure Docker Daemon DNS Settings

Edit /etc/default/docker:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --dns-search ."

Then restart Docker:

sudo service docker restart

Solution 2: Disable IPv6 System-Wide

Edit /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Apply changes:

sudo sysctl -p

Solution 3: Custom Container DNS Configuration

Run containers with explicit DNS settings:

docker run --dns=8.8.8.8 --dns=8.8.4.4 -it ubuntu:14.04

These commands help diagnose networking issues:

# Check container network interfaces
docker exec -it container_name cat /etc/resolv.conf

# Inspect Docker network configuration
docker network inspect bridge

# Check DNS resolution inside container
docker exec -it container_name nslookup google.com

For Docker builds failing due to DNS, add this to your Dockerfile:

RUN echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4

After applying fixes, verify DNS works in new containers:

docker run --rm ubuntu:14.04 sh -c 'apt-get update && apt-get install -y dnsutils && nslookup google.com'