Dind container not receiving host resolv.conf settings


#1

After wasting many hours trying to get the Drone-spawned docker container to resolve my cluster domain names, I want to reach out here for help. Like the title says, the spawned docker container does not get the resolver settings from the host. These are needed as they are the only known dns resolver for that container. I see no other way to query a cluster dns for the ip. Anybody?


#2

Have you tried to reproduce and debug this with pure docker commands? For example you can create a dind container with a custom user-define bridge network:

docker network create custom
docker run --net=custom --privileged --rm --name=dind docker:17.05.0-ce-dind

Check the resolv.conf inside the container. Does it exist? Is it what you expected?

docker exec -i dind /bin/sh -c "cat /etc/resolv.conf"

Check the resolv.conf inside containers inside the container. Does it exist? Is it what you expected?

docker exec -i dind /bin/sh -c "docker run -i alpine /bin/sh -c 'cat /etc/resolv.conf'"

The reason I suggest trying to reproduce with basic docker commands is because then you can post to the docker forum or kubernetes forums, where you are more likely to get a response from a docker networking expert that can advise further.


EDIT here are my results

without a custom network

$> docker exec -i dind /bin/sh -c "cat /etc/resolv.conf"
# Generated by dhcpcd from eth0.dhcp
# /etc/resolv.conf.head can replace this line
domain Belkin
nameserver 192.168.65.1
# /etc/resolv.conf.tail can replace this line

$> docker exec -i dind /bin/sh -c "docker run -i alpine /bin/sh -c 'cat /etc/resolv.conf'"
# Generated by dhcpcd from eth0.dhcp
# /etc/resolv.conf.head can replace this line
domain Belkin
nameserver 192.168.65.1
# /etc/resolv.conf.tail can replace this line

with a custom network

$> docker exec -i dind /bin/sh -c "cat /etc/resolv.conf"
nameserver 127.0.0.11
options ndots:0

$> docker exec -i dind /bin/sh -c "docker run -i alpine /bin/sh -c 'cat /etc/resolv.conf'"
options ndots:0
nameserver 8.8.8.8
nameserver 8.8.4.4

We can see with a custom network that docker handle dns differently inside the dind container, compared with inside containers in the dind container.

-nameserver 127.0.0.11
options ndots:0
+nameserver 8.8.8.8
+nameserver 8.8.4.4

So my recommendation is to show this pure docker example to docker or kubernetes folks to get advise on low-level, host machine network configurations. I cannot speak for the broader drone community, but this is outside my area of expertise. Sorry.


#3

Thanks for chipping in again Brad, I now almost exhaustively tried all combinations. The --net=custom just kills all cluster dns resolvers. Does not matter what I throw at it by means of --dns --dns-search --dns-opt[=ndots:1..5]. Straight passing it in with nslookup {domain} {dnsip} times out. The custom network probably shields the container entirely, and when reading this post I think there was an intention for the --dns settings to work in dind, but never really did:

https://github.com/moby/moby/issues/20037

So yes, nothing to do with Drone itself, but I am starting to dislike dind more and more.