[docker] View or configure Docker’s DNS server under Linux

Command configuration

To view or configure Docker’s DNS servers, you can use the following methods:

1. View Docker’s DNS configuration:

   • On Linux, you can view Docker’s DNS configuration by running the following command:

     docker info | grep -i dns
     

   • On Windows and macOS, DNS configuration can be found in Docker Desktop's settings.

2. Configure Docker’s DNS server:

   • On Linux, you can daemon.jsonconfigure the DNS server by editing Docker's configuration file. This file is usually located /etc/docker/in the directory. The configuration file can be opened using the following command:

     sudo nano /etc/docker/daemon.json
     

     Add or modify the field in the configuration file dnsto specify the desired DNS server address, for example:

     {
             
             
       "dns": ["8.8.8.8", "8.8.4.4"]
     }
     

     After saving the configuration file, restart the Docker service.
   • On Windows and macOS, you can use Docker Desktop's settings interface to configure the DNS server. Open Docker Desktop, click the Docker icon on the system tray, select "Settings", then select the "Daemon" tab, add the required DNS server address in the "DNS" section, save the changes, and restart Docker.

Configure in docker-compse

daemon.jsonIf you need to keep the DNS configuration consistent in Docker Compose , you can use daemon.jsonthe same DNS server configuration. The following is an example docker-compose.ymlfile that would be used with daemon.jsonthe same DNS server configuration:

version: '3'
services:
  myapp:
    image: myapp
    dns:
      - 127.0.0.11
      - 114.114.114.114
      - 8.8.8.8
    dns_search:
      - ""

In the above example, dnsthe field specifies daemon.jsonthe same DNS server configuration as the field, and dns_searchthe field is set to an empty string, indicating that the default search domain is not used.

Mount configuration, mount the host's resolv.conf

Mount path

- "/etc/resolv.conf:/etc/resolv.conf"

127.0.0.11 resolution server

127.0.0.11is a special IP address, which is Docker's default DNS resolver. When you use the default DNS resolver inside a Docker container, the container sends DNS queries to 127.0.0.11this address.

Inside Docker, the container runs its own DNS server, which handles DNS queries inside the container. Therefore, when applications inside the container need DNS resolution, they send DNS queries to 127.0.0.11this address.

127.0.0.11Only works within the Docker network and cannot be accessed through the host or other networks. This address is only used for DNS resolution inside the container.

Enter the container and use ping test

To get into the container and use pingthe command, you can use docker execthe command. Here are the specific steps:

1. First, use docker psthe command to view the list of running containers and find the ID or name of the container you want to enter.

2. Run the following command to enter the container's command line terminal:

   docker exec -it <容器ID或名称> /bin/bash
   

   This will enter the container's command line terminal in interactive mode. If bash is not installed in the container, you can try using /bin/shor other available shells.

3. pingAfter entering the container, you can execute commands in the command line terminal , for example:

   ping <目标IP或域名>
   

   Replace <目标IP或域名>with the IP address or domain name of the target you want to ping.

Note that to use docker execthe command to enter a container, the container must be running. If the container is stopped, docker startstart the container first using the command.

Test DNS domain name resolution in the container

pingTo test whether the container can resolve the domain name, you can use the or command inside the container nslookup. Here are two methods:

1. Use pingthe command to test domain name resolution:

   • Enter the command line terminal of the container and use docker execthe command mentioned above.
   • Inside the container, run pingthe command and specify the domain name, for example:

     ping example.com
     

   • If the container is able to resolve and communicate with the domain name, output similar to the following will be displayed:

     PING example.com (93.184.216.34): 56 data bytes
     64 bytes from 93.184.216.34: icmp_seq=0 ttl=57 time=13.571 ms
     ...
     

2. Use nslookupthe command to test domain name resolution:

   • Enter the command line terminal of the container.
   • Inside the container, run nslookupthe command and specify the domain name, for example:

     nslookup example.com
     

   • If the container is able to resolve the domain name, output similar to the following will be displayed:

     Server:    127.0.0.11
     Address 1: 127.0.0.11
     
     Name:      example.com
     Address 1: 93.184.216.34
     

Please note that the above command only tests domain name resolution inside the container. If the DNS configuration inside the container is incorrect or the container cannot access the DNS server, domain name resolution may fail.

Use digthe command to perform domain name resolution

If nslookupthe error message "bash: nslookup: command not found" appears when executing a command inside a container, it means that nslookupthe command is not installed in the container.

In some base images, such as Alpine, etc., nslookupthe command may not be included. You can try using other available commands to test domain name resolution.

An alternative is to use digthe command to perform domain name resolution. The following is digan example of using the command:

1. Enter the command line terminal of the container.
2. Inside the container, run digthe command and specify the domain name, for example:

   dig example.com
   

3. If the container is able to resolve the domain name, output similar to the following will be displayed:

   ; <<>> DiG 9.10.3-P4-Debian <<>> example.com
   ;; global options: +cmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34350
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
   
   ;; OPT PSEUDOSECTION:
   ; EDNS: version: 0, flags:; udp: 4096
   ;; QUESTION SECTION:
   ;example.com.            IN      A
   
   ;; ANSWER SECTION:
   example.com.     604800  IN      A       93.184.216.34
   
   ;; Query time: 2 msec
   ;; SERVER: 8.8.8.8#53(8.8.8.8)
   ;; WHEN: Mon May 10 15:32:39 UTC 2021
   ;; MSG SIZE  rcvd: 56
   

If the command is not installed in the container dig, you can try using other available commands such as pingor curlto test domain name resolution.

Install dig command to linux server

To install the command on a Linux system dig, you can follow the steps below:

1. Open a terminal or command prompt.

2. Use the package manager appropriate for your Linux distribution to install digthe command. The following are installation commands for some common Linux distributions:

   • Debian or Ubuntu：

     sudo apt-get install dnsutils
     

   • CentOS or RHEL:

     sudo yum install bind-utils
     

   • Fedora：

     sudo dnf install bind-utils
     

   • Arch Linux：

     sudo pacman -S bind-tools
     

   Depending on your distribution, run the appropriate command to install digthe command.

3. After the installation is complete, you can run commands in the terminal digto perform domain name resolution. For example:

   dig example.com
   

digIn this way, you can use the command to perform domain name resolution on the Linux system .

“Unable to locate package dnsutils” error

If dnsutilsyou encounter the error message "Unable to locate package dnsutils" during the installation process, it means that the package is not available in the software source of the distribution you are using.

dnsutilsIt is a commonly used network toolkit that contains digcommands for performing operations such as domain name resolution.

In some distributions, dnsutilsit may be named something else, or may not be included in the default software repositories. You can try the following solutions:

1. Update the package list: Run the following command to update the package list and try the installation again dnsutils:

   • Debian or Ubuntu：

     sudo apt update
     

   • CentOS or RHEL:

     sudo yum update
     

   • Fedora：

     sudo dnf update
     

2. Check the package name: in some distributions, dnsutilsit is called bind-utils. Try installing bind-utils:

   • Debian or Ubuntu：

     sudo apt install bind9-dnsutils
     

   • CentOS or RHEL:

     sudo yum install bind-utils
     

   • Fedora：

     sudo dnf install bind-utils
     

3. Check software sources: You may need to add additional software sources or update software source configurations to ensure they dnsutilsare available. You can consult the documentation for your distribution to learn how to add or update software sources.

If none of the above works, you can try searching for alternative toolkits for your distribution, or contact the distribution's community or administrators for support and advice.

Note that different distributions and versions may have different package names and software source configurations.

Flush DNS cache

To flush the DNS cache, the specific steps depend on the operating system you are using. The following are methods for refreshing the DNS cache of several common operating systems:

1. Windows system:

   • Open the Command Prompt (CMD) window by pressing Win key + R, then enter cmdand press Enter.
   • In the Command Prompt window, enter the following command and press Enter:

     ipconfig /flushdns
     

2. macOS system:

   • Open the Terminal application by pressing the Command key + Spacebar and then typing "Terminal".
   • In a terminal window, enter the following command and press Enter:

     sudo killall -HUP mDNSResponder
     

3. Linux system:

   • Open the Terminal application.
   • In a terminal window, enter the following command and press Enter:
     • Ubuntu/Debian：

       sudo systemctl restart systemd-resolved
       

     • CentOS/Fedora：

       sudo systemctl restart NetworkManager
       

Note that flushing the DNS cache may require administrator privileges, so on Windows and macOS systems you may need to run the command as administrator or superuser.

After flushing the DNS cache, your computer will requery the DNS server to obtain the latest domain name resolution results.

Test target website using curl

You can use curlcommand line tools to test access to the target website. Here is an curlexample command to access the target website using :

curl https://api.weixin.qq.com/cgi-bin/token //替换为你自己解析的域名url

This command will https://api.weixin.qq.com/cgi-bin/tokensend a GET request to and print the server's response to the terminal.

Please make sure that your computer has the command line tools installed curland can be run through the terminal or command prompt.

After running the above command, observe the terminal output and you will see the response results of the target website. If the response can be obtained successfully, it means that the target website can be accessed normally.