This seems to be an issue with docker/docker (https://github.com/docker/docker/issues/20101), but we need more information to be able to triage it. It doesn't reproduce for me either.

If you could provide more information to https://github.com/docker/docker/issues/20101 about your environment (Host OS, docker info, cat /etc/resolv.conf, etc) that would help get the issue resolved.

127.0.0.11 is a loopback IP address. It is used by the embedded docker DNS server.

@mmarzantowicz also pls confirm if you are using fedora/centos/RHEL ?
If yes, we have a known issue and the workaround is to disable firewalld.

@mmarzantowicz btw, if you can read about the embedded-DNS server (since you seem to be interested in knowing about 127.0.0.11 :) ) :
https://github.com/docker/docker/blob/ef52a53c34d9f128d9435d031442509837c25c02/docs/userguide/networking/dockernetworks.md#docker-embedded-dns-server

@mavenugo , my host OS is Arch Linux and only guests are on Fedora or anything RH-based. I do not have any firewalls enabled so docker rules. I now understand how DNS works but it looks like I have different connectivity issue to solve than I primarily thought. Thanks for your comments.

I'm closing this issue as I'm no longer able to reproduce this bug. I'm not sure why some apps in container were complaining about DNS server at 127.0.0.11. I'll reopen this issue in case I find it possible to reproduce mentioned failure again.

Thanks for all your support.

I have the exact same problem.
When starting the container with docker run --dns it works perfectly.
When I set the dns in the docker-compose the resolv.conf on the container is not updated...

docker compose file

version: '2'
services:
  app:
    image: toto
    container_name: toto
    restart: always

    hostname: toto.example.org
    dns:
      - 192.168.1.1
    ports:
      - "8000:80"

    volumes:
      - "/etctoto:/etc/toto"

    logging:
      driver: syslog
      options:
        syslog-tag: "{{.Name}}.{{.ID}}"

docker-compose v1.6
docker info :

Containers: 2
 Running: 2
 Paused: 0
 Stopped: 0
Images: 4
Server Version: 1.10.2
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 66
 Dirperm1 Supported: false
Execution Driver: native-0.2
Logging Driver: json-file
Plugins: 
 Volume: local
 Network: bridge null host
Kernel Version: 3.13.0-24-generic
Operating System: Ubuntu 14.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.798 GiB
Name: node02
ID: XNGO:L6KC:FGXE:T34M:2K4H:MTTL:WL6V:VOAQ:THV7:YFCG:3ZGP:N5WA
WARNING: No swap limit support

Please, reopen this. I also can confirm this issue on Ubuntu 14.04. Restarting Docker service is what solves the issue.

@ernetas, please check your issue is not related to one mentioned by @dnephin in response to my original post. I'm not aware of what version of docker/docker-compose are you having issues with on Ubuntu but it already might have been fixed upstream.

I investigate on my side and I found my problem. I cannot speak for everybody but here is what I found:

Setting the property: net: "host" in the docker-compose file or --net host in the docker run command will result in the ports not displayed when doing a docker ps. It is normal because setting this property let the container inherits the host network settings.

As per documentation, this configuration is not recommend so I change it to: net: "bridge" (default if not specified) and added a DNS on my docker host to solve my communication problems.

I am on CentOS 7 and I have this problem. I am on docker-compose 1.7.1 and Docker 1.11.1.

dns: 8.8.8.8 is not added into /etc/resolv.conf at all and I am not able to add any host to /etc/hosts as well by linking some other service. I have custom bridge network.

I have three compose files and I am doing it like docker-compose -f first.yml -f second.yml -f third.yml up -d.

I checked that these services are started in order so the target container I want to add a link for is the last one in the starting chain.

I tried to add external_link but without success as well.

I am not completely sure what is wrong but I am not able to add e.g. dns record to /etc/hosts at all even I am using just docker-compose up -d on a single docker-compose.yml with one service.

I am trying to setup nexus repo:

version: '2' 
services:
    nexus:
        hostname: nexus
        domainname: somedomain.net
        container_name: nexus
        image: sonatype/nexus:oss
        networks:
            server-net:
                ipv4_address: 172.19.0.7
        ports:
            - "8081:8081"
        volumes:
            -  /srv/docker/nexus/nexus-data:/sonatype-work
        dns:
            - 8.8.8.8
        dns_search:
            - somedomain.net
        environment:
            - MAX_HEAP=768m

networks:
    server-net:
        driver: bridge
        ipam:
            driver: default
            config:
                - subnet: 172.19.0.0/24
                  gateway: 172.19.0.1

I have verified that it works with --dns flag on normal docker run

docker run -d -p 8081:8081 \
    --name nexus \
    --dns 8.8.8.8 \
    sonatype/nexus

However, it does not work when I create a network manually like this:

docker network create server-net
docker run -d -p 8081:8081 \
    --name nexus \
    --net server-net \
    --dns 8.8.8.8 \
    sonatype/nexus

In this case, it is not there. Very interesting ... Why specifying network prevents me from adding DNS record to /etc/hosts?

+1 same issue for me

How to slove dns problem when using docker-compose ?
When i changed dns in /etc/resolv.conf - every links to other containers not working.

Install dnsmasq on the host and you should be alright and put the container to net: bridge.

This issue is a critical one, please open it ASAP.
Without ability to properly define DNS, compose is a harming manner, especially on production.
Please consider removing 1.6 until problem is not fixed.

DNS is configured differently when using a custom network (as is the case when using v2 of the Compose file format), but the dns setting is still respected. From the Docker networking docs:

The IP addresses passed via the --dns option is used by the embedded DNS server to forward the DNS query if embedded DNS server is unable to resolve a name resolution request from the containers. These --dns IP addresses are managed by the embedded DNS server and will not be updated in the container's /etc/resolv.conf file.

You can be right if DNS are down by docker's bug:
https://github.com/docker/docker/issues/11407
But I'll wait till this one is resolved and then try again.

Till then docker, so long, and thanks for all the fish...

Anyone found a fix for this?

No fix, you need to change host dns network settings to get a result.

I had the same problem under docker-compose 1.11. Solved adding network_mode to the yaml configuration.

Hello!
I am facing the same issue in Ubuntu 14.04 under proxy.

$ docker version
Client:
Version: 17.03.1-ce
API version: 1.27
Go version: go1.7.5
Git commit: c6d412e
Built: Fri Mar 24 00:40:33 2017
OS/Arch: linux/amd64
Server:
Version: 17.03.1-ce
API version: 1.27 (minimum version 1.12)
Go version: go1.7.5
Git commit: c6d412e
Built: Fri Mar 24 00:40:33 2017
OS/Arch: linux/amd64

$ docker-compose version
docker-compose version 1.11.2, build dfed245
docker-py version: 2.2.1
CPython version: 2.7.6
OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014

$ docker info
Containers: 61
Running: 0
Paused: 0
Stopped: 61
Images: 8
Server Version: 17.03.1-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 130
Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 3.13.0-77-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.575 GiB
Name: HP
ID: PMD5:MD5B:XRP5:2KJ2:MVQW:XIQW:XFBJ:JZDP:TERL:4VMN:TX6F:EAWD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: https://user:[email protected]:3128/
Https Proxy: https://user:[email protected]:3128/
Username: johnsonbhengra
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Experimental: false

$ uname -a
Linux HP 3.13.0-77-generic #121-Ubuntu SMP Wed Jan 20 10:50:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

I tried updating the dns in /etc/default/docker
I updated /etc/resolv.conf
Even tried commenting #dnsmasq
But no success, still the same error

Please Help!!

Same problem, docker version 17.04.0-ce, docker-compose version 1.12.0, build b31ff33

I'm having the same issue as above, exact same docker version, and docker-compose version. This breaks functionality for me currently...

Same issue here:

Client:
Version: 17.05.0-ce
API version: 1.29
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:06:06 2017
OS/Arch: linux/amd64

Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:06:06 2017
OS/Arch: linux/amd64
Experimental: false

Hello,

i have the same on Ubuntu 16.04.2 LTS
with docker-ce 17.03.1

best regards

The same problem here
alpine 3.6
Docker version 17.03.1-ce
docker-compose version 1.13.0

same problem on ubuntu 16.04 EC2 instance

Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64
 Experimental: false

why is this unsolved issue closed ?

@dnephin any way to reopen this issue? I'm having a similar problem :(

Adding this into docker-compose.yml solved my DNS issues:

dns: 8.8.8.8
dns_opt:
  - use-vc
  - no-tld-query

Setting the dns in docker-compose.yml is one option.
The real problem is the /etc/resolv.conf file on the host system, this generated by a network manager and should be a symlink.
Docker containers use this file on the host system:

In the absence of the --dns=IP_ADDRESS..., --dns-search=DOMAIN..., or --dns-opt=OPTION... options, Docker uses the /etc/resolv.conf of the host machine (where the docker daemon runs). While doing so the daemon filters out all localhost IP address nameserver entries from the host’s original file.

Filtering is necessary because all localhost addresses on the host are unreachable from the container’s network. After this filtering, if there are no more nameserver entries left in the container’s /etc/resolv.conf file, the daemon adds public Google DNS nameservers (8.8.8.8 and 8.8.4.4) to the container’s DNS configuration. If IPv6 is enabled on the daemon, the public IPv6 Google DNS nameservers will also be added (2001:4860:4860::8888 and 2001:4860:4860::8844).

In my case upgrading to Ubuntu 17.04 probably triggered NetworkManager to misconfigure /etc/resolv.conf. As is shown here, sudo dpkg-reconfigure resolvconf fixed the issue for me.

I'll be interested by a solution to this issue...

@jurrian
Thanks, 'sudo dpkg-reconfigure resolvconf' solves my problem.
Docker version 1.13.1, build 092cba3
docker-compose version 1.8.0, build unknown
Ubuntu 16.04.2 LTS

I still have this issue with

$ docker-compose --version
docker-compose version 1.18.0, build 8dd22a9
$ docker --version
Docker version 17.12.0-ce, build c97c6d6
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 17.10
Release:    17.10
Codename:   artful

docker-compose.yml looks like this:

version: '3'

services:
  global_flask:
    build: global_flask
    restart: always
    ports:
      - 8080:8080

Doesn't matter if I am using version 3 or 2. Same problem with ndots anyways.

Second this. Running on debian stretch:

# dc version
docker-compose version 1.19.0, build 9e633ef
docker-py version: 2.7.0
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

 # docker --version
Docker version 17.12.0-ce, build c97c6d6

dns resolving for internal addresses is not working:

version: "3"
services:
  client1:
    build: ./testclient
    cap_add:
     - NET_ADMIN
    dns: 10.100.128.77
    image: "oclient:testing"
    container_name: "client1"
    privileged: true
    tty: true
    networks:
      nwclient1: {}
    volumes:
     - ./../:/ovpnconfig
    command: openvpn /ovpnconfig/client1.ovpn
  client2:
    build: ./testclient
    cap_add:
     - NET_ADMIN
    dns: 10.100.128.77
    image: "oclient:testing"
    container_name: "client2"
    privileged: true
    tty: true
    networks:
      nwclient2: {}
    volumes:
     - ./../:/ovpnconfig
    command: openvpn /ovpnconfig/client2.ovpn
networks:
  nwclient1:
    #internal: true
  nwclient2:
    #internal: true

Container:

dc run --rm client1 bash
bash-4.4# cat /etc/resolv.conf
search de.company.int
nameserver 127.0.0.11
options ndots:0
bash-4.4#

Host:

cat /etc/resolv.conf
# Generated by NetworkManager
search de.company.int
nameserver 10.100.128.77
nameserver 10.100.128.80

Starting regular docker run with --dns option works.

Does anyone have a workaround for this?
docker 18.05.0-ce-dev
ubuntu 18.04
docker-compose version 1.20.1, build 5d8c71b

similar to above, when docker-compose creates the networks, it sets the resolv.conf to 127.0.0.11 in the containers, but they don't have anything listening to that inside the container, so it fails.

using docker run w/ default (default bridge, default dns) works.

there is a a workaround using volume mapping to pull in a resolv.conf, e.g.:

version: '2'
services:
    test.base:
        container_name: test.base
        image: docker.pnet.ch/r-base:latest
        restart: on-failure
        networks:
            - mynet
        volumes:
            - ./resolv.conf:/etc/resolv.conf

see see https://stackoverflow.com/questions/41243665/docker-compose-does-not-update-resolv-conf

This issue should really be fixed, but the workaround is effective

Why is this closed, it is clearly not fixed...
Same problem on Centos 7 with docker-compose 1.21.2

Still, have the same issue

Ubuntu 18.04 LTS
Docker version 18.03.1-ce, build 9ee9f40
docker-compose version 1.21.2, build a133471
docker-py version: 3.4.0
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.1.0g  2 Nov 2017

docker run --rm -it --dns 1.1.1.1 alpine cat /etc/resolv.conf

it shows

nameserver 1.1.1.1

When using docker-compose
tee docker-compose.yml

version: '3'
services:
  test-dns:
    image: alpine
    command: cat /etc/resolv.conf
    dns: 1.1.1.1

it shows:

Creating ss-compose_test-dns_1 ... done
Attaching to ss-compose_test-dns_1
test-dns_1 | nameserver 127.0.0.11
test-dns_1 | options ndots:0
ss-compose_test-dns_1 exited with code 0

See the related posts, there is a PR opened to fix it, but not yet merged.

For me the problem is not fix.
When I with a 'docker run --dns' command, the DNS work but not with the docker-compose file.

Just specify the DNS in your docker-compose file and it ill work, the PR is not yet merged for some reason. Feel free to comment on it so they finally merge it.

Has this issue been resolved?

I still have the issue with a Centos 7 host, Alpine 3.8 container and docker-compose. Changing ndots:0 to ndots:1 lets me resolve hostnames with the domain name suffix in the search path.

This issue has been solved, the PR was merged. It should be release by now. Have you updated your docker?

Yes, I've updated the Centos host, see below. I tested the same compose file on a OSX host running Docker version 18.09.0 and docker-compose version 1.23.1 and don't have this issue.

Kernel Version: 3.10.0-862.11.6.el7.x86_64
Operating System: CentOS Linux 7 (Core)

Docker version 18.09.0, build 4d60db4
docker-compose version 1.23.1, build b02f1306

Host - /etc/resolv.conf

search acme.local acme.new.local
nameserver 10.1.1.1
nameserver 10.2.2.2

Container - /etc/resolv.conf

search acme.local acme.new.local
nameserver 127.0.0.11
options ndots:0

Test within container -

# ping example
ping: bad address 'example'

# ping example.acme.new.local
PING example.acme.new.local (10.1.2.3): 56 data bytes
64 bytes from 10.1.2.3: seq=0 ttl=59 time=3.541 ms

Test within container after setting options ndots:0 to options ndots:1 in /etc/resolv.conf

# ping example
PING example (10.1.2.3): 56 data bytes
64 bytes from 10.1.2.3: seq=0 ttl=59 time=3.541 ms

Resolved my issue by creating and adding the below to /etc/docker/daemon.json on the Centos:7 host.

{
  "dns-opts":[
    "ndots:1"
  ]
}

@dpizzle were you using swarm? No matter what I do, I can't get any DNS resolution within my containers. Driving me crazy!

Hi @mcblum, I wasn’t using swarm, just standalone docker. The above snippet worked for me.

Thank you!

this issue is not solved @mmarzantowicz open it again,

Dear all,

We were facing the same issue. Starting a container with docker run --dns was working fine, the file /etc/resolv.conf inherits the DNS servers of the host. However, using the dns option in docker-compose.yml leaves the default content:

search name.of.our.domain
nameserver 127.0.0.11
options ndots:0

After adding network_mode: bridge in the YML file it works, the file resolv.conf gets the configured DNS servers. I thought bridge was the option used by default.

I wonder whether this could be documented somewhere alongside the dns option? I couldn't find the solution until reading all different workarounds here.

@uy-rrodriguez I also always thought the default network mode was bridge, but turns out it's not the case. It is mentioned in the compose documentation:

By default Compose sets up a single network for your app. Each container for a service joins the default network and is both reachable by other containers on that network, and discoverable by them at a hostname identical to the container name.

Thank you for the link @dozerman94 . When I was looking for help with the problem above, the point I couldn't find in the official docs was the need of selecting network_mode: bridge to have your custom dns applied into /etc/resolv.conf. Although I agree it makes sense not to touch that file when the services' network is private and only shared between them, it feels weird to change a Docker configuration option and not see any change on your image.