Docker containers don't resolve DNS

[wokoman]

Hi guys,

Sorry to bother, but I got perhaps a fairly easy problem, but I can't seem to be able to solve it.

I have 1 host with 3 VMs, all of them can reach Internet and resolve domain names, but Docker containers running on said VMs can't resolve DNS (ping google.com fails), but can reach Internet (ping 1.1.1.1 works).

/etc/resolv.conf looks same in all places (host, VM, Docker container):

nameserver 1.1.1.1

This is /etc/network/interfaces on the host:

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.30
        netmask 255.255.255.0
        gateway 10.0.0.100
        bridge_ports enp0s31f6
        bridge_stp off
        bridge_fd 0

iface wlp2s0 inet manual

VMs are running on CentOS 8 Stream and have static address ending .31, 32 and .33, with gateway also 10.0.0.100. They have PVE firewall disabled.

I've found numerous threads, where people had issue with Docker not connecting to Internet at all, but mine only fails on DNS.
Does that "masquerading" also concern my setup?

Thank you for any suggestion!

 

[Stefan_R]

Does that "masquerading" also concern my setup?

If you haven't set it up, it doesn't concern you

I'd use tcpdump on all three locations, then try a ping to a DNS name again. This should tell you where the DNS packets are lost.

I.e. install tcpdump on PVE, your guest and in the container (if possible), then run something like tcpdump port 53 and try to resolve a hostname from your container, then see where the packet is visible and where not.

 

[wokoman]

Alright, so the issue was in CentOS and firewalld. I've found the solution here.

If anybody runs into the same issue, you need to add Docker as trusted interface:
firewall-cmd --permanent --zone=trusted --add-interface=docker0
And then simply reload it:
firewall-cmd --reload