Docker 构建“无法解析‘archive.ubuntu.com’”apt-get 无法安装任何东西

Question

I've been trying to run Docker build on various files which previously worked before, which are now no longer working.

As soon as the Docker file included any line that was to install software it would fail with a message saying that the package was not found.

RUN apt-get -y install supervisor nodejs npm

The common message which showed up in the logs was

Could not resolve 'archive.ubuntu.com'

Any idea why any software will not install?

Answer 1

Uncommenting DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" in /etc/default/docker as Matt Carrier suggested did NOT work for me. Nor did putting my corporation's DNS servers in that file. But, there's another way (read on).

First, let's verify the problem:

$ docker run --rm busybox nslookup google.com   # takes a long time
nslookup: can't resolve 'google.com'   # <--- appears after a long time
Server:    8.8.8.8
Address 1: 8.8.8.8

If the command appears to hang, but eventually spits out the error "can't resolve 'google.com'", then you have the same problem as me.

The nslookup command queries the DNS server 8.8.8.8 in order to turn the text address of 'google.com' into an IP address. Ironically, 8.8.8.8 is Google's public DNS server . If nslookup fails, public DNS servers like 8.8.8.8 might be blocked by your company (which I assume is for security reasons).

You'd think that adding your company's DNS servers to DOCKER_OPTS in /etc/default/docker should do the trick, but for whatever reason, it didn't work for me. I describe what worked for me below.

SOLUTION :

On the host (I'm using Ubuntu 16.04), find out the primary and secondary DNS server addresses:

$ nmcli dev show | grep 'IP4.DNS'
IP4.DNS[1]:              10.0.0.2
IP4.DNS[2]:              10.0.0.3

Using these addresses, create a file /etc/docker/daemon.json :

$ sudo su root
# cd /etc/docker
# touch daemon.json

Put this in /etc/docker/daemon.json :

{                                                                          
    "dns": ["10.0.0.2", "10.0.0.3"]                                                                           
}     

Exit from root:

# exit

Now restart docker:

$ sudo service docker restart

VERIFICATION :

Now check that adding the /etc/docker/daemon.json file allows you to resolve 'google.com' into an IP address:

$ docker run --rm busybox nslookup google.com
Server:    10.0.0.2
Address 1: 10.0.0.2
Name:      google.com
Address 1: 2a00:1450:4009:811::200e lhr26s02-in-x200e.1e100.net
Address 2: 216.58.198.174 lhr25s10-in-f14.1e100.net

REFERENCES :

I based my solution on an article by Robin Winslow, who deserves all of the credit for the solution. Thanks, Robin!

"Fix Docker's networking DNS config." Robin Winslow. Retrieved 2016-11-09. https://robinwinslow.uk/2016/06/23/fix-docker-networking-dns/

Answer 2

After much headache I found the answer. Could not resolve 'archive.ubuntu.com' can be fixed by making the following changes:

1. Uncomment the following line in /etc/default/docker
DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"

2. Restart the Docker service sudo service docker restart

3. Delete any images which have cached the invalid DNS settings.

4. Build again and the problem should be solved.

Credit goes to Andrew SB

Answer 3

I run into the same problem, but neiter uncommenting /etc/default/docker dns entries nor editing the /etc/resolv.conf in the build container or the /etc/docker/daemon.json helps for me.

But after I build with the option --network=host the resolving was fine again.

docker build --network=host -t my-own-ubuntu-like-image .

Maybe this will help someone again.

Answer 4

I believe that Matt Carrier's answer is the correct solution for this problem. However, after implementing it, I still observed the same behavior: could not resolve 'archive.ubuntu.com' .

This led me to eventually find that the network I was connected to was blocking public DNS. The solution to this problem was to configure my Docker container to use the same name server that my host (the machine from which I was running Docker) was using.

How I triaged:

1. Since I was working through the Docker documentation, I already had an example image installed on my machine. I was able to start a new container to run that image and create a new bash session in that container: docker run -it docker/whalesay bash
2. Does the container have an Internet connection?: ping 172.217.4.238 (google.com)
3. Can the container resolve hostnames? ping google.com

In my case, the first ping resulted in responses, the second did not.

How I fixed:

Once I discovered that DNS was not working inside the container, I verified that I could duplicate the same behavior on the host. nslookup google.com resolved just fine on the host. But, nslookup google.com 8.8.8.8 or nsloookup google.com 8.8.4.4 timed out.

Next, I found the name server(s) that my host was using by running nm-tool (on Ubuntu 14.04). In the vein of fast feedback, I started up the example image again, and added the IP address of the name server to the container's resolv.conf file: sudo vi /etc/resolv.conf . Once saved, I attempted the ping again ( ping google.com ) and this time it worked!

Please note that the changes made to the container's resolv.conf are not persistent and will be lost across container restarts. In my case, the more appropriate solution was to add the IP address of my network's name server to the host's /etc/default/docker file.

Answer 5

After adding local dns ip to default docker file it started working for me... please find the below steps...

$ nm-tool # (will give you the dns IP)

DNS : 172.168.7.2

$ vim /etc/default/docker # (uncomment the DOCKER_OPTS and add DNS IP)
DOCKER_OPTS="--dns 172.168.7.2 --dns 8.8.8.8 --dns 8.8.4.4"

$ rm `docker ps --no-trunc -aq` # (remove all the containers to avoid DNS cache)

$ docker rmi $(docker images -q) # (remove all the images)

$ service docker restart #(restart the docker to pick up dns setting)

Now go ahead and build the docker... :)

Answer 6

For anyone who is also having this problem, I solved my problem by editing the /etc/default/docker file, as suggested by other answers and questions. However I had no idea what IP to use as the DNS.

It was only after a while I figured out I had to run ifconfig docker on the host to show the IP for the docker network interface.

docker0   Link encap:Ethernet  Endereço de HW 02:42:69:ba:b4:07  
          inet end.: 172.17.0.1  Bcast:0.0.0.0  Masc:255.255.0.0
          endereço inet6: fe80::42:69ff:feba:b407/64 Escopo:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Métrica:1
          pacotes RX:8433 erros:0 descartados:0 excesso:0 quadro:0
          Pacotes TX:9876 erros:0 descartados:0 excesso:0 portadora:0
          colisões:0 txqueuelen:0 
          RX bytes:484195 (484.1 KB) TX bytes:24564528 (24.5 MB)

It was 172.17.0.1 in my case. Hope this helps anyone who is also having this issue.

Answer 7

I found this answer after some Googleing. I'm using Windows, so some of the above answers did not apply to my file system.

Basically run:

docker-machine ssh default
echo "nameserver 8.8.8.8" > /etc/resolv.conf

Which just overwrites the existing nameserver used with 8.8.8.8 I believe. It worked for me!

Based on some comments, you may have to be root. To do that, issue sudo -i .

Answer 8

I just wanted to add a late response for anyone coming across this issue from search engines.

Do NOT do this: I used to have an option in /etc/default/docker to set iptables=false . This was because ufw didn't work (everything was opened even though only 3 ports were allowed) so I blindly followed the answer to this question: Uncomplicated Firewall (UFW) is not blocking anything when using Docker and this, which was linked in the comments

I have a very low understanding of iptables rules / nat / routing in general, hence why I might have done something irrational.

Turns out that I've probably misconfigured it and killed DNS resolution inside my containers. When I ran an interactive container terminal: docker run -i -t ubuntu:14.04 /bin/bash

I had these results:

root@6b0d832700db:/# ping google.com
ping: unknown host google.com

root@6b0d832700db:/# cat /etc/resolv.conf
search online.net
nameserver 8.8.8.8
nameserver 8.8.4.4

root@6b0d832700db:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=1.76 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=1.72 ms

Reverting all of my ufw configuration (before.rules), disabling ufw and removing iptables=false from /etc/default/docker restored the DNS resolution functionality of the containers.

I'm now looking forward to re-enable ufw functionality by following these instructions instead.

Answer 9

I have the same issue, and tried the steps mentioned, but seems none works until refresh the network settings.

The steps:

1. As mentioned, add DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --ip-masq=true" to /etc/default/docker .
2. Manually flush the PREROUTING table contents using the iptables -t nat -F POSTROUTING . After running this, restart docker and it will initialize the nat table with the new IP range.

Answer 10

I have struggled for some time with this now as well, but here it is what solved it for me on Ubuntu 16.04 x64 . I hope it saves someone's time, too.

1. In /etc/NetworkManager/NetworkManager.conf : comment out #dns=dnsmasq

2. Create (or modify) /etc/docker/daemon.json :

{
    "dns": ["8.8.8.8"]
}

3. Restart docker with: sudo service docker restart

Answer 11

Same issue for me (on Ubuntu Xenial).

• docker run --dns ... for containers worked.
• Updating docker daemon options for docker build (docker-compose etc.) did not work.

After analyzing the docker logs ( journalctl -u docker.service ) if found some warning about bad resolvconf applied.

Following that i found that our corporate nameservers were added to the network interfaces but not in resolvconf.

Applied this solution How do I configure my static DNS in interfaces? (askubuntu) , ie adding nameservers to /etc/resolvconf/resolv.conf.d/tail

After updating resolvconf (or reboot).

bash docker run --rm busybox nslookup google.com

worked instantly.

All my docker-compose builds are working now.

Answer 12

I got same issue today, I just added line below to /etc/default/docker

DOCKER_OPTS="--dns 172.18.20.13 --dns 172.20.100.29 --dns 8.8.8.8"

and then I restarted my Laptop.

In my case restarting docker daemon is not enough for me, I have to restart my Laptop to make it work.

Answer 13

Before spending too much time on any of the other solutions, simply restart Docker and try again.

Solved the problem for me, using Docker Desktop for Windows on Windows 10.

Answer 14

In my case, firewall was the issue. Disabling it for the moment solved the issue. I use nftables . Stopping the service did the trick.

sudo systemctl stop nftables.service 

Answer 15

On my system ( macOS High Sierra 10.13.6 with Docker 2.1.0.1 ) this was due to a corporate proxy.

I solved this by two steps:

1. Manually configure proxy settings in Preferences>Proxies

2. Add the same settings to your config.json inside ~/.docker/config.json like:

    "proxies": { "default": { "httpProxy": "MYPROXY", "httpsProxy": "MYPROXY", "noProxy": "MYPROXYWHITELIST" } }

Answer 16

In my case, since my containers were in a cloud environment the MTU of the interfaces were not usual 1500 and was like 1450, so I had to configure my docker daemon to set the MTU to 1450 for containers.

{  
"mtu": 1454 
}

look at this : https://mlohr.com/docker-mtu/

Answer 17

I have dnsmasq in my system for dns resolution that had the nameservers to resolve the URL. Docker copies /etc/resolv.conf of the host system as it is into the container's /etc/resolv.conf and thus didn't have the right nameservers. From docs :

By default, a container inherits the DNS settings of the host, as defined in the /etc/resolv.conf configuration file.

Adding the nameservers in /etc/resolv.conf of the host fixed the issue.

Answer 18

With the recent updates, the following line in ( /etc/docker/daemon.json ) was the cause of the issue:

{
    "bridge": "none"
}

Remove it, and restart the docker service with: sudo systemctl restart docker

OS ( Ubuntu 20.04.3 LTS ) and Docker ( version 20.10.11, build dea9396 )