为什么 docker 容器无法通过默认网络名称中的容器名称相互 ping 通，如网桥和驱动程序网桥

Question

I have launched two docker containers named as c1 and c2 in the default docker network named as bridge with bridge driver through the below command.我通过以下命令在默认的 docker 网络中启动了两个名为c1和c2的 docker 容器，该网络名为桥接驱动程序。

docker container run -dit --name c1 centos:7
docker container run -dit --name c2 centos:7

So both containers are in the same network所以两个容器都在同一个网络中

ubuntu@master-node:~$ docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "7301725ee3bdfd470c67c202532e",
        "Created": "2021-11-30T13:39:25.074992675Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "40378c3bf6219ad34b3da9debdf7ef1": {
                "Name": "c1",
                "EndpointID": "f170b34a405483ebb90737a2df255",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "18cbe312f339001c159d30b1a53ec80": {
                "Name": "c2",
                "EndpointID": "fbeb085a049f4127f9411e0b86ca7",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16",
                "IPv6Address": ""
            },

and both should be pingable to each other through container-name and IP Address.并且两者都应该可以通过容器名称和 IP 地址相互 ping 通。 But Both are pingable through IP Address.但是两者都可以通过 IP 地址 ping 通。

[root@309b8307b0bc /]# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.077 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.070 ms

and they are not pingable with the container name and showing the below message.并且它们无法使用容器名称 ping 并显示以下消息。

[root@309b8307b0bc /]# ping c1
ping: c1: Name or service not known

Now I have created one more network myself named as mynet with bridge driver.现在我又创建了一个自己命名为mynet的网络，并带有桥接驱动程序。

docker network create --attachable --driver bridge mynet

and launched two more docker containers named as c3 and c4 inside mynet .并在 mynet 中推出了另外两个名为c3和c4的docker容器。

ubuntu@master-node:~$ docker container run -dit --name c3 --network mynet myimage
9456b0be0875fe89f5e6ff2135598ec396
ubuntu@master-node:~$ docker container run -dit --name c4 --network mynet myimage
29cb726f195a3d7ae734b8a960eaf56fc9

But now I tried with this network with same network driver and then both containers are pingable to each other through IP Address and container name as well.但是现在我尝试使用具有相同网络驱动程序的网络，然后两个容器也可以通过 IP 地址和容器名称相互 ping 通。

[root@3c7774229cb7 /]# ping 172.20.0.2
PING 172.20.0.2 (172.20.0.2) 56(84) bytes of data.
64 bytes from 172.20.0.2: icmp_seq=1 ttl=64 time=0.108 ms
64 bytes from 172.20.0.2: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 172.20.0.2: icmp_seq=3 ttl=64 time=0.085 ms
^C
--- 172.20.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2047ms
rtt min/avg/max/mdev = 0.085/0.092/0.108/0.015 ms
[root@3c7774229cb7 /]# ping c3
PING c3 (172.20.0.2) 56(84) bytes of data.
64 bytes from c3.mynet (172.20.0.2): icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from c3.mynet (172.20.0.2): icmp_seq=2 ttl=64 time=0.075 ms
64 bytes from c3.mynet (172.20.0.2): icmp_seq=3 ttl=64 time=0.082 ms
^C
--- c3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2038ms
rtt min/avg/max/mdev = 0.052/0.069/0.082/0.016 ms

Now I am not able to understand c1 and c2 are not pingable to each other through container name with default network and driver bridge and c3 and c4 are pingable to each other in inside named as mynet while I created this network with same driver bridge.现在我无法理解 c1 和 c2 无法通过具有默认网络和驱动程序桥的容器名称相互 ping 通，而 c3 和 c4 在名为 mynet 的内部可以相互 ping 通，而我使用相同的驱动程序桥创建了这个网络。

Answer 1

This is by design.这是设计使然。 For docker's embedded DNS you need a user created network:对于 docker 的嵌入式 DNS，您需要一个用户创建的网络：

By default, a container inherits the DNS settings of the host, as defined in the /etc/resolv.conf configuration file.默认情况下，容器会继承 /etc/resolv.conf 配置文件中定义的主机的 DNS 设置。 Containers that use the default bridge network get a copy of this file, whereas containers that use a custom network use Docker's embedded DNS server, which forwards external DNS lookups to the DNS servers configured on the host.使用默认桥接网络的容器获取此文件的副本，而使用自定义网络的容器使用 Docker 的嵌入式 DNS 服务器，该服务器将外部 DNS 查找转发到主机上配置的 DNS 服务器。

Ref: https://docs.docker.com/config/containers/container-networking/#dns-services参考： https://docs.docker.com/config/containers/container-networking/#dns-services

为什么 docker 容器无法通过默认网络名称中的容器名称相互 ping 通，如网桥和驱动程序网桥

问题描述

1 个解决方案

解决方案1
0 2021-12-27 12:36:02

为什么 docker 容器无法通过默认网络名称中的容器名称相互 ping 通，如网桥和驱动程序网桥

问题描述

1 个解决方案

解决方案1 0 2021-12-27 12:36:02

解决方案1
0 2021-12-27 12:36:02