Docker: ping: unknown host yahoo.com

Question

Here are all the things I tried:

Ran docker deamon with -dns:

sudo docker -d -dns 8.8.8.8

Made sure that IP forwarding is enabled:

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Nameservers are in place:

$ docker -dns '8.8.8.8' run centos:6.4 ping -c 3 8.8.8.8 
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics --- 
3 packets transmitted, 0 received, 100% packet loss, time 12000ms

Appreciate any suggestions.

Answer 1

It sounds like Docker's automatic iptables configuration is not working. This can often occur if you've changed the host IP address without restarting the Docker daemon. I would try the following:

1. Ensure you can ping from the host (just to be sure!)
2. Restart the Docker daemon and try again (this should reset iptables configuration)
3. Inspect the output from iptables --list --table nat

Mine looks as so:

# iptables --list --table nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type  LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  <redacted>/24 !<redacted>/24 
MASQUERADE  all  --  <redacted>/16 !<redacted>/16 

Chain DOCKER (2 references)
target     prot opt source               destination