DNS resolution errors with Docker in Fedora 32

Ask Fedora Ask in English
1

Hi all,

Just upgraded to F32, I still rely on docker over podman and have recently noticed network issues while building containers.

Step 12/32 : SHELL ["/bin/bash", "-c"]
 ---> Using cache
 ---> 9d7bfe7ca9a8
Step 13/32 : RUN apt-get update && apt-get install -y --no-install-recommends         build-essential         cuda-command-line-tools-10-1         libcublas10=10.2.1.243-1         libcublas-dev=10.2.1.243-1         cuda-nvrtc-10-1         cuda-nvrtc-dev-10-1         cuda-cudart-dev-10-1         cuda-cufft-dev-10-1         cuda-curand-dev-10-1         cuda-cusolver-dev-10-1         cuda-cusparse-dev-10-1         libcudnn7=${CUDNN}+cuda${CUDA}         libcudnn7-dev=${CUDNN}+cuda${CUDA}         libcurl3-dev         libfreetype6-dev         libhdf5-serial-dev         libzmq3-dev         pkg-config         rsync         software-properties-common         unzip         zip         zlib1g-dev         wget         git         &&     find /usr/local/cuda-${CUDA}/lib64/ -type f -name 'lib*_static.a' -not -name 'libcudart_static.a' -delete &&     rm /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libcudnn_static_v7.a
 ---> Running in c29da4353d1a
Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:2 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64  InRelease
  Temporary failure resolving 'developer.download.nvidia.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64  InRelease
  Temporary failure resolving 'developer.download.nvidia.com'
Err:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'

Similarly,

❯ docker run --dns 8.8.8.8 busybox nslookup google.com
;; connection timed out; no servers could be reached

nslookup: write to '8.8.8.8': No route to host

Strangely, this is resolved by using the --host flag. Has anyone else noticed issues?

1 Like
2

You may be affected by:
https://fedoraproject.org/wiki/Common_F32_bugs#mDNS_.28multicast_DNS.29_breaks_on_upgrade_to_Fedora_32

3

Thanks for the tip, it looks like this is not the cause because my /etc/nsswitch.conf is set correctly. See:

# passwd:    db files
# shadow:    db files
# group:     db files

shadow:     files sss

hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname
1 Like
4

Did you find a solution to this? I wonder if it is related to selinux.
I just upgraded to Fedora 32 and neither Docker CE nor Moby Engine can connect to external servers.

1 Like
5

I have similar issue where my containers are not able to talk to each other on the same docker network.
I can fix this issue by turning firewall.d service after I run docker-compose up.

2 Likes
6

It’s not really a fix, but --network=host during docker builds seems to work

7

That helped. I changed the firewall zone for docker0 to “libvirt” and that did the trick.
Thanks for the help!

8

How did you do that?

9

Please follow this treath in reference section.

Just noticed that Docker container have no internet connectivity after upgrade to Fedora 32. User needs to add docker network interface to trusted firewall zone. I hope official package will keep this in mind and configure firewalld accordingly.

WORKAROUND

while running docker run with --network=host is also worked for me as I don’t want to update those firewalls manually. will wait to hear if this can be reolved soon in latest repos which supports fedora32.

REFERENCES

Regards.,

1 Like
10

This is for the HOST not for the Container

11

I was able to fix it by changing the firewall zone with sudo firewall-cmd --change-interface=docker0 --zone=libvirt.

2 Likes