Docker can't resolve hosts which require multiple nameservers

1

I'm running a Docker container which clones some git repositories and builds a project inside of itself.

It clones code from 2 different repositories: one is public github.com and the other one is private my.companys.github.enterprise.net and is only accessible through VPN.

In my resolv.conf I have 2 nameservers: one for public services and one for VPN:

nameserver 8.8.8.8
nameserver 10.10.3.3

When I try to clone repositories inside my docker container it can only resolve github.com repositories and can't resolve my.companys.github.enterprise.net repositories.

If I switch around the lines in my resolv.conf, then it can only resolve my.companys.github.enterprise.net and not the github.com ones.

Is there a way to allow Docker to resolve both links to repositories using 2 different nameservers from resolv.conf instead of just trying the first one?

SergeyOvchinnik

Posted 2016-12-15T17:29:01.253

Reputation: 1 637

1Maybe you can set in your company's DNS a forwarder (the internet DNS as a forwarder I mean) and setting it in first place you can resolve all. If not possible to modify the company DNS server... not sure how to solve. – OscarAkaElvis – 2016-12-15T17:31:38.383

If the first nameserver answers AT ALL (even with "I don't know that name/address"), then the next one will not be checked. @OscarAkaElvis' suggestion in his comment is spot-on. – Ƭᴇcʜιᴇ007 – 2016-12-15T18:56:54.437

Answers

1

Your confusion is that nameserver entries in /etc/resolv.conf are assumed to be equivalent (i.e., mirrors, and will provide the same answers no matter which one is asked). If one nameserver responds with "that doesn't exist", the resolution code is done, it does not try other nameservers looking for a different answer. The resolver code is in libc and is very simple.

The easiest solution to fix this is to run a local nameserver in Docker (BIND or unbound packages) that has the smarts to know about the public name space and the "alternate universe" that is your private name space, usually configured by using forwarding or "stub" zones. Google is your friend to set that up. Then have just one nameserver entry in /etc/resolv.conf that points to 127.0.0.1.

milli

Posted 2016-12-15T17:29:01.253

Reputation: 1 682

Asked: 2016-12-15T17:29:01.253

Viewed: 425 times

Active: 2016-12-15T23:29:10.967