Rootless docker, systemd-resolved and DNS inside containers

Setup:

  • host uses systemd-resolved
  • rootless docker is set up

The issue:
inside containers DNS does not resolve internet addresses.
as i see in containers /etc/resolve.conf is set to 10.0.2.3
if manually changed to nameserver 1.1.1.1 - dns works fine

don’t see any drops in host’s iptables

I don’t have much experience with docker, but this issue seem to be related to nixos setup, not sure, need guidance
also found this, but not sure what does it mean

Have you got a docker-compose.yaml or the command used to build the containers?

It’s possibly missing some network configuration within docker and / or containers.
e.g

  • capabilities (--cap-add=NET_ADMIN or others)
  • host network to containers bridged correctly
  • etc

You can also declare DNS in your docker-compose.yaml or add to the command --dns=1.1.1.1.
See Networking overview | Docker Docs .

Thank you
I’ve added dns setting to docker.daemon.settings option.
After all, I did not want docker daemon to take my resolve.conf into an image anyway (though it’s said to be the default behaviour, even for systemd-resolved on host)

1 Like

I figured it out!

  1. Make sure your are using virtualisation.docker.rootless.daemon.settings instead of virtualisation.docker.daemon.settings.
  2. Restart docker manually after you rebuild! systemctl --user restart docker.service

More info: virtualisation.docker.rootless.daemon.settings is not working · Issue #258141 · NixOS/nixpkgs · GitHub