[Bug] DNS not working

[cnsquare]

Current Behavior

DNS not working. I can't access any website with their domain name, but I can with their IP address.

I can ping 142.251.46.206 but can't ping google.com

docker exec -ti firefox sh
/tmp # cat /etc/resolv.conf
Generated by Docker Engine.
This file can be edited; Docker Engine will not make further changes once it has been modified.
nameserver 172.30.40.83
nameserver 172.30.0.1

Based on host file: '/etc/resolv.conf' (legacy)
Overrides: []
/tmp # ping google.com
ping: bad address 'google.com'
/tmp # ping 142.251.46.206
PING 142.251.46.206 (142.251.46.206): 56 data bytes
64 bytes from 142.251.46.206: seq=0 ttl=118 time=64.486 ms
64 bytes from 142.251.46.206: seq=1 ttl=118 time=64.713 ms
64 bytes from 142.251.46.206: seq=2 ttl=118 time=64.450 ms
64 bytes from 142.251.46.206: seq=3 ttl=118 time=64.818 ms
--- 142.251.46.206 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 64.450/64.616/64.818 ms
/tmp #

Expected Behavior

No response

Steps To Reproduce

No response

Environment

• OS:
• OS version:
• CPU:
• Docker version:
• Device model:
• Browser/OS:

Container creation

Docker Image Version: 24.05.1

Container log

[cont-env    ] TAKE_CONFIG_OWNERSHIP: loading...
[cont-env    ] XDG_CACHE_HOME: loading...
[cont-env    ] XDG_CONFIG_HOME: loading...
[cont-env    ] XDG_DATA_HOME: loading...
[cont-env    ] XDG_RUNTIME_DIR: loading...
[cont-env    ] XDG_STATE_HOME: loading...
[cont-env    ] container environment variables initialized.
[cont-secrets] loading container secrets...
[cont-secrets] container secrets loaded.
[cont-init   ] executing container initialization scripts...
[cont-init   ] 10-certs.sh: executing...
[cont-init   ] 10-certs.sh: terminated successfully.
[cont-init   ] 10-check-app-niceness.sh: executing...
[cont-init   ] 10-check-app-niceness.sh: terminated successfully.
[cont-init   ] 10-clean-logmonitor-states.sh: executing...
[cont-init   ] 10-clean-logmonitor-states.sh: terminated successfully.
[cont-init   ] 10-clean-tmp-dir.sh: executing...
[cont-init   ] 10-clean-tmp-dir.sh: terminated successfully.
[cont-init   ] 10-fontconfig-cache-dir.sh: executing...
[cont-init   ] 10-fontconfig-cache-dir.sh: terminated successfully.
[cont-init   ] 10-init-users.sh: executing...
[cont-init   ] 10-init-users.sh: terminated successfully.
[cont-init   ] 10-nginx.sh: executing...
[cont-init   ] 10-nginx.sh: terminated successfully.
[cont-init   ] 10-openbox.sh: executing...
[cont-init   ] 10-openbox.sh: terminated successfully.
[cont-init   ] 10-pkgs-mirror.sh: executing...
[cont-init   ] 10-pkgs-mirror.sh: terminated successfully.
[cont-init   ] 10-set-tmp-dir-perms.sh: executing...
[cont-init   ] 10-set-tmp-dir-perms.sh: terminated successfully.
[cont-init   ] 10-vnc-password.sh: executing...
[cont-init   ] 10-vnc-password.sh: terminated successfully.
[cont-init   ] 10-web-data.sh: executing...
[cont-init   ] 10-web-data.sh: terminated successfully.
[cont-init   ] 10-x11-unix.sh: executing...
[cont-init   ] 10-x11-unix.sh: terminated successfully.
[cont-init   ] 10-xdg-runtime-dir.sh: executing...
[cont-init   ] 10-xdg-runtime-dir.sh: terminated successfully.
[cont-init   ] 15-cjk-font.sh: executing...
[cont-init   ] 15-cjk-font.sh: terminated successfully.
[cont-init   ] 15-install-pkgs.sh: executing...
[cont-init   ] 15-install-pkgs.sh: terminated successfully.
[cont-init   ] 55-check-snd.sh: executing...
[cont-init   ] 55-check-snd.sh: sound not supported: device /dev/snd not exposed to the container.
[cont-init   ] 55-check-snd.sh: terminated successfully.
[cont-init   ] 55-firefox.sh: executing...
[cont-init   ] 55-firefox.sh: generating machine-id...
[cont-init   ] 55-firefox.sh: terminated successfully.
[cont-init   ] 56-firefox-set-prefs-from-env.sh: executing...
[cont-init   ] 56-firefox-set-prefs-from-env.sh: terminated successfully.
[cont-init   ] 85-take-config-ownership.sh: executing...
[cont-init   ] 85-take-config-ownership.sh: terminated successfully.
[cont-init   ] 89-info.sh: executing...
    ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮
    │                                                                      │
    │ Application:           Firefox                                       │
    │ Application Version:   125.0.3-r0                                    │
    │ Docker Image Version:  24.05.1                                       │
    │ Docker Image Platform: linux/amd64                                   │
    │                                                                      │
    ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init   ] 89-info.sh: terminated successfully.
[cont-init   ] all container initialization scripts executed.
[init        ] giving control to process supervisor.
[supervisor  ] loading services...
[supervisor  ] loading service 'default'...
[supervisor  ] loading service 'logmonitor'...
[supervisor  ] service 'logmonitor' is disabled.
[supervisor  ] loading service 'app'...
[supervisor  ] loading service 'gui'...
[supervisor  ] loading service 'openbox'...
[supervisor  ] loading service 'xvnc'...
[supervisor  ] loading service 'nginx'...
[supervisor  ] loading service 'certsmonitor'...
[supervisor  ] service 'certsmonitor' is disabled.
[supervisor  ] loading service 'logrotate'...
[supervisor  ] all services loaded.
[supervisor  ] starting services...
[supervisor  ] starting service 'xvnc'...
[xvnc        ] Xvnc TigerVNC 1.13.1 - built Dec 21 2023 00:53:33
[xvnc        ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
[xvnc        ] See https://www.tigervnc.org for information on TigerVNC.
[xvnc        ] Underlying X server release 12014000
[xvnc        ] Sat May  4 12:04:19 2024
[xvnc        ]  vncext:      VNC extension running!
[xvnc        ]  vncext:      Listening for VNC connections on /tmp/vnc.sock (mode 0660)
[xvnc        ]  vncext:      Listening for VNC connections on all interface(s), port 5900
[xvnc        ]  vncext:      created VNC server for screen 0
[supervisor  ] starting service 'openbox'...
[supervisor  ] starting service 'nginx'...
[nginx       ] Listening for HTTP connections on port 5800.
[supervisor  ] starting service 'app'...
[app         ] Mozilla Firefox 125.0.3
[supervisor  ] all services started.
[xvnc        ] Sat May  4 12:06:10 2024
[xvnc        ]  Connections: accepted: /tmp/vnc.sock
[xvnc        ]  SConnection: Client needs protocol version 3.8
[xvnc        ]  SConnection: Client requests security type None(1)
[xvnc        ]  VNCSConnST:  Server default pixel format depth 24 (32bpp) little-endian rgb888
[xvnc        ]  VNCSConnST:  Client pixel format depth 24 (32bpp) little-endian bgr888

[TerenceLiu98]

You may try removing the default nameserver and add a public DNS server into the /etc/resolv.conf, like: nameserver 1.1.1.1

[cnsquare]

/tmp # cat /etc/resolv.conf
## Generated by Docker Engine.
 `This` file can be edited; Docker Engine will not make further changes once it  has been modified.

nameserver 1.1.1.1

# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: []

Still doesn't work.
nslookup and ping failed

/tmp # nslookup google.com
;; connection timed out; no servers could be reached
/tmp # ping google.com
ping: bad address 'google.com'

[jlesage]

Looks like a Docker setup issue.

Can you ping 1.1.1.1 ? What about nslookup www.google.com 1.1.1.1?

On what system are you running Docker ?

[cnsquare]

Ping works, but nslookup fails. I am running Debian 12 (bookworm)

/tmp # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=58 time=6.545 ms
64 bytes from 1.1.1.1: seq=1 ttl=58 time=7.014 ms
64 bytes from 1.1.1.1: seq=2 ttl=58 time=5.926 ms
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5.926/6.495/7.014 ms
/tmp # nslookup www.google.com 1.1.1.1
;; connection timed out; no servers could be reached

[jlesage]

Do you have any firewall running (on the machine or the network) that might affect DNS traffic ?

[cnsquare]

It's related to running this image on Debian. I launched an Ubuntu server and spawned up this image, and the DNS is functioning properly. When I went back to the Debian server and ran a standard Alpine image, the DNS problem persisted

[cnsquare]

DNS works on image jlesage/firefox:v1.17.1 but not on any newer tags.

root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v22.10.2 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v22.10.2' locally
v22.10.2: Pulling from jlesage/firefox
213ec9aee27d: Already exists
4f4fb700ef54: Pull complete
0aea5b1c4f9a: Already exists
887681b33af1: Already exists
8201ac41c85a: Already exists
90d4fbb34eed: Already exists
d12017c039af: Already exists
19f20acdb4b5: Already exists
073675541289: Already exists
1247747b7f09: Pull complete
7aaee11755ca: Pull complete
4233f1bf692b: Pull complete
a0072ffaff86: Pull complete
04175379f0ae: Pull complete
5f1c83aa16bb: Pull complete
c2b2ab1d94dd: Pull complete
4506eb1fd941: Pull complete
17a0dcb57549: Pull complete
77f0cff18438: Pull complete
bc448769a119: Pull complete
489aba639253: Pull complete
c6d225597046: Pull complete
ff2c7f983f8f: Pull complete
3fceb30094b9: Pull complete
3d9985bb4d94: Pull complete
f30607339ef8: Pull complete
3a13340674d3: Pull complete
7adeb1d65f90: Pull complete
71546c29c15f: Pull complete
aabffcac20c9: Pull complete
14d33641aea6: Pull complete
eccf336b71a7: Pull complete
8564cf813727: Pull complete
f078fea79b97: Pull complete
Digest: sha256:bfca8a5d1493a690477e68788a3a048f948e5b34e14553434b0895fb4425327c
Status: Downloaded newer image for jlesage/firefox:v22.10.2
ping: bad address 'google.com'
root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v1.18.0 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v1.18.0' locally
v1.18.0: Pulling from jlesage/firefox
59bf1c3509f3: Pull complete
126d442b4d47: Pull complete
6a3bdaf3a44d: Pull complete
e5d40421cb28: Pull complete
ab9a82d47718: Pull complete
e2e0541872cc: Pull complete
ac06d5b576f5: Pull complete
e1ce9a70cf92: Pull complete
677037cc019f: Pull complete
95cb0d9e8733: Pull complete
d75d5f214ecc: Pull complete
3130042cb5fc: Pull complete
42e6d2ad6179: Pull complete
3c6293625e86: Pull complete
57e95b9d459e: Pull complete
bb327bab7e11: Pull complete
7b4dbec48c2a: Pull complete
0cc5cbede6ba: Pull complete
d38c4b230195: Pull complete
39abde921049: Pull complete
639b376ed1ba: Pull complete
368a56b0b6ee: Pull complete
1aa0e680696a: Pull complete
03d4939772cb: Pull complete
24a3ee6726d2: Pull complete
Digest: sha256:a8e75ca67f7b145d57850dcbadfe13d4bccb6ddcf90ecc5539e99d45fa596270
Status: Downloaded newer image for jlesage/firefox:v1.18.0
ping: bad address 'google.com'
root@DOCKER-srv:/home/application/docker# docker run -ti --rm jlesage/firefox:v1.17.1 ping -c 1 google.com
Unable to find image 'jlesage/firefox:v1.17.1' locally
v1.17.1: Pulling from jlesage/firefox
532819f3e44c: Pull complete
ae204b32d40f: Pull complete
1a5680e9f6cf: Pull complete
8bc8cd2482dd: Pull complete
07f9edd9d766: Pull complete
fcb0e57ce707: Pull complete
76e40d713c42: Pull complete
1938062d7bee: Pull complete
aa15a1f2194c: Pull complete
d9bcf3a8827f: Pull complete
fb5ea3142131: Pull complete
fb4cfbcb1d41: Pull complete
d25272dca9ff: Pull complete
6e76f3de4e93: Pull complete
d3cab8a785cf: Pull complete
227a1561b348: Pull complete
2a6beab40f77: Pull complete
498a9fc87bbe: Pull complete
d47571e23658: Pull complete
689428c9242c: Pull complete
9ad5e2271b27: Pull complete
bf25e4916ae6: Pull complete
1740370aa31d: Pull complete
1583358a0ce6: Pull complete
dddc4132ee32: Pull complete
Digest: sha256:29fed88ccfd2753cb48de4c803363a37a0e79fad4db993298fadba1be42bb2c3
Status: Downloaded newer image for jlesage/firefox:v1.17.1
PING google.com (172.253.63.138): 56 data bytes
64 bytes from 172.253.63.138: seq=0 ttl=107 time=7.064 ms

--- google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 7.064/7.064/7.064 ms

[syl779]

I have the same issue, running Ubuntu 22.04.4 LTS as the host VM.

(TL/DR setting dns: 1.1.1.1 in the firefox container docker compose yaml file works)

I run 4 instances of pihole on 4 machines locally as DNS servers. One of them, my main one, is in another docker container on the same host.

jlesage/firefox:v1.17.1 didn't help.

Pihole on my main DNS server is set to use the ports:

        - '192.168.61.5:53:53/tcp'
        - '192.168.61.5:53:53/udp'

(following pi-hole/docker-pi-hole#1166)

which resolved a few issues I had with other docker containers, but not firefox (which might have worked previously, I don't recall)

Here is an example

sudo docker exec -ti firefox sh

/tmp # nslookup google.com
Server:127.0.0.11
Address:127.0.0.11:53

;; connection timed out; no servers could be reached

/tmp # nslookup google.com 1.1.1.1
Server:1.1.1.1
Address:1.1.1.1:53

Non-authoritative answer:
Name:google.com
Address: 2a00:1450:4009:823::200e

Non-authoritative answer:
Name:google.com
Address: 216.58.212.238

It does work if I use the IP address of my pihole!

/tmp # nslookup google.com 192.168.61.5
Server:192.168.61.5
Address:192.168.61.5:53

Non-authoritative answer:
Name:google.com
Address: 216.58.212.206

Non-authoritative answer:
Name:google.com
Address: 2a00:1450:4009:816::200e

If I set the dns in the firefox yaml docker compose file to 1.1.1.1 (or anything else, including 192.168.61.5), that works.

[tadcrazio]

Something similar happening for me.
using docker compose or not, running on latest Debian

I can get the container running, i can browse for about 60 seconds, then i get nothing. I can no longer ping google or access any websites after about 60 seconds, but for 60 seconds it appears to work just fine.

I have disabled pihole, and i have no other firewall or blocking that should be occurring.

tadcrazio@debian:~/firefox$ sudo docker exec -it 44c49c041491 sh
/tmp # date
Tue Oct  1 18:14:47 UTC 2024
/tmp # ping google.com
PING google.com (74.125.21.138): 56 data bytes
64 bytes from 74.125.21.138: seq=0 ttl=56 time=4.747 ms
64 bytes from 74.125.21.138: seq=1 ttl=56 time=5.097 ms
64 bytes from 74.125.21.138: seq=2 ttl=56 time=5.254 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 4.747/5.032/5.254 ms
/tmp # ping google.com
PING google.com (142.250.105.101): 56 data bytes
^C
--- google.com ping statistics ---
15 packets transmitted, 0 packets received, 100% packet loss
/tmp # date
Tue Oct  1 18:15:50 UTC 2024
/tmp # nslookup google.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   google.com
Address: 74.125.21.101
Name:   google.com
Address: 74.125.21.113
Name:   google.com
Address: 74.125.21.138
Name:   google.com
Address: 74.125.21.139
Name:   google.com
Address: 74.125.21.102
Name:   google.com
Address: 74.125.21.100

Non-authoritative answer:
Name:   google.com
Address: 2607:f8b0:4002:c02::65
Name:   google.com
Address: 2607:f8b0:4002:c02::64
Name:   google.com
Address: 2607:f8b0:4002:c02::66
Name:   google.com
Address: 2607:f8b0:4002:c02::71

my docker-compose

$ cat docker-compose.yml
version: '3'
services:
  firefox:
    image: jlesage/firefox
    ports:
      - "5800:5800"
    volumes:
      - "/docker/appdata/firefox:/config:rw"
    dns:
      - 1.1.1.1

The DNS setting and setting anything in /etc/resolv.conf does not seem to make a difference.

Now i can ping 1.1.1.1 but i cannot resolve any sites after the first minute or so of running.

EDIT: My issues are likely unrelated, when I do not have containers running, my DNS and connectivity everywhere is fine.. When docker IS running after a minute or so it stops working. Unrelated to this project, just noticed it here.