Ubuntu
docker.io package

Bug #1820278
Comment #4

Comment 4 for bug 1820278

Revision history for this message

Daniel Moisset (dmoisset-meli) wrote on 2019-03-18: Re: [Bug 1820278] Re: Incorrect DNS (resolv.conf) setup inside docker images

Yes, I tried that while connected to the vpn with no effect

On Mon, 18 Mar 2019 at 13:05, Tianon Gravi <email address hidden> wrote:

> Have you tried restarting the Docker daemon? (IIRC it caches the DNS
> settings during startup)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1820278
>
> Title:
> Incorrect DNS (resolv.conf) setup inside docker images
>
> Status in docker.io package in Ubuntu:
> New
>
> Bug description:
> I've encountered a problem after upgrading docker.io to
> 18.09.2-0ubuntu1~18.04.1 . I currently workarounded it by downgrading
> back to 18.06.1-0ubuntu1.2~18.04.1 , so I can verify that it's related
> to it.
>
> In my current setup, I'm using ubuntu 18.04 and connecting from home
> to a local ISP, and then using a VPN to access some private resources
> from the company I work for (I use globalprotect as VPN software). I
> have no connectivity issues whatsoever from my OS. Before connecting
> to the VPN, my /etc/resolv.conf looks like
>
> # This file is managed by man:systemd-resolved(8). Do not edit.
> # A lot of comments cut-out
> nameserver 217.169.20.20
> nameserver 217.169.20.21
>
> After connecting to the VPN I get this:
>
> search ml.com adminml.com mercadolibre.com
> nameserver 10.x.x.x # I edited out the actual IPs, I'm not allowed to
> share them
> nameserver 10.x.x.x
>
> After upgrading to docker.io 18.09.2, when I start a docker container
> (using docker run, and an ubuntu 16.04 image inside the container),
> the container has my ISP config (ie the 217.x.x.x nameservers) in its
> /etc/resolv.conf, while the older version (docker.io 18.06.1) uses the
> correct VPN configuration (with the search domains and the 10.x.x.x
> address). This new behaviour makes my containers unusable (given that
> I expect to access some VPN-only resources from the software running
> inside them)
>
> Some extra information I found while trying to diagnose this:
> - my host system /etc/resolv.conf is a symlink to
> ../run/systemd/resolve/stub-resolv.conf
> - the "old" (217.x.x.x) resolver configuration seems to be kept at
> /run/systemd/resolve/resolv.conf
> - docker 18.09.2 seems to be copying this old configuration; if I 1)
> edit the /run/systemd/resolve/resolv.conf adding a comment 2) docker -ti
> run myimage 3) cat /etc/resolv.conf , then I see the comment I added. This
> doesn't happen in docker.io 18.06.1
>
> I expect the old behaviour to be kept, can you confirm it is a bug?
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278/+subscriptions
>

--
--
Daniel F. Moisset - Consultor

Yes, I tried that while connected to the vpn with no effect

On Mon, 18 Mar 2019 at 13:05, Tianon Gravi <admwiggin@gmail.com> wrote:

> Have you tried restarting the Docker daemon? (IIRC it caches the DNS
> settings during startup)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1820278
>
> Title:
>   Incorrect DNS (resolv.conf) setup inside docker images
>
> Status in docker.io package in Ubuntu:
>   New
>
> Bug description:
>   I've encountered a problem after upgrading docker.io to
>   18.09.2-0ubuntu1~18.04.1 . I currently workarounded it by downgrading
>   back to 18.06.1-0ubuntu1.2~18.04.1 , so I can verify that it's related
>   to it.
>
>   In my current setup, I'm using ubuntu 18.04 and connecting from home
>   to a local ISP, and then using a VPN to access some private resources
>   from the company I work for (I use globalprotect as VPN software). I
>   have no connectivity issues whatsoever from my OS. Before connecting
>   to the VPN, my /etc/resolv.conf looks like
>
>   # This file is managed by man:systemd-resolved(8). Do not edit.
>   # A lot of comments cut-out
>   nameserver 217.169.20.20
>   nameserver 217.169.20.21
>
>   After connecting to the VPN I get this:
>
>   search ml.com adminml.com mercadolibre.com
>   nameserver 10.x.x.x  # I edited out the actual IPs, I'm not allowed to
> share them
>   nameserver 10.x.x.x
>
>   After upgrading to docker.io 18.09.2, when I start a docker container
>   (using docker run, and an ubuntu 16.04 image inside the container),
>   the container has my ISP config (ie the 217.x.x.x nameservers) in its
>   /etc/resolv.conf, while the older version (docker.io 18.06.1) uses the
>   correct VPN configuration (with the search domains and the 10.x.x.x
>   address). This new behaviour makes my containers unusable (given that
>   I expect to access some VPN-only resources from the software running
>   inside them)
>
>   Some extra information I found while trying to diagnose this:
>   - my host system /etc/resolv.conf is a symlink to
> ../run/systemd/resolve/stub-resolv.conf
>   - the "old" (217.x.x.x) resolver configuration seems to be kept at
> /run/systemd/resolve/resolv.conf
>   - docker 18.09.2 seems to be copying this old configuration; if I 1)
> edit the /run/systemd/resolve/resolv.conf adding a comment 2) docker -ti
> run myimage 3) cat /etc/resolv.conf , then I see the comment I added. This
> doesn't happen in docker.io 18.06.1
>
>   I expect the old behaviour to be kept, can you confirm it is a bug?
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278/+subscriptions
>

-- 
--
Daniel F. Moisset - Consultor

Ubuntudocker.io package

Comment 4 for bug 1820278

Ubuntu
docker.io package