Yuchen's Tech Blog

Tech Blog

Docker DNS over VPN

解决连接VPN后Docker DNS异常的问题.

问题起因

首先我的container是默认的桥接模式.

没开VPN的时候,在container内ping都好好的,能够ping通外网.

当开了VPN的时候,发现在container内居然无法ping通baidu了.但是本机是可以ping通baidu并curl google的…

当我再关闭VPN的时候,一切有恢复正常了.

尝试解决

首先测试能否ping到网关.

1
2
3
4
5
6
7
-> # ping -c 1 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.036 ms

--- 172.17.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.036/0.036/0.036/0.000 ms

没问题,那么看来是dns出了问题.

搜了下才知道,连vpn后,会改变dns

比如,连了VPN /etc/resolv.conf是这样的:

1
2
3
4
5
6
7
8
9
-> % cat /etc/resolv.conf 
# Generated by NetworkManager
search hku.hk
nameserver 147.8.2.254
nameserver 147.8.145.254
nameserver 180.168.255.18
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 116.228.111.118

不连VPN /etc/resolv.conf是这样的:

1
2
3
4
-> % cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 180.168.255.18
nameserver 116.228.111.118

文档: Configure container DNS,

When the host file changes, all stopped containers which have a matching resolv.conf to the host will be updated immediately to this newest host configuration. Containers which are running when the host configuration changes will need to stop and start to pick up the host changes due to lack of a facility to ensure atomic writes of the resolv.conf file while the container is running. If the container’s resolv.conf has been edited since it was started with the default configuration, no replacement will be attempted as it would overwrite the changes performed by the container.

从中可以知道,只需要重启下container即可更新resolv.conf.

所以最终解决方案是:

1
sudo docker restart [container-name]