github.com/hustcat/docker@v1.3.3-0.20160314103604-901c67a8eeab/docs/userguide/networking/configure-dns.md (about) 1 <!--[metadata]> 2 +++ 3 title = "Configure container DNS in user-defined networks" 4 description = "Learn how to configure DNS in user-defined networks" 5 keywords = ["docker, DNS, network"] 6 [menu.main] 7 parent = "smn_networking" 8 +++ 9 <![end-metadata]--> 10 11 # Embedded DNS server in user-defined networks 12 13 The information in this section covers the embedded DNS server operation for 14 containers in user-defined networks. DNS lookup for containers connected to 15 user-defined networks works differently compared to the containers connected 16 to `default bridge` network. 17 18 > **Note**: In order to maintain backward compatibility, the DNS configuration 19 > in `default bridge` network is retained with no behavioral change. 20 > Please refer to the [DNS in default bridge network](default_network/configure-dns.md) 21 > for more information on DNS configuration in the `default bridge` network. 22 23 As of Docker 1.10, the docker daemon implements an embedded DNS server which 24 provides built-in service discovery for any container created with a valid 25 `name` or `net-alias` or aliased by `link`. The exact details of how Docker 26 manages the DNS configurations inside the container can change from one Docker 27 version to the next. So you should not assume the way the files such as 28 `/etc/hosts`, `/etc/resolv.conf` are managed inside the containers and leave 29 the files alone and use the following Docker options instead. 30 31 Various container options that affect container domain name services. 32 33 <table> 34 <tr> 35 <td> 36 <p> 37 <code>--name=CONTAINER-NAME</code> 38 </p> 39 </td> 40 <td> 41 <p> 42 Container name configured using <code>--name</code> is used to discover a container within 43 an user-defined docker network. The embedded DNS server maintains the mapping between 44 the container name and its IP address (on the network the container is connected to). 45 </p> 46 </td> 47 </tr> 48 <tr> 49 <td> 50 <p> 51 <code>--net-alias=ALIAS</code> 52 </p> 53 </td> 54 <td> 55 <p> 56 In addition to <code>--name</code> as described above, a container is discovered by one or more 57 of its configured <code>--net-alias</code> (or <code>--alias</code> in <code>docker network connect</code> command) 58 within the user-defined network. The embedded DNS server maintains the mapping between 59 all of the container aliases and its IP address on a specific user-defined network. 60 A container can have different aliases in different networks by using the <code>--alias</code> 61 option in <code>docker network connect</code> command. 62 </p> 63 </td> 64 </tr> 65 <tr> 66 <td> 67 <p> 68 <code>--link=CONTAINER_NAME:ALIAS</code> 69 </p> 70 </td> 71 <td> 72 <p> 73 Using this option as you <code>run</code> a container gives the embedded DNS 74 an extra entry named <code>ALIAS</code> that points to the IP address 75 of the container identified by <code>CONTAINER_NAME</code>. When using <code>--link</code> 76 the embedded DNS will guarantee that localized lookup result only on that 77 container where the <code>--link</code> is used. This lets processes inside the new container 78 connect to container without having to know its name or IP. 79 </p> 80 </td> 81 </tr> 82 <tr> 83 <td><p> 84 <code>--dns=[IP_ADDRESS...]</code> 85 </p></td> 86 <td><p> 87 The IP addresses passed via the <code>--dns</code> option is used by the embedded DNS 88 server to forward the DNS query if embedded DNS server is unable to resolve a name 89 resolution request from the containers. 90 These <code>--dns</code> IP addresses are managed by the embedded DNS server and 91 will not be updated in the container's <code>/etc/resolv.conf</code> file. 92 </tr> 93 <tr> 94 <td><p> 95 <code>--dns-search=DOMAIN...</code> 96 </p></td> 97 <td><p> 98 Sets the domain names that are searched when a bare unqualified hostname is 99 used inside of the container. These <code>--dns-search</code> options are managed by the 100 embedded DNS server and will not be updated in the container's <code>/etc/resolv.conf</code> file. 101 When a container process attempts to access <code>host</code> and the search 102 domain <code>example.com</code> is set, for instance, the DNS logic will not only 103 look up <code>host</code> but also <code>host.example.com</code>. 104 </p> 105 </td> 106 </tr> 107 <tr> 108 <td><p> 109 <code>--dns-opt=OPTION...</code> 110 </p></td> 111 <td><p> 112 Sets the options used by DNS resolvers. These options are managed by the embedded 113 DNS server and will not be updated in the container's <code>/etc/resolv.conf</code> file. 114 </p> 115 <p> 116 See documentation for <code>resolv.conf</code> for a list of valid options 117 </p></td> 118 </tr> 119 </table> 120 121 122 In the absence of the `--dns=IP_ADDRESS...`, `--dns-search=DOMAIN...`, or 123 `--dns-opt=OPTION...` options, Docker uses the `/etc/resolv.conf` of the 124 host machine (where the `docker` daemon runs). While doing so the daemon 125 filters out all localhost IP address `nameserver` entries from the host's 126 original file. 127 128 Filtering is necessary because all localhost addresses on the host are 129 unreachable from the container's network. After this filtering, if there are 130 no more `nameserver` entries left in the container's `/etc/resolv.conf` file, 131 the daemon adds public Google DNS nameservers (8.8.8.8 and 8.8.4.4) to the 132 container's DNS configuration. If IPv6 is enabled on the daemon, the public 133 IPv6 Google DNS nameservers will also be added (2001:4860:4860::8888 and 134 2001:4860:4860::8844). 135 136 > **Note**: If you need access to a host's localhost resolver, you must modify 137 > your DNS service on the host to listen on a non-localhost address that is 138 > reachable from within the container.