Most often, we come across Docker 504 DNS lookup failed due to an invalid DNS server.

As part of our Docker Hosting Services, we assist our customers with several Docker queries.

Today, let us see the methods we employ to resolve this issue.

Docker 504 DNS lookup failed

As soon as we face this issue, we need to run cat /etc/resolv.conf in the docker container.

If it has an invalid DNS server, the container will fail to resolve the domain names into IP addresses. Hence, ping google.com fails.

Next, we need to check the cat /etc/resolv.conf on the host machine.

Every time a container starts Docker copies the host’s /etc/resolv.conf to the container. So if the host’s /etc/resolv.conf is wrong, then so will the docker container.

Suppose we find that the host’s /etc/resolv.conf is wrong, then we have 2 options.

Moving ahead, let us see how our Support Techs go about them.

1. Hardcode DNS server in docker daemon.json

Initially, we edit /etc/docker/daemon.json

{
"dns": ["10.1.2.3", "8.8.8.8"]
}

Then for the changes to take effect, we restart the docker daemon:

sudo systemctl restart docker

Eventually, when we run/start a container, docker will populate /etc/resolv.conf with the values from daemon.json.

2. Fix the host’s /etc/resolv.conf

Here, our Support Techs recommend two options. Let us discuss the same.

A. Ubuntu 16.04 and earlier

In this case, /etc/resolv.conf isas dynamically generated by NetworkManager.

We need to comment out the line dns=dnsmasq (with a #) in /etc/NetworkManager/NetworkManager.conf

Then we restart the NetworkManager to regenerate /etc/resolv.conf :

sudo systemctl restart network-manager

Finally, we verify on the host: cat /etc/resolv.conf

B. Ubuntu 18.04 and later

Ubuntu 18.04 uses systemd-resolved to generate /etc/resolv.conf. Now by default, it uses a local DNS cache 127.0.0.53.

That will not work inside a container. In such a scenario, Docker defaults to Google’s 8.8.8.8 DNS server, which may break for people behind a firewall.

/etc/resolv.conf is actually a symlink (ls -l /etc/resolv.conf) which points to /run/systemd/resolve/stub-resolv.conf (127.0.0.53) by default.

We need to just change the symlink to point to /run/systemd/resolve/resolv.conf, which lists the real DNS servers:

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Then we verify on the host: cat /etc/resolv.conf

Now we will have a valid /etc/resolv.conf on the host for docker to copy into the containers.

[Need further assistance? We are glad to assist you]

Conclusion

In short, we saw how our Support Techs fix this issue for our customers.