Add a `--network` flag which replaces `--net` without deprecating it yet. The `--net` flag remains hidden and supported. Add a `--network-alias` flag which replaces `--net-alias` without deprecating it yet. The `--net-alias` flag remains hidden and supported. Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
5.5 KiB
Embedded DNS server in user-defined networks
The information in this section covers the embedded DNS server operation for
containers in user-defined networks. DNS lookup for containers connected to
user-defined networks works differently compared to the containers connected
to default bridge
network.
Note
: In order to maintain backward compatibility, the DNS configuration in
default bridge
network is retained with no behavioral change. Please refer to the DNS in default bridge network for more information on DNS configuration in thedefault bridge
network.
As of Docker 1.10, the docker daemon implements an embedded DNS server which
provides built-in service discovery for any container created with a valid
name
or net-alias
or aliased by link
. The exact details of how Docker
manages the DNS configurations inside the container can change from one Docker
version to the next. So you should not assume the way the files such as
/etc/hosts
, /etc/resolv.conf
are managed inside the containers and leave
the files alone and use the following Docker options instead.
Various container options that affect container domain name services.
|
Container name configured using |
|
In addition to |
|
Using this option as you |
|
The IP addresses passed via the |
|
Sets the domain names that are searched when a bare unqualified hostname is
used inside of the container. These |
|
Sets the options used by DNS resolvers. These options are managed by the embedded
DNS server and will not be updated in the container's
See documentation for |
In the absence of the --dns=IP_ADDRESS...
, --dns-search=DOMAIN...
, or
--dns-opt=OPTION...
options, Docker uses the /etc/resolv.conf
of the
host machine (where the docker
daemon runs). While doing so the daemon
filters out all localhost IP address nameserver
entries from the host's
original file.
Filtering is necessary because all localhost addresses on the host are
unreachable from the container's network. After this filtering, if there are
no more nameserver
entries left in the container's /etc/resolv.conf
file,
the daemon adds public Google DNS nameservers (8.8.8.8 and 8.8.4.4) to the
container's DNS configuration. If IPv6 is enabled on the daemon, the public
IPv6 Google DNS nameservers will also be added (2001:4860:4860::8888 and
2001:4860:4860::8844).
Note
: If you need access to a host's localhost resolver, you must modify your DNS service on the host to listen on a non-localhost address that is reachable from within the container.