moby: Daemon DNS Lookup Issues: no such host

Hello,

We’ve been seeing some strange issues with Ubuntu 14.04 and the 3.13 kernel on AWS. Occasionally pulls will start throwing errors like this(xxx is me redacting):

Error response from daemon: unable to ping registry endpoint https://xxx/v0/
v2 ping attempt failed with error: Get https://xxx/v2/: dial tcp: lookup xxx: no such host
 v1 ping attempt failed with error: Get https://xxx/v1/_ping: dial tcp: lookup xxx: no such host

I was finally able to get it to repeat it about 8 times out of 10 on a host and turned this up via strace on the daemon:

[pid 19381] connect(218, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.0.0.2")}, 16) = -1 ENETUNREACH (Network is unreachable)

That IP address is the DNS server in my VPC. I spent about 30 minutes messing around with this and I can tell you 10.0.0.2 was 100% reachable. Not only was I able to connect to it via dig and other programs, the client was able to connect to it every time:

connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.0.0.2")}, 16) = 0

So here we have the client using the same call and being able to connect every time, while the daemon gets ENETUNREACH almost every time.

$uname -a
Linux staging-rails-app-1 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ docker version
Client:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.4.2
 Git commit:   a34a1d5
 Built:        Fri Nov 20 13:12:04 UTC 2015
 OS/Arch:      linux/amd64

About this issue

  • Original URL
  • State: open
  • Created 9 years ago
  • Reactions: 1
  • Comments: 49 (7 by maintainers)

Most upvoted comments

Adding the host to /etc/hosts seems to solve the issue, so something must be wrong with the docker/Go DNS lookup mechanism.

+9
noonien on Dec 22, 2015

Still happens as of today, using Docker version 1.12.3, build 6b644ec

+2
tsirolnik on Jan 17, 2017

Solved it by doing this : $ VBoxManage list vms “default” {f13e52ac-22f6-4171-a48a-f3c25578c764} $ VBoxManage modifyvm f13e52ac-22f6-4171-a48a-f3c25578c651 --natdnshostresolver1 on

That did it …

+2
vineyugave on Jul 12, 2016

Hi,

I can confirm the problem with

docker --version
Docker version 1.10.3, build 20f81dd

Linux Kernel 3.16.0-4-amd64

As @hookenz suggests in

https://github.com/docker/docker/issues/18842#issuecomment-187935887

in my case this seems related to the DNS response size.

Using dig, with my usual resolver I have MSG SIZE rcvd: 679, while with Google’s 8.8.8.8 I have MSG SIZE rcvd: 271.

I have then used GODEBUG=netdns=cgo as suggested in

https://github.com/docker/docker/issues/18842#issuecomment-189946305

and the issue is gone.

Does anyone know whether a later version of Docker fixes this or how safe it is to revert to the old behavior with GODEBUG=netdns=cgo?

Thanks!

+2
stefano-m on Jun 2, 2016

I still get this happening on 1.12.2 and my colleague has it happen on 1.12.3 from time to time. Never got around to setting GODEBUG=netdns=cgo but setting nameserver 8.8.8.8 always works too.

+1
hookenz on Dec 18, 2016

I also have this issue and have figured out a workaround.

docker version: Docker version 1.10.1, build 9e83765

docker info:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 40
Server Version: 1.10.1
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 106
 Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins: 
 Volume: local
 Network: null host bridge
Kernel Version: 3.16.0-41-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 7.734 GiB
Name: xen
ID: IOQK:UNKL:TKWG:GC76:TISS:HPYN:XECB:7VEV:RWBE:WCWI:ACAI:KTRR
WARNING: No swap limit support

uname -a: Linux xen 3.16.0-41-generic #57~14.04.1-Ubuntu SMP Thu Jun 18 18:01:13 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Docker login fails. So does docker push.

Workaround: set the /etc/resolv.conf file to contain nameserver 8.8.8.8

Could it be the size of the DNS response message?

hookenz@xen:~/dev/cluster/amazon/keepalived$ dig 928017799382.dkr.ecr.us-east-1.amazonaws.com

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> 928017799382.dkr.ecr.us-east-1.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5016
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 13, ADDITIONAL: 11

;; QUESTION SECTION:
;928017799382.dkr.ecr.us-east-1.amazonaws.com. IN A

;; ANSWER SECTION:
928017799382.dkr.ecr.us-east-1.amazonaws.com. 59 IN CNAME proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com.
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.5.79.27
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.5.175.141
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.5.189.206
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.4.45.71
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.4.176.35
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.5.134.84
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.4.88.45
proxy-us-e-proxylb-srbn5pwpp6dm-952012445.us-east-1.elb.amazonaws.com. 60 IN A 52.5.74.200

;; AUTHORITY SECTION:
com.            13908   IN  NS  f.gtld-servers.net.
com.            13908   IN  NS  e.gtld-servers.net.
com.            13908   IN  NS  a.gtld-servers.net.
com.            13908   IN  NS  i.gtld-servers.net.
com.            13908   IN  NS  b.gtld-servers.net.
com.            13908   IN  NS  l.gtld-servers.net.
com.            13908   IN  NS  d.gtld-servers.net.
com.            13908   IN  NS  j.gtld-servers.net.
com.            13908   IN  NS  g.gtld-servers.net.
com.            13908   IN  NS  k.gtld-servers.net.
com.            13908   IN  NS  h.gtld-servers.net.
com.            13908   IN  NS  m.gtld-servers.net.
com.            13908   IN  NS  c.gtld-servers.net.

;; ADDITIONAL SECTION:
f.gtld-servers.net. 19837   IN  A   192.35.51.30
e.gtld-servers.net. 16630   IN  A   192.12.94.30
a.gtld-servers.net. 42241   IN  A   192.5.6.30
i.gtld-servers.net. 20661   IN  A   192.43.172.30
b.gtld-servers.net. 31132   IN  A   192.33.14.30
d.gtld-servers.net. 21462   IN  A   192.31.80.30
j.gtld-servers.net. 16751   IN  A   192.48.79.30
g.gtld-servers.net. 15579   IN  A   192.42.93.30
h.gtld-servers.net. 20708   IN  A   192.54.112.30
m.gtld-servers.net. 15416   IN  A   192.55.83.30
c.gtld-servers.net. 14727   IN  A   192.26.92.30

;; Query time: 344 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Feb 24 10:55:02 NZDT 2016
;; MSG SIZE  rcvd: 660

Change nameserver in /etc/resolv.conf to 8.8.8.8

hookenz@xen:~/dev/OTOY2/cluster/amazon/keepalived$ dig 928017799382.dkr.ecr.us-east-1.amazonaws.com

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> 928017799382.dkr.ecr.us-east-1.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9337
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;928017799382.dkr.ecr.us-east-1.amazonaws.com. IN A

;; ANSWER SECTION:
928017799382.dkr.ecr.us-east-1.amazonaws.com. 59 IN CNAME proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com.
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.22.107.81
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.22.26.70
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.21.100.222
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.21.84.137
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.22.115.104
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.22.117.95
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.22.226.253
proxy-us-e-ProxyLB-SRBN5PWPP6DM-952012445.us-east-1.elb.amazonaws.com. 59 IN A 52.21.22.157

;; Query time: 446 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Feb 24 10:55:31 NZDT 2016
;; MSG SIZE  rcvd: 271
+1
hookenz on Feb 23, 2016
Read more comments on GitHub
← moby: Daemon can't be started after swarm certificates expire
moby: Daemon won't start when ipv6 is set →