moby: Slow DNS resolving inside containers
Hello there. I have few docker containers on Linux server, with my own bridge network. When I try to resolve something - it takes too much time.
From the container:
root@app:/# dig www.google.com
; <<>> DiG 9.9.5-3ubuntu0.13-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12943
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 300 IN A 216.58.209.68
;; Query time: 4001 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Tue Mar 21 08:50:40 UTC 2017
;; MSG SIZE rcvd: 59
So it’s 4001 msec!!! It’s too much!
From the bare metal:
root@gulf ~ # dig www.google.com
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8987
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 299 IN A 172.217.22.100
;; Query time: 16 msec
;; SERVER: 172.51.42.1#53(172.51.42.1)
;; WHEN: Tue Mar 21 09:56:02 CET 2017
;; MSG SIZE rcvd: 73
This is a normal result
So I’m starting docker service without --dns key at all.
/usr/bin/dockerd --bip=172.151.42.1/16 --fixed-cidr=172.151.0.0/16 --raw-logs
I have
Docker version 1.13.1, build 092cba3
Output of docker info:
Containers: 8
Running: 6
Paused: 0
Stopped: 2
Images: 19
Server Version: 1.13.1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 100
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
runc version: 9df8b306d01f59d3a8029be411de015b7304dd8f
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 3.16.0-55-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.29 GiB
Name: gulf
ID: WDRJ:3PVC:TENI:2PMR:LTDA:VMGM:TS55:4IJY:X5TE:GZAY:DOXW:NTJP
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: flomsk
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Inside containers a have next in /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0
I read about this problem here, on stackoverflow, etc but I dont find any solution.
About this issue
- Original URL
- State: open
- Created 7 years ago
- Reactions: 6
- Comments: 20 (5 by maintainers)
Docker (by default) copies the DNS servers that are defined on the host. If your containers don’t need dnsdock (and you only need it on the host), you can set different DNS servers for your containers. Create a
/etc/docker/daemon.jsonfile, and add the DNS servers you want your containers to use, e.g.Inside the container you’ll still see
127.0.0.11as DNS server, but that’s the embedded DNS server for container discovery; it will forward other requests to the DNS servers you specifiedI noticed that as soon as I have
nameserver 127.0.0.11in my/etc/resolve.confdns resolving takes 4s + usually time. This is unacceptable and no I don’t want to use the default bridge driver I want them in a custom network.Still wondering where the 4 seconds come from? I was too. Turns out you just have to look.
This really should be configurable.
Make sure all nameservers in /etc/resolv.conf work. On the host failover from dead host takes 1 seconds, in container failover takes 4 seconds.