Skip to content

i/o timeout host.docker.internal when two static DNS server IP addresses added to host #48266

New issue
New issue
Closed as not planned
Closed as not planned
i/o timeout host.docker.internal when two static DNS server IP addresses added to host#48266
Labels
area/networkingarea/networking/dnsinvalidkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/26.1
@johnthagen

Description

@johnthagen
johnthagen
opened on Jul 29, 2024

Description

We have been tracking down a very obscure slow down to our web application that runs under Docker Community Edition (CE) and Docker Compose. We finally narrowed the issue down to hosts that have two (or more?) static DNS server IP addresses set. This causes DNS requests to be sent from dockerd for host.docker.internal. On some machines, we noticed multiple 4 second pauses in dockerd due to this that would greatly slow down the response time of a web back running within one of the Docker Compose containers.

Reproduce

Ubuntu 22.04.4 machine or VM.

  1. Install Docker Engine manually using the steps here: https://docs.docker.com/engine/install/ubuntu/#install-from-a-package
  2. Set two static DNS server IP addresses through the Network Settings. In this example we use Google's 8.8.8.8 and 8.8.4.4, but this problem has been observed with other IP addresses.
Screenshot 2024-07-29 at 3 31 05 PM
  1. Restart the system
  2. Search the dockerd syslogs (in our case we have a Docker Compose project with restart: unless-stopped)
$ sudo grep dockerd /var/log/syslog
...
Jul 29 15:23:57 ub2204 dockerd[1229]: time="2024-07-29T15:23:57.540411785-04:00" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:127.0.0.1:58726" dns-server="udp:127.0.0.53:53" error="read udp 127.0.0.1:58726->127.0.0.53:53: i/o timeout" question=";host.docker.internal.\tIN\t A" spanID=ad07ae9a38ccecfb traceID=edfbb74c0ab95a42ffcb6721f96aad66

On some systems these will block for 4 seconds before timing out, blocking the container from responding to web requests. Nothing in our application refers to host.docker.internal.

Expected behavior

Docker Community Edition should not reference host.docker.internal. According to the docs, this is only a (paid) Docker Desktop feature. Why is Docker Community Edition referencing it?

This stackoverflow answer (https://stackoverflow.com/a/43541681) says:

Use your internal IP address or connect to the special DNS name host.docker.internal which will resolve to the internal IP address used by the host.

This is for development purpose and does not work in a production environment outside of Docker Desktop.

Why is host.docker.internal being referenced by Docker CE? Docker Desktop has not been installed on these systems.

docker version

$ docker version
Client: Docker Engine - Community
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.21.11
 Git commit:        5650f9b
 Built:             Wed Jun  5 11:28:57 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.1.4
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       de5c9cf
  Built:            Wed Jun  5 11:28:57 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.33
  GitCommit:        d2d58213f83a351ca8f528a95fbd145f5654e957
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

$ docker info
Client: Docker Engine - Community
 Version:    26.1.4
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 26.1.4
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.5.0-41-generic
 Operating System: Ubuntu 22.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 15.57GiB
 Name: ub2204
 ID: 7ecbea20-6ef6-4a54-83e6-a66e62ca30cb
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/networkingarea/networking/dnsinvalidkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/26.1

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy