Introduction DNS resolution failures inside Docker containers prevent them from reaching external services, APIs, and even other containers. This is often caused by host DNS configuration changes, Docker's embedded DNS server issues, or custom network DNS settings.

Symptoms - `nslookup` or `dig` inside container fails - Error: "Could not resolve host: api.example.com" - Container can ping IP addresses but not hostnames - DNS works on host but not in containers - Intermittent DNS failures under load

Common Causes - Docker's embedded DNS (127.0.0.11) not functioning - Host resolv.conf pointing to unreachable DNS server - Docker daemon not configured with proper DNS servers - Container network DNS not inherited from host - iptables blocking UDP port 53

Step-by-Step Fix 1. **Test DNS resolution inside container**: ```bash docker run --rm busybox nslookup google.com docker run --rm busybox cat /etc/resolv.conf ```

  1. 1.Configure Docker daemon DNS servers:
  2. 2.Create /etc/docker/daemon.json:
  3. 3.```json
  4. 4.{
  5. 5."dns": ["8.8.8.8", "8.8.4.4", "1.1.1.1"]
  6. 6.}
  7. 7.`
  8. 8.Then restart Docker: systemctl restart docker
  9. 9.Set DNS for specific containers:
  10. 10.```bash
  11. 11.docker run --dns=8.8.8.8 --dns=1.1.1.1 my-app
  12. 12.# Or in docker-compose:
  13. 13.# dns:
  14. 14.# - 8.8.8.8
  15. 15.# - 1.1.1.1
  16. 16.`
  17. 17.Fix host resolv.conf if Docker inherits bad DNS:
  18. 18.```bash
  19. 19.echo "nameserver 8.8.8.8" > /etc/resolv.conf
  20. 20.echo "nameserver 1.1.1.1" >> /etc/resolv.conf
  21. 21.systemctl restart docker
  22. 22.`

Prevention - Configure explicit DNS servers in Docker daemon.json - Use public DNS (8.8.8.8, 1.1.1.1) as fallback - Test DNS after any network configuration changes - Use Docker's embedded DNS for container-to-container resolution - Monitor container DNS resolution failures