Windows Containers hosted on Windows 10 lose their DNS

I’m facing this situation where my windows based containers lose their ability to resolve DNS.

This is what happens

  • Docker nodejs build works locally but hangs on server
  • Where are docker images stored by boot2docker?
  • Signatures couldn't be verified because the public key is not available error while installing docker
  • Couldn't connect to the Docker daemon due to an SSL
  • Printing docker container id in Spring boot app
  • What is the correct way to have Tensorflow available in a docker container or docker image?
  • To start a container to test dns resolving

    docker run -it microsoft/windowsservercore powershell

    From inside the container


    Test-NetConnection google.com -Port 443

    Fails with

    PS C:> Test-NetConnection google.com -Port 443
    WARNING: Name resolution of google.com failed — Status: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server
    ComputerName : google.com
    RemoteAddress :
    InterfaceAlias :
    SourceAddress :
    PingSucceeded : False

    but should be something like this

    PS C:\Users\asarafian> Test-NetConnection google.com -Port 443
    ComputerName : google.com
    RemoteAddress : 216.58.204.14
    RemotePort : 443
    InterfaceAlias : vEthernet (External Virtual Switch)
    SourceAddress : 10.98.5.139
    TcpTestSucceeded : True

    I always hybernate the workstation (Windows 10) and on it I operate Hyper-V instances and Docker. The workstation is Windows 10 and from what I can tell when the problem happens is that it uses as DNS the ip of the Windows 10 host.

    From within the container

    PS C:\> ipconfig /all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : c7c016e13be8
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    
    Ethernet adapter Ethernet 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
       Physical Address. . . . . . . . . : Deducted
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::bc61:e687:4676:353a%5(Preferred)
       IPv4 Address. . . . . . . . . . . : 172.19.143.229(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 172.19.128.1
       DHCPv6 IAID . . . . . . . . . . . : Deducted
       DHCPv6 Client DUID. . . . . . . . : Deducted
       DNS Servers . . . . . . . . . . . : 172.19.128.1
       NetBIOS over Tcpip. . . . . . . . : Disabled
    

    172.19.128.1 is my windows 10 host ip.

    At the same time, when the Windows 10 host containers are stuck, everything else resolves DNS normally.

    • Any process on Windows 10.
    • Hyper-V instances on Windows 10.
    • Container’s hosted on Hyper-V instances on Windows 10.

    Restarting the machine doesn’t fix the problem. This is the second time that this occurs. Previous time I had to reset the entire docker installation to fix the issue. I would like to avoid this and understand what the problem is and how to fix it.

    Docker version is

    C:\Users\asarafian>docker version
    Client:
     Version:      17.03.1-ce-rc1
     API version:  1.27
     Go version:   go1.7.5
     Git commit:   3476dbf
     Built:        Wed Mar 15 20:33:22 2017
     OS/Arch:      windows/amd64
    
    Server:
     Version:      17.03.1-ce-rc1
     API version:  1.27 (minimum version 1.24)
     Go version:   go1.7.5
     Git commit:   3476dbf
     Built:        Wed Mar 15 20:33:22 2017
     OS/Arch:      windows/amd64
     Experimental: false
    

    Update 1 – 20170408

    As per request of @chris-lawrence comment, the following are an ipconfig /all from the host and from inside the container. The interesting aspect is that the dns resolution works from inside the container.

    Inside the container

    PS C:\> ipconfig /all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : 476d22f638ea
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : home
    
    Ethernet adapter Ethernet 2:
    
       Connection-specific DNS Suffix  . : home
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
       Physical Address. . . . . . . . . : 00-15-5D-53-0A-2A
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::ad59:83cc:6e64:944a%5(Preferred)
       IPv4 Address. . . . . . . . . . . : 172.19.132.10(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 172.19.128.1
       DHCPv6 IAID . . . . . . . . . . . : 83891549
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-7A-A9-D0-00-15-5D-53-0A-2A
       DNS Servers . . . . . . . . . . . : 172.19.128.1
                                           192.168.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled
    

    On the container host

    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : MECDEVASAR03
       Primary Dns Suffix  . . . . . . . : global.sdl.corp
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : global.sdl.corp
                                           sdl.corp
                                           maidenhead.sdl.corp
                                           sheffield.sdl.corp
                                           development.sheffield.sdl.corp
                                           irv.languageweaver.com
                                           languageweaver.com
                                           montreal.sdl.corp
                                           singapore.sdl.corp
                                           bray.sdl.corp
                                           seoul.sdl.corp
                                           idiominc.priv
                                           sdlproducts.com
                                           lan.lon.sdlproducts.com
                                           freetranslation.corp
                                           xyenterprise.com
                                           alterian.com
                                           ams.dev
                                           sdlntt.corp
    
    Ethernet adapter vEthernet (HNS Internal NIC):
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
       Physical Address. . . . . . . . . : 00-15-5D-53-04-CB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::f5c8:e8c7:1ad0:d845%26(Preferred) 
       IPv4 Address. . . . . . . . . . . : 172.19.128.1(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 
       DHCPv6 IAID . . . . . . . . . . . : 436213085
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AD-0A-F4-18-DB-F2-15-03-E7
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Ethernet adapter vEthernet (External Virtual Switch):
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : global.sdl.corp
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
       Physical Address. . . . . . . . . : 18-DB-F2-15-03-E7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Wireless LAN adapter Local Area Connection* 2:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
       Physical Address. . . . . . . . . : B8-08-CF-44-25-D9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Wireless LAN adapter Wi-Fi:
    
       Connection-specific DNS Suffix  . : home
       Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8260
       Physical Address. . . . . . . . . : B8-08-CF-44-25-D8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::6d3a:ef28:a057:6108%18(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.0.103(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Saturday, 8 April 2017 16:17:24
       Lease Expires . . . . . . . . . . : Saturday, 15 April 2017 16:24:09
       Default Gateway . . . . . . . . . : 192.168.0.1
       DHCP Server . . . . . . . . . . . : 192.168.0.1
       DHCPv6 IAID . . . . . . . . . . . : 45615311
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AD-0A-F4-18-DB-F2-15-03-E7
       DNS Servers . . . . . . . . . . . : 192.168.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Ethernet adapter Bluetooth Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : B8-08-CF-44-25-DC
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.global.sdl.corp:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : global.sdl.corp       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{5C890AAE-6E73-44BB-BB1E-DE8EB4794BF8}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.home:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : home
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    

    Just at of curiosity, I’ve checked the state of the hyper-v instances and they are off. My feeling is that there is something strange going on when the hyper-v(s). I’m mostly suspicious that something strange happens when the system resumes from hybernation when an hyper-v instance was running. I’ll do a check….

    I did the check and everything is still ok. But the hyper-v(s) are setup for the wired netword adapter and as such on WIFI then don’t get network. Could be that in this case they don’t interfere.

    Update 2 – 20170411

    As per request of @chris-lawrence comment, the following are an ipconfig /all from the host and from inside the container on the network that has the problem. At this moment of time the firewall on the container host is switched off, as @GSA had suggested.

    Inside the container

    PS C:> ipconfig /all

    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : d4e9a6d59f93
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    
    Ethernet adapter Ethernet 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
       Physical Address. . . . . . . . . : 00-15-5D-53-00-71
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::a08a:68b:1c3d:fe6e%5(Preferred)
       IPv4 Address. . . . . . . . . . . : 172.19.135.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 172.19.128.1
       DHCPv6 IAID . . . . . . . . . . . : 83891549
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-7E-30-BE-00-15-5D-53-00-71
       DNS Servers . . . . . . . . . . . : 172.19.128.1
       NetBIOS over Tcpip. . . . . . . . : Disabled
    

    I notice that the there is only one dns entry 172.19.128.1 which is the internal docker.

    On the container host

    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : MECDEVASAR03
       Primary Dns Suffix  . . . . . . . : global.sdl.corp
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : global.sdl.corp
                                           sdl.corp
                                           maidenhead.sdl.corp
                                           sheffield.sdl.corp
                                           development.sheffield.sdl.corp
                                           irv.languageweaver.com
                                           languageweaver.com
                                           montreal.sdl.corp
                                           singapore.sdl.corp
                                           bray.sdl.corp
                                           seoul.sdl.corp
                                           idiominc.priv
                                           sdlproducts.com
                                           lan.lon.sdlproducts.com
                                           freetranslation.corp
                                           xyenterprise.com
                                           alterian.com
                                           ams.dev
                                           sdlntt.corp
    
    Ethernet adapter vEthernet (HNS Internal NIC):
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
       Physical Address. . . . . . . . . : 00-15-5D-53-04-CB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::f5c8:e8c7:1ad0:d845%26(Preferred) 
       IPv4 Address. . . . . . . . . . . : 172.19.128.1(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.240.0
       Default Gateway . . . . . . . . . : 
       DHCPv6 IAID . . . . . . . . . . . : 436213085
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AD-0A-F4-18-DB-F2-15-03-E7
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Ethernet adapter vEthernet (External Virtual Switch):
    
       Connection-specific DNS Suffix  . : global.sdl.corp
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
       Physical Address. . . . . . . . . : 18-DB-F2-15-03-E7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5814:8934:3247:a4bf%10(Preferred) 
       IPv4 Address. . . . . . . . . . . : 10.98.5.139(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Lease Obtained. . . . . . . . . . : Tuesday, 11 April 2017 08:08:21
       Lease Expires . . . . . . . . . . : Wednesday, 19 April 2017 08:08:20
       Default Gateway . . . . . . . . . : 10.98.1.1
       DHCP Server . . . . . . . . . . . : 10.98.3.7
       DHCPv6 IAID . . . . . . . . . . . : 504945650
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AD-0A-F4-18-DB-F2-15-03-E7
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
                                           10.98.3.7
                                           10.98.3.5
                                           10.20.3.169
       Primary WINS Server . . . . . . . : 10.100.3.100
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Wireless LAN adapter Local Area Connection* 2:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
       Physical Address. . . . . . . . . : B8-08-CF-44-25-D9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Bluetooth Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : B8-08-CF-44-25-DC
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter vEthernet (Wireless External Virtual Switch):
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : global.sdl.corp
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
       Physical Address. . . . . . . . . : B8-08-CF-44-25-D8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.global.sdl.corp:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : global.sdl.corp
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{5C890AAE-6E73-44BB-BB1E-DE8EB4794BF8}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    

    Update 3 – Problem fixed

    I just upgraded to the Windows 10 creators update and suddenly the problem has stopped. For now, I consider the issue fixed through a Windows Update. But to whoever has a similar issue, I was just a week behind on the updates and I don’t believe that that was the issue. To be seen if it happens again.

  • Docker, CoreOS and fleet based deployments
  • Pycharm 2017.1 EAP Python Console and Remote Docker Interpreter not working together
  • Kubernetes: stop CloudSQL-proxy sidecar container in multi container Pod/Job
  • Install pylint in Alpine Linux based Docker Image
  • Change “hosts” / “-h” Docker for Windows in daemon.json
  • docker compose inside docker in a docker
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.