Ubuntu – Slow DNS resolution inside docker container

dockernetworkingUbuntu

I've stuck with a problem of a very slow DNS resolution inside docker container. Simple GET to a 'google.com' takes about 4s to finish while the same request on host takes 0.052 ms. Also request works perfectly if I send it to an IP address that's why I suggested DNS problem. I've searched for an answer most of them were about setting dns servers in a /etc/docker/daemon.json which I did but that didn't help my problem. Server runs on Ubuntu 16.04. I also have a dev server which runs same configurations but it works fine.

Host:

time curl -g 'google.com'

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

real    0m0.052s
user    0m0.004s
sys 0m0.004s

time nslookup google.com

Server:     188.93.16.19
Address:    188.93.16.19#53

Non-authoritative answer:
Name:   google.com
Address: 173.194.73.102
Name:   google.com
Address: 173.194.73.139
Name:   google.com
Address: 173.194.73.100
Name:   google.com
Address: 173.194.73.113
Name:   google.com
Address: 173.194.73.138
Name:   google.com
Address: 173.194.73.101


real    0m0.013s
user    0m0.004s
sys 0m0.004s

Container:

time curl -g https://google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

real    0m4.592s
user    0m0.004s
sys 0m0.012s

time nslookup google.com

Server:     127.0.0.11
Address:    127.0.0.11#53

Non-authoritative answer:
Name:   google.com
Address: 64.233.165.139
Name:   google.com
Address: 64.233.165.101
Name:   google.com
Address: 64.233.165.102
Name:   google.com
Address: 64.233.165.113
Name:   google.com
Address: 64.233.165.100
Name:   google.com
Address: 64.233.165.138


real    0m4.029s
user    0m0.008s
sys 0m0.004s

daemon.json:

{
    "dns": ["188.93.16.19", "188.93.17.19", "8.8.8.8", "8.8.8.4"]
}

Best Answer

Solved the problem by removing every DNS server except 8.8.8.8 from daemon.json. This is the only one server that resolves domain fast in my case. Tested differrent servers via docker run --dns=<dns server> <image name> curl -g 'google.com'.

Related Solutions

Docker – How to debug a docker container initialization

Docker events command may help and Docker logs command can fetch logs even after the image failed to start.

First start docker events in the background to see whats going on.

docker events&

Then run your failing docker run ... command. Then you should see something like the following on screen:

2015-12-22T15:13:05.503402713+02:00 xxxxxxxacd8ca86df9eac5fd5466884c0b42a06293ccff0b5101b5987f5da07d: (from xxx/xxx:latest) die

Then you can get the startup hex id from previous message or the output of the run command. Then you can use it with the logs command:

docker logs <copy the instance id from docker events messages on screen>

You should now see some output from the failed image startup.

As @alexkb suggested in a comment: docker events& can be troublesome if your container is being constantly restarted from something like AWS ECS service. In this scenario it may be easier to get the container hex id out of the logs in /var/log/ecs/ecs-agent.log.<DATE>. Then use docker logs <hex id>.

Docker – Container Time & Timezone Issues

The secret here is that dpkg-reconfigure tzdata simply creates /etc/localtime as a copy, hardlink or symlink (a symlink is preferred) to a file in /usr/share/zoneinfo. So it is possible to do this entirely from your Dockerfile. Consider:

ENV TZ=America/Los_Angeles
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

And as a bonus, TZ will be set correctly in the container as well.

This is also distribution-agnostic, so it works with pretty much any Linux.

Note: if you are using an alpine based image you have to install the tzdata first. (see this issue here)

Looks like this:

RUN apk add --no-cache tzdata
ENV TZ America/Los_Angeles

Best Answer

Related Solutions

Docker – How to debug a docker container initialization

Docker – Container Time & Timezone Issues

Related Topic