Useful or not, from you.
for-win DNS resolution of short names on Windows not working

<!-- Replace - [ ] with - [x], or click after having submitted the issue. --> <!-- Download Docker Desktop 'Edge' (latest build) here: https://hub.docker.com/editions/community/docker-ce-desktop-windows -->

  • [x] I have tried with the latest version of my channel (Stable or Edge)
  • [x] I have uploaded Diagnostics
  • Diagnostics ID: 53C998BD-DB0C-42FF-A5CE-7F86575C5F45/20190805102338

When in Linux container mode, Docker is not able to resolve the server srv1s00383 anymore. Using the FQDN srv1s00383.business.company.com still works. This worked before updating to Docker 2.1.0.0 and also still works on our machines that have not been updated.

It still works in 2.1.0.0 when in Windows container mode. So the problem seems to be related with the Moby VM not always using the DNS server of the host.

Expected behavior

C:\Users\xxx>docker login srv1s00383:443 Authenticating with existing credentials... Login Succeeded

C:\Users\xxx>docker login srv1s00383.business.company.com:443 Authenticating with existing credentials... Login Succeeded

Actual behavior

C:\Users\xxx>docker login srv1s00383:443 Authenticating with existing credentials... Login did not succeed, error: Error response from daemon: Get https://srv1s00383:443/v2/: dial tcp: lookup srv1s00383 on 192.168.65.1:53: no such host

C:\Users\xxx>docker login srv1s00383.business.company.com:443 Authenticating with existing credentials... Login Succeeded

Information

  • Windows Version: Windows 10 Version 1803 Build 17134.885
  • Docker Desktop Version: 2.1.0.0 (36874)

docker version

Client: Docker Engine - Community
 Version:           19.03.1
 API version:       1.40
 Go version:        go1.12.5
 Git commit:        74b1e89
 Built:             Thu Jul 25 21:17:08 2019
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.1
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.5
  Git commit:       74b1e89
  Built:            Thu Jul 25 21:17:52 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Steps to reproduce the behavior

  1. docker login <shortname>:443
That's a useful answer
Without any help

This issue is also affecting me on both stable and edge 19.03.1. I have tried overriding DNS by setting a fixed DNS server in the network tab of setting and have also tried modifying the dockerd config json by adding "dns": ["192.168.1.2"], but neither attempt was successful.

docker pull my-intranet-registry:5000/my-image:latest
51c0fed8d2e38fba068d3e0f57a
Error response from daemon: Get https://my-intranet-registry:5000/v2/: dial tcp: lookup my-intranet-registry on 192.168.65.1:53: no such host

I have also tried the usual other Docker Desktop troubleshooting techniques (restart Docker, quit Docker, restart Windows, etc.) without success. This issue began happening after updating to Docker 2.1.0.0.

Diagnostics ID: 4E818E43-38AC-4E5E-AEAC-4C617B571847/20190805134240

Log file excerpt after running docker pull my-intranet-registry:5000/my-image:

[09:45:20.935][ApiProxy          ][Info   ] time="2019-08-05T09:45:20-04:00" msg="proxy >> HEAD /_ping\n"
[09:45:20.947][ApiProxy          ][Info   ] time="2019-08-05T09:45:20-04:00" msg="proxy << HEAD /_ping (12.091ms)\n"
[09:45:20.948][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[09:45:21.135][ApiProxy          ][Info   ] time="2019-08-05T09:45:21-04:00" msg="proxy >> POST /v1.40/images/create?fromImage=my-intranet-registry%3A5000%2Fmy-image&tag=latest\n"
[09:45:21.143][APIRequestLogger  ][Info   ] [e6b4cfdd-181d-4d72-a11c-cca5f2641f30] POST http://unix/usage
[09:45:21.144][APIRequestLogger  ][Info   ] [e6b4cfdd-181d-4d72-a11c-cca5f2641f30] POST http://unix/usage -> 200 OK took 0ms
[09:45:21.965][ApiProxy          ][Info   ] time="2019-08-05T09:45:21-04:00" msg="DNS failure: my-intranet-registry.\tIN\t A: errno 9002: DnsQuery: DNS server failure."
[09:45:21.966][ApiProxy          ][Info   ] time="2019-08-05T09:45:21-04:00" msg="DNS failure: my-intranet-registry.\tIN\t AAAA: errno 9002: DnsQuery: DNS server failure."
[09:45:22.793][ApiProxy          ][Info   ] time="2019-08-05T09:45:22-04:00" msg="DNS failure: my-intranet-registry.\tIN\t AAAA: errno 9002: DnsQuery: DNS server failure."
[09:45:22.794][ApiProxy          ][Info   ] time="2019-08-05T09:45:22-04:00" msg="DNS failure: my-intranet-registry.\tIN\t A: errno 9002: DnsQuery: DNS server failure."
[09:45:23.621][ApiProxy          ][Info   ] time="2019-08-05T09:45:23-04:00" msg="DNS failure: my-intranet-registry.\tIN\t AAAA: errno 9002: DnsQuery: DNS server failure."
[09:45:23.621][ApiProxy          ][Info   ] time="2019-08-05T09:45:23-04:00" msg="DNS failure: my-intranet-registry.\tIN\t A: errno 9002: DnsQuery: DNS server failure."
[09:45:24.450][ApiProxy          ][Info   ] time="2019-08-05T09:45:24-04:00" msg="DNS failure: my-intranet-registry.\tIN\t A: errno 9002: DnsQuery: DNS server failure."
[09:45:24.452][ApiProxy          ][Info   ] time="2019-08-05T09:45:24-04:00" msg="DNS failure: my-intranet-registry.\tIN\t AAAA: errno 9002: DnsQuery: DNS server failure."
[09:45:24.455][ApiProxy          ][Info   ] time="2019-08-05T09:45:24-04:00" msg="proxy << POST /v1.40/images/create?fromImage=my-intranet-registry%3A5000%2Fmy-image&tag=latest (3.3202423s)\n"
[09:45:24.456][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.

Note that my-intranet-registry and my-image are stand-ins for the purpose of this issue.

The only known resolution is downgrading to the previous Docker Desktop stable build.

Edit 1

I now understand this to be a DNS search domain issue. If I run:

docker pull my-intranet-registry.MYDOMAIN:5000/my-image:latest
Error response from daemon: Get https://my-intranet-registry.MYDOMAIN:5000/v2/: x509: certificate is valid for my-intranet-registry, not my-intranet-registry.MYDOMAIN

So, as the initial issue description states, it is able to resolve the record when not using a short name. With this in mind, I tried adding "dns-search": [ "MYDOMAIN" ], to my docker daemon config but it did not change the result. Here is my current config (with some stand-in values):

{
  "dns": [
    "192.168.1.2"
  ],
  "dns-search": [
    "MYDOMAIN"
  ],
  "registry-mirrors": [],
  "insecure-registries": [],
  "debug": true,
  "experimental": true
}

This is the resultant resolv.conf that the moby VM has:

PS C:\Users\amazzarella> docker run --rm -it -v /etc/resolv.conf:/mnt/resolv.conf:ro ubuntu:latest /bin/bash
root@db1cd1805dac:/# cat /mnt/resolv.conf
# This configuration is written to the config.iso
nameserver 192.168.65.1