Docker DNS with Multiple Projects Using the Same Network

Question

I have the following docker-compose.yml file:

version: '3'
services:
    frontend:
        image: alpine
        command: tail -f /dev/null
        networks:
            - shared
            - default
    backend:
        image: alpine
        command: tail -f /dev/null
        networks:
            - shared
            - default
networks:
    shared:
        external: true

Based on the file from above I create two projects which use the same network (shared) and the same service names (frontend and backend):

docker-compose -p foo up -d
docker-compose -p bar up -d

Does the DNS of docker make sure that docker-compose -p foo exec frontend ping backend only resolves to the backend container in project foo and vice versa for project bar?

Relevant [question](https://stackoverflow.com/q/38088279/10975585). — prd, Jul 25 '21 at 20:07

score 2 · Accepted Answer · answered Feb 04 '19 at 07:08

According to https://github.com/docker/compose/issues/4645, the resolve order in this case in non deterministic. Since the network is being converted to unordered dict in golang, the order is not preserved. Which implies https://github.com/docker/libnetwork/blob/master/sandbox.go#L593 the order of endpoints being queried don't match the order of network.

The solution is to define https://docs.docker.com/compose/compose-file/compose-file-v2/#priority if using docker-compose version 2. Or fully qualified dns name as service.network such as backend.foo_default or backend.shared.

score 1 · Answer 2 · answered Feb 03 '19 at 20:42

1

Based on your setup I have used nslookup to find out whether the DNS resolution is isolated or not.

$ docker-compose -p foo exec frontend nslookup backend

Name:      backend
Address 1: 172.19.0.2 foo_backend_1.shared
Address 2: 172.19.0.4 bar_backend_1.shared

As you can see from the output above, backend resolves to both of the containers.

answered Feb 03 '19 at 20:42

prd

2,272
2
17
32

If assign a local network to both services. It seems that it only resolve to the local network service. I am not sure it’s the order of the network is important or not. – Morty Choi Feb 04 '19 at 00:42
1

@prd Was the description (i.e. `docker-compose.yml` file) different, when you wrote your answer? `nslookup` only finds the service of the `backend` of the network `default` on my Mac (`docker-compose version 1.29.2`) following the current description of the question and your answer. Maybe something changed in the newer Docker Compose version. – maiermic Jul 24 '21 at 17:24
1

@maiermic I guess something with Docker's name resolution must have changed. I could verify that the same setup does not work as described in my answer. [This](https://stackoverflow.com/a/48024244/10975585) might be relevant. – prd Jul 25 '21 at 20:05

score 0 · Answer 3 · answered Feb 04 '19 at 00:23

0

If you use docker swarm you can qualify hostnames with the service name to disambiguate containers. But I don't believe docker-compose does this.

answered Feb 04 '19 at 00:23

Ryan

4,594
1
32
35

Just tried, docker-compose support service.network to disambiguate. – Morty Choi Feb 04 '19 at 01:53
That's useful. Docker swarm does both I think. I guess depends if you'd rather be coupled to the service or the network. – Ryan Feb 04 '19 at 02:10

Docker DNS with Multiple Projects Using the Same Network

3 Answers3

Linked