Docker: Temporary failure resolving 'deb.debian.org'

Question

I have a Rails application that I want to deploy using Docker on an Ubuntu server. I have the Dockerfile for the application already set up, right now I want to view the nginx conf in its container.

I ran the command below to start an nginx container in an interactive mode:

docker run -i -t nginx:latest /bin/bash

Right now I am trying to install nano editor in order to view the configuration for nginx configuration (nginx.conf) using the commands below:

apt-get update
apt-get install nano
export TERM=xterm

However, when I run the first command apt-get update, I get the error below:

Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease                  
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done    
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease  Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

I have checked very well it has nothing to do with network connectivity. I would need some help. Thank you.

Answer 1

Try restarting Docker.

One of these should work:

sudo service docker restart
sudo /etc/init.d/docker restart
sudo snap restart docker

Even in cases where Docker never worked before, some commenters said this was helpful. However, you may have a different issue.

Answer 2

Specifying a DNS server for docker containers helped me.

Create a /etc/docker/daemon.json file with this content:

{
  "dns": ["8.8.8.8", "8.8.4.4"]
}

and restart the docker service:

sudo service docker restart

src: https://docs.docker.com/engine/install/linux-postinstall/#specify-dns-servers-for-docker

Answer 3

Perhaps the network on the VM is not communicating with the default network created by docker during the build (bridge), so try "host" network :

docker build --network host -t [image_name]

for docker-compose:

service_name:
    container_name: name
    build: 
      context: .
      network: host

Answer 4

If you have VPN running, stop it and try again. It solved for me!

Answer 5

Here's how I solved it:

Start the docker container for the application in an interactive mode, in my case it an nginx container :

docker run -i -t nginx:latest /bin/bash

Run the command below to grant read permission to the others role for the resolv.conf file:

chmod o+r /etc/resolv.conf

Note: If you are having this issue on your host machine (Ubuntu Linux OS) and not for the Docker containers, then run the same command adding sudo to it in the host machine terminal:

sudo chmod o+r /etc/resolv.conf

Endeavour to exit your bash interactive terminal once you run this:

exit

And then open a new bash interactive terminal and run the commands again:

apt-get update
apt-get install nano
export TERM=xterm

Everything should work fine now.

Reference to this on Digital Ocean: Apt error: Temporary failure resolving 'deb.debian.org'

That's all.

Answer 6

sudo vi /etc/docker/daemon.json

and check flag of iptables, aslo add DNS if not added

{...., "iptables":true,"dns": ["8.8.8.8", "8.8.4.4"]}

then

sudo service docker restart

solved me

Answer 7

Run this command:

echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" |sudo tee -a /etc/resolv.conf

After that run-

sudo apt-get update

This worked for me.

Answer 8

I had the same problem and in my case it was file access control.

I uses extended acls on the docker root folder and did not realize it, because they where inherited from the folder above (stupid idea to test docker in a "scratch" directory where permissions are set via extended acls).

This lead to the situation that "/etc/resolv.conf" had setting "640" inside the running docker container with a "+" marking the extended acls. But the image did not have extended acls installed and could not handle it.

The weird thing was that, as far as I can see, all other network tools worked (e.g. ping) but only apt could no access the DNS resolver.

After removing the extended acls from the docker root and setting the usual acls, everything worked inside the running container.

Similar to the answer of "Promise Prestion", but solved permanently for new containers, too.

Answer 9

Under Debian, as root, I've ran:

/etc/init.d/docker restart

This solved the issue for me.

Then build and run the container again.

Answer 10

I easily resolved it via:

- docker exec -it nginx bash (Go inside container)
- ping google.com (if not working)
- exit (Exit from container)
- sudo service docker restart

Please also confirms /etc/sysctl.conf

- net.ipv4.ip_forward = 1

sudo sysctl -p /etc/sysctl.conf

Answer 11

I was having the wrong DNS IP address in my /etc/docker/daemon.json. In my case, it was my home router DNS IP address and I was trying from the office network. I found out my office DNS and updated with that.

{ 
  "dns": ["192.168.1.1"] 
}

Answer 12

I had a similar issue, I tried many suggested solutions, but my issue was gone after I rebooted my VM.

Answer 13

Similar issue, under debian. Root cause was a bad DOCKER-USER rule in iptables chain

Those rules have been haded

iptables -I DOCKER-USER -i eno1 -j DROP
iptables -I DOCKER-USER -s 90.62.xxx.xx/32 -i eno1 -j ACCEPT

so removing temporarily following rule fix the point

iptables -D DOCKER-USER -i eno1 -j DROP

Answer 14

Coming here from some docker cross compiling headache:

While forking some repo I manually downloaded its root folder containing confd stuff and added it just like the original maintainer did.

ADD root /

after this I was not able to apt update anymore.

I found that the permission of my root named folder was wrong. stat -f "%OLp" root revealed it is 700, but must be 755 to work.

Answer 15

I'm using Arch version 6.0.11 and docker version 20.10.21, and having this issues inside docker containers.

Thanks to @Marco, that was the initial hint to solve this. The problem is related to the use of extended ACLs in the host system.

The docker root folder has ACLs, you can see this as it has a plus sign at the end of permissions "+":

$ sudo ls -lh /var/lib/docker
drw-rw-r--+    3 root root 4.0K Nov 24  2021 network

And what is the problem? Some docker images does not have ACLs installed, so as it was pointed this causes an issue.

Other network tools like curl resolved DNS properly, but apt or git have problems with DNS resolution.

---

TLDR; Where is the fix? Modify ACL to set default rx to others.

setfacl -R -d -m o::rx /var/lib/docker

After that, all network tools will be able to perform DNS resolution.

Credits:

Marco comment

Closed git issue in docker

Answer 16

The answer from @Mario Olivio Flores suggests using the service command. That is correct and probably works currently on all Linux distributions. However, as most Linux distributions prefer systemd over systemV, it seems better to use just that with the following command:

sudo systemctl restart docker

For example, on my Linux distribution the service script located at /usr/sbin/service just wraps systemctl, see this excerpt:

# When this machine is running systemd, standard service calls are turned into
# systemctl calls.
if [ -n "$is_systemd" ]
then
   UNIT="${SERVICE%.sh}.service"

   case "${ACTION}" in
      restart|status|try-restart)
         exec systemctl $sctl_args ${ACTION} ${UNIT}
      ;;

Answer 17

For me, it turned out to be a random WSL 2 issue -- running wsl --shutdown and restarting the containers solved it for me.

Answer 18

It used to work before, then I got the same error. I've had a Debian and a Docker update in the meantime however. And I've found, that the latest Docker on debian/bookworm has this /etc/docker/daemon.json config:

{
     "bridge": "none"
}

Changing "none" to "" followed by the command systemctl docker restart solved my problem. Seems like it uses the default bridge that I have had before, you may have to create it.