2

I'm running a Docker container which clones some git repositories and builds a project inside of itself.

It clones code from 2 different repositories: one is public github.com and the other one is private my.companys.github.enterprise.net and is only accessible through VPN.

In my resolv.conf I have 2 nameservers: one for public services and one for VPN:

nameserver 8.8.8.8
nameserver 10.10.3.3

When I try to clone repositories inside my docker container it can only resolve github.com repositories and can't resolve my.companys.github.enterprise.net repositories.

If I switch around the lines in my resolv.conf, then it can only resolve my.companys.github.enterprise.net and not the github.com ones.

Is there a way to allow Docker to resolve both links to repositories using 2 different nameservers from resolv.conf instead of just trying the first one?

SergeyOvchinnik
  • 2,367

1 Answers1

3

Your confusion is that nameserver entries in /etc/resolv.conf are assumed to be equivalent (i.e., mirrors, and will provide the same answers no matter which one is asked). If one nameserver responds with "that doesn't exist", the resolution code is done, it does not try other nameservers looking for a different answer. The resolver code is in libc and is very simple.

The easiest solution to fix this is to run a local nameserver in Docker (BIND or unbound packages) that has the smarts to know about the public name space and the "alternate universe" that is your private name space, usually configured by using forwarding or "stub" zones. Google is your friend to set that up. Then have just one nameserver entry in /etc/resolv.conf that points to 127.0.0.1.

milli
  • 2,030