debugdockerMinor
DNS resolution fails when container is started via docker-compose
Viewed 0 times
failsstartedcontainerdockerviadnscomposewhenresolution
Problem
I recently decided to try out windows containers and i am using my private minecraft server for that purpose (as a hobby project).
I have an image prepared, based on Windows Server Core 2022.
When i start the container manually, it works perfectly:
(i am mounting the minecraft server folder to allow a persistent world and server config)
However, i usually use the following docker-compose file to simplify this process:
Doing this, the container and server process inside it start up normally, but connecting to it leads to some error message claiming the minecraft authentication servers were down (they are nof course not). A nearly identical compose file work perfectly fine with linux containers (on the same host system).
The weird part is that i built that image that i use to start the contianer manually with the above mentioned compose file. It seems to me that, when starting the service via docker-compose, something is blocking communication from the container to mojangs servers, but not incoming connections from the clients (i can see the failed connection attempt and name of the connecting account in the servers console output). However, i can not for the life of me, figure out what. I have tried removing everything except the bare minimum (context, ports and volumes) from the compose file, but to no avail.
Are there any relevant differences in how docker-compose configures networking and firewalls on a container vs what docker run does? Specifically in in
I have an image prepared, based on Windows Server Core 2022.
When i start the container manually, it works perfectly:
docker run -it -p 25565:25565 --mount type=bind,source="C:\MinecraftDocker\MinecraftServer",target=C:/MinecraftServer minecraft:winserver2022
(i am mounting the minecraft server folder to allow a persistent world and server config)
However, i usually use the following docker-compose file to simplify this process:
services:
mc-server:
build:
context: .
dockerfile: Dockerfile_server2022
image: minecraft:winserver2022
platform: windows
container_name: MinecraftServer
restart: unless-stopped
ports:
- "25565:25565"
volumes:
- type: bind
source: C:/MinecraftDocker/MinecraftServer
target: C:/MinecraftServer
Doing this, the container and server process inside it start up normally, but connecting to it leads to some error message claiming the minecraft authentication servers were down (they are nof course not). A nearly identical compose file work perfectly fine with linux containers (on the same host system).
The weird part is that i built that image that i use to start the contianer manually with the above mentioned compose file. It seems to me that, when starting the service via docker-compose, something is blocking communication from the container to mojangs servers, but not incoming connections from the clients (i can see the failed connection attempt and name of the connecting account in the servers console output). However, i can not for the life of me, figure out what. I have tried removing everything except the bare minimum (context, ports and volumes) from the compose file, but to no avail.
Are there any relevant differences in how docker-compose configures networking and firewalls on a container vs what docker run does? Specifically in in
Solution
Workaround
While have not found the root cause for why this only affects the specific combination of windows containers and docker-compose, i want to add the workaround mentioned in the second edit for other peoples benefit:
I solved my problem by overriding the container's primary DNS server. After adding this into the service's config, it is suddenly able to resolve host names just fine:
Turns out the docker container attempts to get DNS responses from the gateway configured in the network that compose generates, and for some reason only gets "server failed" responses. Conversely, docker run just grabs the hosts DNS config which is why that works. Why only my windows containers are affected, i do not know.
Further reading:
DNS in the compose file reference
A guide on networking in compose
While have not found the root cause for why this only affects the specific combination of windows containers and docker-compose, i want to add the workaround mentioned in the second edit for other peoples benefit:
I solved my problem by overriding the container's primary DNS server. After adding this into the service's config, it is suddenly able to resolve host names just fine:
dns:
Turns out the docker container attempts to get DNS responses from the gateway configured in the network that compose generates, and for some reason only gets "server failed" responses. Conversely, docker run just grabs the hosts DNS config which is why that works. Why only my windows containers are affected, i do not know.
Further reading:
DNS in the compose file reference
A guide on networking in compose
Context
StackExchange DevOps Q#14881, answer score: 3
Revisions (0)
No revisions yet.