Network timeout when top two DNS servers in /etc/resolv.conf are IPv6 addresses

[mallorydxw]

Expected behavior

$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
8ddc19f16526: Pull complete 
Digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6
Status: Downloaded newer image for busybox:latest

Actual behavior

$ docker pull busybox
Using default tag: latest
Pulling repository docker.io/library/busybox
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/busybox/images. You may want to check your internet connection or if you are behind a proxy.

Information

• Diagnostic ID: 41904CCA-8136-415B-978E-881FBECA4F19
• host distribution and version: 10.11.6 (15G31)

Steps to reproduce the behavior

1. (Using a host with IPv6 connectivity - this may work on a host without, I don't know)
2. System Preferences > Network > Advanced > DNS
3. Set the first DNS server in the list to 2001:4860:4860::8888 (these are Google's public DNS servers, I imagine the issue would present the same with any v6 servers)
4. Set the second DNS server to 2001:4860:4860::8844
5. Set the third DNS server in the list to 8.8.8.8
6. Press Ok
7. Press Apply
8. Run docker pull busybox

To not see this behaviour:

1. Move the v4 DNS server to the top of the list, or move it to the second place in the list
2. Press Ok
3. Press Apply
4. Run docker pull busybox

(As far as I can tell, Docker for Mac is only looking at the first two entries in /etc/resolv.conf then it gives up, and for whatever reason it has no access to the v6 internet)

This issue was previously discussed on the forums: https://forums.docker.com/t/error-network-timed-out-while-trying-to-connect-to-index-docker-io/17206

[avsm]

Thanks for the detailed report! I'm testing a workaround to the immediate issue in moby/vpnkit#95, and will follow up on V6 forwarding support.

[djs55]

We don't have IPv6 support yet, but the workaround has been released in the beta channel.

I downloaded beta 24, and edited my DNS server list as above. I then saw:

$ syslog -k Sender Docker
Sep  1 14:16:54 Davids-MacBook-Pro-2 Docker[3311] <Notice>: SC database lists DNS servers: 8.8.8.8
Sep  1 14:16:54 Davids-MacBook-Pro-2 Docker[3309] <Notice>: updating resolvers to 8.8.8.8:53
Sep  1 14:16:54 Davids-MacBook-Pro-2 Docker[3309] <Notice>: using DNS forwarders on 8.8.8.8#53

Note the IPv6 addresses have been filtered out, for now.

I was then able to:

$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
Digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6
Status: Image is up to date for busy box:latest

IPv6 is on the to-do list but it's queued behind a number of other DNS and VPN fixes.

I'll close this issue for now, please do give it a go yourself and re-open if you have problems with the workaround. Feel free to open a separate issue to describe your IPv6 use-cases/requirements too (e.g. is the most important thing to be able to pull images from a registry over IPv6; to expose ports over IPv6 or to have containers directly access the IPv6 internet?)

[narqo]

@djs55 is there a public issue about IPv6 support in Docker for Mac that one can follow? It's a blocker for us to start using Docker locally for development, as most of our services are IPv6-only.

[djs55]

@narqo I think the best issue is this one: #1432

FWIW in latest edge the IPv6 DNS issue should be fixed -- we now use the Mac's built-in resolver directly rather than raw UDP/TCP. We still present an IPv4 interface to the VM and containers though :(

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked