Docker: Temporary failure resolving 'deb.debian.org'

PromisePreston
May 3, 2020
525 views
3 votes
17 Answers

I have a Rails application that I want to deploy using Docker on an Ubuntu server. I have the Dockerfile for the application already set up, right now I want to view the nginx conf in its container.

I ran the command below to start an nginx container in an interactive mode:

docker run -i -t nginx:latest /bin/bash

Right now I am trying to install nano editor in order to view the configuration for nginx configuration (nginx.conf) using the commands below:

apt-get update
apt-get install nano
export TERM=xterm

However, when I run the first command apt-get update, I get the error below:

Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease                  
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done    
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease  Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

I have checked very well it has nothing to do with network connectivity. I would need some help. Thank you.

Answers

Chosen as BEST ANSWER
- PromisePreston
- May 3, 2020 at 12:58 am
- 0 votes
0
Here's how I solved it:

Start the docker container for the application in an interactive mode, in my case it an nginx container :
```
docker run -i -t nginx:latest /bin/bash
```
Run the command below to grant read permission to the others role for the resolv.conf file:
```
chmod o+r /etc/resolv.conf
```
Note: If you are having this issue on your host machine (Ubuntu Linux OS) and not for the Docker containers, then run the same command adding sudo to it in the host machine terminal:
```
sudo chmod o+r /etc/resolv.conf
```
Endeavour to exit your bash interactive terminal once you run this:
```
exit
```
And then open a new bash interactive terminal and run the commands again:
```
apt-get update
apt-get install nano
export TERM=xterm
```
Everything should work fine now.

Reference to this on Digital Ocean: Apt error: Temporary failure resolving 'deb.debian.org'

That's all.

(Edit)

- JaydipChabhadiya
- May 3, 2020 at 6:57 am
- 0 votes
0
I easily resolved it via:
```
- docker exec -it nginx bash (Go inside container)
- ping google.com (if not working)
- exit (Exit from container)
- sudo service docker restart
```
Please also confirms /etc/sysctl.conf
```
- net.ipv4.ip_forward = 1
```
sudo sysctl -p /etc/sysctl.conf
Login or Signup to reply.

- FranciscoCardoso
- August 14, 2020 at 5:26 pm
- 0 votes
0
If you have VPN running, stop it and try again. It solved for me!

Login or Signup to reply.

- babis21
- September 2, 2020 at 4:30 pm
- 0 votes
0
I had a similar issue, I tried many suggested solutions, but my issue was gone after I rebooted my VM.

Login or Signup to reply.

- MarioOlivioFlores
- September 24, 2020 at 10:14 pm
- 0 votes
0
Try restarting Docker.

sudo service docker restart or sudo /etc/init.d/docker restart

For this to work, Docker should have been working fine in the past. If you never had Docker working in the first place, you probably have a different issue.

Login or Signup to reply.

- JemmyX
- January 27, 2021 at 8:17 pm
- 0 votes
0
Under Debian, as root, I’ve ran:
```
/etc/init.d/docker restart
```
This solved the issue for me.

Then build and run the container again.
Login or Signup to reply.

- manumazu
- March 19, 2021 at 9:00 pm
- 0 votes
0
Perhaps the network on the VM is not communicating with the default network created by docker during the build (bridge), so try "host" network :
```
docker build --network host -t [image_name]
```
for docker-compose:
```
service_name:
    container_name: name
    build: 
      context: .
      network: host
```
Login or Signup to reply.

- Marco
- March 25, 2021 at 3:50 pm
- 0 votes
0
I had the same problem and in my case it was file access control.

I uses extended acls on the docker root folder and did not realize it, because they where inherited from the folder above (stupid idea to test docker in a "scratch" directory where permissions are set via extended acls).

This lead to the situation that "/etc/resolv.conf" had setting "640" inside the running docker container with a "+" marking the extended acls. But the image did not have extended acls installed and could not handle it.

The weird thing was that, as far as I can see, all other network tools worked (e.g. ping) but only apt could no access the DNS resolver.

After removing the extended acls from the docker root and setting the usual acls, everything worked inside the running container.

Similar to the answer of "Promise Prestion", but solved permanently for new containers, too.

Login or Signup to reply.

- JKluseczka
- June 30, 2021 at 8:16 pm
- 0 votes
0
Specifying a DNS server for docker containers helped me.

Create a /etc/docker/daemon.json file with this content:
```
{
  "dns": ["8.8.8.8", "8.8.4.4"]
}
```
and restart the docker service:
```
sudo service docker restart
```
src: https://docs.docker.com/engine/install/linux-postinstall/#specify-dns-servers-for-docker
Login or Signup to reply.

- ctools
- July 15, 2021 at 3:35 pm
- 0 votes
0
Similar issue, under debian.
Root cause was a bad DOCKER-USER rule in iptables chain

Those rules have been haded
```
iptables -I DOCKER-USER -i eno1 -j DROP
iptables -I DOCKER-USER -s 90.62.xxx.xx/32 -i eno1 -j ACCEPT
```
so removing temporarily following rule fix the point
```
iptables -D DOCKER-USER -i eno1 -j DROP
```
Login or Signup to reply.

- Max
- October 10, 2021 at 12:02 am
- 0 votes
0
Coming here from some docker cross compiling headache:

While forking some repo I manually downloaded its root folder containing confd stuff and added it just like the original maintainer did.
```
ADD root /
```
after this I was not able to apt update anymore.

I found that the permission of my root named folder was wrong. stat -f "%OLp" root revealed it is 700, but must be 755 to work.
Login or Signup to reply.

- VictorOrletchi
- April 14, 2022 at 12:23 pm
- 0 votes
0
```
sudo vi /etc/docker/daemon.json
```
and check flag of iptables, aslo add DNS if not added
```
{...., "iptables":true,"dns": ["8.8.8.8", "8.8.4.4"]}
```
then
```
sudo service docker restart
```
solved me
Login or Signup to reply.

- MdAshikuzzaman
- May 20, 2022 at 8:30 am
- 0 votes
0
Run this command:

echo -e "nameserver 8.8.8.8nnameserver 8.8.4.4" |sudo tee -a /etc/resolv.conf

After that run-

sudo apt-get update

This worked for me.

Login or Signup to reply.

- shubhamrasal
- June 29, 2022 at 7:59 pm
- 0 votes
0
I was having the wrong DNS IP address in my /etc/docker/daemon.json. In my case, it was my home router DNS IP address and I was trying from the office network.
I found out my office DNS and updated with that.
```
{ 
  "dns": ["192.168.1.1"] 
}
```
Login or Signup to reply.

- ARodriguez
- December 11, 2022 at 7:55 pm
- 0 votes
0
I’m using Arch version 6.0.11 and docker version 20.10.21, and having this issues inside docker containers.

Thanks to @Marco, that was the initial hint to solve this. The problem is related to the use of extended ACLs in the host system.

The docker root folder has ACLs, you can see this as it has a plus sign at the end of permissions "+":
```
$ sudo ls -lh /var/lib/docker
drw-rw-r--+    3 root root 4.0K Nov 24  2021 network
```
And what is the problem? Some docker images does not have ACLs installed, so as it was pointed this causes an issue.

Other network tools like curl resolved DNS properly, but apt or git have problems with DNS resolution.

TLDR; Where is the fix? Modify ACL to set default rx to others.
```
setfacl -R -d -m o::rx /var/lib/docker
```
After that, all network tools will be able to perform DNS resolution.

Credits:

Marco comment

Closed git issue in docker
Login or Signup to reply.

- flyingdutchman
- February 27, 2023 at 1:06 pm
- 0 votes
0
The answer from @Mario Olivio Flores suggests using the service command. That is correct and probably works currently on all Linux distributions. However, as most Linux distributions prefer systemd over systemV, it seems better to use just that with the following command:
```
sudo systemctl restart docker
```
For example, on my Linux distribution the service script located at /usr/sbin/service just wraps systemctl, see this excerpt:
```
# When this machine is running systemd, standard service calls are turned into
# systemctl calls.
if [ -n "$is_systemd" ]
then
   UNIT="${SERVICE%.sh}.service"

   case "${ACTION}" in
      restart|status|try-restart)
         exec systemctl $sctl_args ${ACTION} ${UNIT}
      ;;
```
Login or Signup to reply.

- MichaZawadzki
- March 27, 2023 at 4:22 pm
- 0 votes
0
For me, it turned out to be a random WSL 2 issue — running wsl --shutdown and restarting the containers solved it for me.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.