Search code examples
dockerdocker-for-windowsdocker-networkwindows-container

Windows Container unable to access internet

Running Windows-based containers I am unable to access the internet from within. Example:

From my host machine I can run the following command:

PS C:\Developer> nslookup aka.ms
Server:  cache100.ns.tdc.net
Address:  193.162.153.164

Non-authoritative answer:
Name:    aka.ms
Address:  88.221.62.148

When I try to do this from inside a container:

PS C:\Developer> docker run mcr.microsoft.com/dotnet/framework/runtime:4.8-windowsservercore-ltsc2019 powershell nslookup aka.ms
*** UnKnown can't find aka.ms: Server failed
Server:  UnKnown
Address:  172.28.112.1

While I am not specifically interested in aka.ms, this error happens for all services I try to connect to, so I am not able to install external libraries, etc.

I am running Docker Desktop v19.03.12. The behaviour occurs regardless of whether I have WSL 2 enabled or not, and my Docker setup is all defaults.

Note: I have some time ago experienced this behaviour. Back then I added the following snippet to my Dockerfile:

RUN powershell -command certutil -generateSSTFromWU roots.sst && certutil -addstore -f root roots.sst && del roots.sst

To my understanding this would install an SSH certificate, which solved the issue. This command, however, now fails:

PS C:\> certutil -generateSSTFromWU roots.sst
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) -- http://ctldl.windowsupdate.com/msdownload/update/v3/static/truste
dr/en/authrootstl.cab
CertUtil: -generateSSTFromWU command FAILED: 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
CertUtil: The server name or address could not be resolved
Solution

  • I tested this out on a basic server core image and I got it worked with adding DNS settings.

    I connected to the container interactively to test this, but you can probably add the command to a DockerFile too.

    docker run -it container powershell

    Type netsh to start network configuration
    First we look up the network we want to change
    ( in my case "Ethernet 2")
    Then we add an static DNS server to this interface

    interface ip show config  
interface ipv4 set dns name="Ehternet 2" static 8.8.8.8  
exit

    nslookup aka.ms

    S C:\> nslookup aka.ms
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    aka.ms
Address:  23.38.17.26

    Reference Docker Networking
    Reference howto