ISSUE: docker container can't resolve ip address

# ISSUE: docker container can't resolve ip address ###### tags: `By_Ivan` :::info In short, this issue occurs due to the firewall blocking docker0 interface. By default ::: **Issue description:** When attempting to update apt inside a docker container, apt failed to resolve some address. :::spoiler error message: ```bash root@ec77fda168e5:/# apt update Err:1 http://security.ubuntu.com/ubuntu focal-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:2 http://archive.ubuntu.com/ubuntu focal InRelease Temporary failure resolving 'archive.ubuntu.com' Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease Temporary failure resolving 'archive.ubuntu.com' Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease Temporary failure resolving 'archive.ubuntu.com' Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. ``` ::: **Solving:** [reference](https://serverfault.com/questions/1023373/no-route-to-dns-server-from-docker-container) 1. create a busybox container for testing ```bash docker pull busybox ``` 2. ping 8.8.8.8 success, but using nameserver 8.8.8.8 does not fix ```bash docker run -it --name test --rm busybox # inside testing container root@:/# ping 8.8.8.8 # ... success # ctl+D docker run -it --name test --rm --dns 8.8.8.8 busybox # rebuild with dns root@:/# apt-get update # ... failed, same error message ``` 3. nslookup shows DNS No route to host ```bash docker run -it --name test --rm busybox root@:/# nslookup google.com nslookup: write to '<localDNS>': No route to host ;; connection timed out; no servers could be reached docker run -it --name test --rm --dns 8.8.8.8 busybox root@:/# nslookup google.com nslookup: write to '8.8.8.8': No route to host ;; connection timed out; no servers could be reached ``` which indicates that docker0 is blocked by firewall **Solution:** give authentication to the interface ```bash sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0 sudo firewall-cmd --reload # reload the firewall rules ```