Your container builds fine, starts fine, then fails with Could not resolve host or Temporary failure in name resolution. Here’s how to fix it.

Quick Diagnosis

First, confirm it’s actually DNS and not a network issue:

1
2
3
4
5
6
7
8

# Get a shell in the container
docker exec -it <container_name> sh

# Test DNS specifically
nslookup google.com
# or
cat /etc/resolv.conf
ping 8.8.8.8  # If this works but nslookup fails, it's DNS

If ping 8.8.8.8 works but nslookup google.com fails, you have a DNS problem. If both fail, it’s a broader network issue.

Common Causes and Fixes

1. Missing or Wrong DNS in resolv.conf

Check what DNS servers the container is using:

1

docker exec <container> cat /etc/resolv.conf

If it’s empty or points to 127.0.0.11 (Docker’s embedded DNS) and that’s not working, override it:

1
2
3
4
5
6
7
8
9

# Run with explicit DNS
docker run --dns 8.8.8.8 --dns 8.8.4.4 your-image

# Or in docker-compose.yml
services:
  app:
    dns:
      - 8.8.8.8
      - 8.8.4.4

2. Host’s DNS Breaking Docker’s Bridge Network

Docker’s default bridge network inherits DNS from the host. If your host uses systemd-resolved (common on Ubuntu 18.04+), the container might see 127.0.0.53 in resolv.conf — which doesn’t work inside the container’s network namespace.

Fix Option A: Configure Docker daemon globally:

1
2
3
4

// /etc/docker/daemon.json
{
  "dns": ["8.8.8.8", "8.8.4.4"]
}

Then restart Docker:

1

sudo systemctl restart docker

Fix Option B: Use host networking (if appropriate):

1

docker run --network host your-image

This makes the container share the host’s network stack entirely. DNS works, but you lose network isolation.

3. Firewall Blocking UDP 53

DNS uses UDP port 53. If your host has aggressive firewall rules, Docker’s traffic might be blocked.

Check with:

1
2
3

# On the host
sudo iptables -L -n | grep -i drop
sudo ufw status  # If using UFW

Fix by allowing Docker’s bridge network:

1
2
3
4
5
6
7

# For UFW
sudo ufw allow in on docker0
sudo ufw allow out on docker0

# For iptables directly
sudo iptables -A INPUT -i docker0 -j ACCEPT
sudo iptables -A OUTPUT -o docker0 -j ACCEPT

4. Corporate Proxy or VPN Interference

If you’re behind a corporate proxy or VPN, the container might need explicit proxy config:

1
2
3
4
5

docker run \
  -e HTTP_PROXY=http://proxy.corp:8080 \
  -e HTTPS_PROXY=http://proxy.corp:8080 \
  -e NO_PROXY=localhost,127.0.0.1 \
  your-image

For DNS specifically, your corporate network might require internal DNS servers:

1

docker run --dns 10.0.0.53 your-image  # Your internal DNS

5. Docker Network Corruption

Sometimes Docker’s internal networking state gets corrupted. Nuclear option:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# Stop all containers first
docker stop $(docker ps -q)

# Prune networks
docker network prune -f

# Restart Docker
sudo systemctl restart docker

# Recreate your containers
docker-compose up -d

The Fix That Works 90% of the Time

If you just need it working now:

1

docker run --dns 8.8.8.8 your-image

Or add to your docker-compose.yml:

1
2
3
4
5
6

services:
  app:
    image: your-image
    dns:
      - 8.8.8.8
      - 1.1.1.1

Debugging Script

Save this for future DNS issues:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

#!/bin/bash
# docker-dns-debug.sh

CONTAINER=${1:-$(docker ps -q | head -1)}

echo "=== Container resolv.conf ==="
docker exec $CONTAINER cat /etc/resolv.conf

echo -e "\n=== Testing DNS resolution ==="
docker exec $CONTAINER nslookup google.com 2>&1 || echo "nslookup failed"

echo -e "\n=== Testing raw connectivity ==="
docker exec $CONTAINER ping -c 1 8.8.8.8 2>&1 || echo "ping failed"

echo -e "\n=== Host resolv.conf ==="
cat /etc/resolv.conf

echo -e "\n=== Docker network inspect ==="
docker network inspect bridge | grep -A 5 "IPAM"

Run it with:

1
2

chmod +x docker-dns-debug.sh
./docker-dns-debug.sh my-container

Summary

SymptomLikely CauseFix
resolv.conf emptyDocker DNS not configuredAdd --dns 8.8.8.8
127.0.0.53 in resolv.confsystemd-resolved conflictSet DNS in daemon.json
Ping works, DNS failsFirewall blocking UDP 53Allow docker0 interface
Works on host, not containerNetwork namespace issueTry --network host

DNS issues in Docker are frustrating because they’re silent until runtime. When in doubt, explicit --dns flags are your friend.