Docker

While running CI jobs through a GitLab Runner, image pulls kept failing with the following error: WARNING: Failed to pull image with policy "always": Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 127.0.0.1:53: read udp 127.0.0.1:51656->127.0.0.1:53: i/o timeout ERROR: Job failed: failed to pull image "docker:28.5.2-dind" with specified policies [always] The host machine’s /etc/resolv.conf had nameserver 127.0.0.1 - a local resolver that only works on the host itself. ...

While on Ubuntu servers, image pulls from Docker Hub kept failing with the following error: Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp [2600:1f18:2148:bc00:c80c:3676:30dd:a616]:443: connect: cannot assign requested address Running ip addr show confirmed the host has no IPv6 addresses on any interface. The server’s network does not route IPv6. The culprit is Docker’s Go runtime. Unlike most system programs, Docker does not use the C library’s getaddrinfo() for DNS - it has its own pure Go resolver. When DNS returns both A and AAAA records for registry-1.docker.io, Go prefers the IPv6 address. The kernel immediately returns EADDRNOTAVAIL because there is no IPv6 source address to bind, and the connection fails before any packet reaches the network. ...

While connected to a client’s VPN, upon installing Docker on one of their server, we lost connection to that server. Initially, we thought some VPN security rules had kicked in. After further investigation, it was brought to our attention that the VPN network range conflicted with the default Docker network range. Based on what had happened, we have updated our installation work flow to the below. Before intalling Docker, mask the Docker service. ...