[Bug]: DNS not working

[Tazintosh]

I have done the following

• I have searched the existing issues
• If possible, I've reproduced the issue using the 'main' branch of this project

Steps to reproduce

Not applicable.

Problem description

Hi folks,

I've been asked by @katiewasnothere to open a new issue for this, so here I am.
Since I'm using Apple Container (maybe 6 months), I never had the chance to get the DNS working. At best, it worked randomly not for long.
I'll paste it my previous messages.

• I've set up a DNS (tested twice both with Orchard GUI and command line)
• DNS is "cont"
• "cont" is set as default DNS
• container have been stop && start
• All my containers have now DNS like "hotline.cont"

Issue: ping containerName.cont from the host sometimes works, most of the time not.

ping hotline.cont
ping: cannot resolve hotline.cont: Unknown host

I've tried:

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder; sleep 2;

--> This does not necessarily help. Doing so could make some containers to answer ping while other are still not.

Following @jglogan questions, I've run the following test:

I'm seeing this under "DNS Configuration" (not under "DNS configuration (for scoped queries)"

resolver #8
  domain   : cont
  search domain[0] : cont
  nameserver[0] : 127.0.0.1
  port     : 2053
  flags    : Request A records, Request AAAA records
  reach    : 0x00030002 (Reachable,Local Address,Directly Reachable Address)

Then:

someuser@server / % cat /etc/resolver/containerization.cont
domain cont
search cont
nameserver 127.0.0.1
port 2053%       

Finally:

sudo lsof -i :53
COMMAND   PID           USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
mDNSRespo 229 _mdnsresponder   43u  IPv4 0x5f33a6a3de94a4df      0t0  UDP *:domain
mDNSRespo 229 _mdnsresponder   49u  IPv6 0x616fc247567ec376      0t0  UDP *:domain
mDNSRespo 229 _mdnsresponder   50u  IPv4 0x1c0e209ca670818d      0t0  TCP *:domain (LISTEN)
mDNSRespo 229 _mdnsresponder   72u  IPv6 0x1c3461e474ed7309      0t0  TCP *:domain (LISTEN)

Ping still not resolving.

As for sudo lsof -i :2053

COMMAND     PID           USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
container 37587 someuser   12u  IPv4 0x5073de1ed066b2f1      0t0  UDP localhost:lot105-ds-upd

All my container's DNS seems to resolve at the moment… It's good but I've no idea why.
BTW, when I ping each of them one after each other, one did not resolve at first, and when I tried a second time after about a minute, it did…
Anyway, I've the feeling the next time I'll start a container, all of this won't work anymore.
I was right (kind of). Less than 10s after successfully testing again pinging my DNS after this post, nothing was resolving anymore. But contrary to my feeling, it was even without a single action from me in between BTW.

Last test was to delete / recreate the DNS without luck, as proposed here by @SeniorPlayer : #856 (comment)
But he just answered that I might have to also create a new network, which I've not yet tested.

Environment

- OS: 26.5
- Xcode: 26.5
- Container: 0.12.3

Code of Conduct

• I agree to follow this project's Code of Conduct

[boycoffe]

Tomorrow value key what time 12.01 close

[Tazintosh]

Tomorrow value key what time 12.01 close

Sorry for my english, but I'll need another formulation here. What does that mean?

[GarySkywalker-droid]

Tomorrow value key what time 12.01 close

Sorry for my english, but I'll need another formulation here. What does that mean?

hey there, would you be able to test the fix I proposed?

thanks!!

[Tazintosh]

I would love to @GarySkywalker-droid but I've always used the signed installer package.
How to proceed for your commit?

[GarySkywalker-droid]

I would love to @GarySkywalker-droid but I've always used the signed installer package.
How to proceed for your commit?

Ah I see well you will have to build from source using the make well it is little more involved I guess though changes I did was not too many just removed async from one of the methods.

[katiewasnothere]

Hi @Tazintosh, what happens if you run dig @127.0.0.1 -p 2053 hotline.cont when your hotline container is in a state where ping fails to resolve the host?

[samimb]

I was following the documentation over at: https://github.com/apple/container/blob/main/docs/tutorials/start-here.md

Seems there are related inter container DNS issues out of the box.

$ cat Dockerfile-tmp
FROM docker.io/python:alpine
WORKDIR /content
RUN apk add curl
RUN echo '<!DOCTYPE html><html><head><title>Hello</title></head><body><h1>Hello, world!</h1></body></html>' > index.html
CMD ["python3", "-m", "http.server", "80", "--bind", "0.0.0.0"]%

$ container build -t test:latest -f Dockerfile-tmp .
[+] Building 23.0s (6/7)
 => [resolver] fetching image...docker.io/library/python:alpine                                                                                                                                       0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                  0.0s
 => => transferring dockerfile: 2B                                                                                                                                                                    0.0s
 => [internal] load .dockerignore                                                                                                                                                                     0.0s
 => => transferring context: 2B                                                                                                                                                                       0.0s
 => oci-layout://docker.io/library/python:alpine@sha256:003970a263347645cd23d4f90929ad16ba7ce7d808ee4674ffcc93cb21cc289f                                                                              0.4s
 => => resolve docker.io/library/python:alpine@sha256:003970a263347645cd23d4f90929ad16ba7ce7d808ee4674ffcc93cb21cc289f                                                                                0.1s
 => => sha256:1bb1ccab428b36ca428127b947386ea0aff8ebaad56fc8c52a3faf4e0c7eb5da 249B / 249B                                                                                                            0.0s
 => => sha256:1cc8dfdfd188b84171356897baf7acc78b25f2c328cbf9ce6aa60b82c0d627cc 457.75kB / 457.75kB                                                                                                    0.0s
 => => extracting sha256:1cc8dfdfd188b84171356897baf7acc78b25f2c328cbf9ce6aa60b82c0d627cc                                                                                                             0.0s
 => => sha256:a9d566c3bb00e87ede4c5a8ee74622d86f79a89aa93b1d0592c156b9dfb5cd4b 16.46MB / 16.46MB                                                                                                      0.1s
 => => extracting sha256:a9d566c3bb00e87ede4c5a8ee74622d86f79a89aa93b1d0592c156b9dfb5cd4b                                                                                                             0.2s
 => => extracting sha256:1bb1ccab428b36ca428127b947386ea0aff8ebaad56fc8c52a3faf4e0c7eb5da                                                                                                             0.0s
 => [linux/arm64/v8 1/4] WORKDIR /content                                                                                                                                                             0.1s
 => ERROR [linux/arm64 2/4] RUN apk add curl                                                                                                                                                         10.1s
------
 > [linux/arm64 2/4] RUN apk add curl:
5.040 WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.24/main/aarch64/APKINDEX.tar.gz: DNS: transient error (try again later)
10.05 WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.24/community/aarch64/APKINDEX.tar.gz: DNS: transient error (try again later)
10.05 ERROR: unable to select packages:
10.05   curl (no such package):
10.05     required by: world[curl]
------
Error: unknown: "failed to solve: process "/bin/sh -c apk add curl" did not complete successfully: exit code: 1"

This is on the latest signed release

$ container --version
container CLI version 1.0.0 (build: release, commit: ee848e3)

[Tazintosh]

Hi @Tazintosh, what happens if you run dig @127.0.0.1 -p 2053 hotline.cont when your hotline container is in a state where ping fails to resolve the host?

myAdmin@server ~ % dig @127.0.0.1 -p 2053

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 2053
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22116
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.				IN	NS

;; Query time: 4 msec
;; SERVER: 127.0.0.1#2053(127.0.0.1)
;; WHEN: Fri Jun 12 09:04:45 CEST 2026
;; MSG SIZE  rcvd: 17

[GarySkywalker-droid]

Hi @Tazintosh, what happens if you run dig @127.0.0.1 -p 2053 hotline.cont when your hotline container is in a state where ping fails to resolve the host?

myAdmin@server ~ % dig @127.0.0.1 -p 2053

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 2053
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22116
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.				IN	NS

;; Query time: 4 msec
;; SERVER: 127.0.0.1#2053(127.0.0.1)
;; WHEN: Fri Jun 12 09:04:45 CEST 2026
;; MSG SIZE  rcvd: 17

hey, you didn't add in the hotline.cont or any other you had in the end

[Tazintosh]

Oh boy, so sorry

myAdmin@server ~ % dig @127.0.0.1 -p 2053 hotline.cont

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 2053 hotline.cont
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51689
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hotline.cont.			IN	A

;; Query time: 3 msec
;; SERVER: 127.0.0.1#2053(127.0.0.1)
;; WHEN: Sat Jun 13 00:05:20 CEST 2026
;; MSG SIZE  rcvd: 30