Docker container A is using container C in Network Mode. Container A can’t resolve container B using DNS, but it works when you ping the IP address. I might have a fix.

One container is Gluetun and it is being used as the network for some other containers like Seer. That means you’ve got network_mode: "service:gluetun" set for Seer, and if you want to access it, you gotta go via Gluetun. You’ve also got a third container called Fin, except Fin is in another network called Shared, and it does not use the Gluetun network.

So we’ve got 3 containers (Gluetun, Seer, and Fin) and 3 networks (Shared, and a local network for the containers Gluetun and Fin). Seer uses the Gluetun container as the network to reach out to the internet, and to access any containers on the local-gluetun network. Both the Gluetun and Fin containers sit in the Shared network, but you can’t resolve DNS between them. Your Docker Compose file might look something like this:

services:
  gluetun:
    networks:
      - local-gluetun
      - shared
  seer:
    network_mode: "service:gluetun"
  fin:
    networks:
      - local-fin
      - sharedCopy

If you ping Fin from the Seer container doing something like ping 127.0.0.1, you get the sweet reply like Reply from 127.0.0.1: bytes=32 time=1ms TTL=64. But as soon as you try and ping the container using it’s hostname like ping fin, it can’t resolve. While Gluetun has network connectivity, it can’t resolve the host name.

This post in the Docker forums will solve this problem (Thanks to thedweller for posting and coming back with their own fix - 10/10). In your Gluetun configuration, you need to set the environment variable DNS_ADDRESS to 127.0.0.11 - so your Docker Compose config might look something like this:

services:
  gluetun:
    networks:
      - local-gluetun
      - shared
    environment:
        - DNS_ADDRESS=127.0.0.11
  seer:
    network_mode: "service:gluetun"
  fin:
    networks:
      - local-fin
      - sharedCopy

What we’re doing here, is telling Gluetun to use Docker DNS, instead of Gluetun Unbound DNS. Gluetun Unbound defaults to DOT using Cloudflare (You can find the configuration options here). So we still have network connectivity, but now we’re using Docker DNS which does know about the Fin container and its hostname, and so will resolve it.

The other benefit here is that your VPN provided DNS will also be used. This means we’re not leaking IP addresses to a third party, although in the default configuration you will leak the CloudFlare DNS nodes closest to the exit node of your VPN, not your IP address.

From this Gluetun issues thread, the Gluetun maintainer thinks it’s better to leak the DOT DNS nodes as it avoids putting all your eggs in one basket - I personally disagree and think it’s a better option to route the requests through your trusted VPN provider instead of a third party. Either way, you aren’t leaking your IP address. If you prefer to use a third party, I would recommend avoiding Cloudflare and instead use another provider like Quad9.

References

• https://forums.docker.com/t/container-name-doesnt-resolve-when-using-another-container-as-network-mode/141240
• https://github.com/qdm12/gluetun-wiki/blob/main/setup/inter-containers-networking.md
• https://github.com/qdm12/gluetun/issues/2023