Looking for help?

Submit a request

Articles in this section

Docker: Unknown Host Errors

Avatar
Justin Gigliotti
Updated
Follow

Background

When you install Docker on your system, it creates a default networking bridge that all containers will use by default. This default bridge uses an IP subnet of 172.17.0.0/16. Seeing as this is at the low end one of the IPv4 Private address ranges (172.16.0.0/12), it has a tendency to overlap with some some corporate subnets. So, if you've ever fired up a container that needs to communicate with an internal corporate address and seen an "Unknown Host" or "Destination Host Unreachable" (or similar) error along the way, that may be the reason why.

You can always take a look at the subnets that the Docker bridge networks are using:

docker network inspect $(docker network ls | awk '$3 == "bridge" { print $1}') | grep Subnet

You will see an output that looks something like this:

"Subnet": "172.17.0.1/16",
"Subnet": "172.18.0.1/16",

The most common case I've seen is trying to build a project using Docker that needs to pull a dependency from a self-hosted service, like Artifactory. With an IP address of '172.17.10.164', for example, you can see that sits in the range of the Docker bridge. When attempting to contact that IP from within the Docker container, the request is going to come up empty because, as far as Docker is concerned, it doesn't have a host at that address.

The Fix

There are two parts to the fix, one for the Docker case and one for the Docker Compose case. Docker allows you to specify the bottom end of the range where it creates subnets from when a new bridge is created. In Docker-for-Mac, this is easiest from the UI. From the Preferences, under the 'Docker Engine' tab, there is a json blob where you can put advanced settings (with a default installation, this is largely empty). Here, you'll want to specify the 'bip' to start in a range that's more suitable:

{
   "bip": "172.20.0.1/16"
}

Note the '.1' as opposed to '.0' here. You're actually using a real IP, otherwise the Docker daemon will fail to start (ask me how I know 😒). 

Docker Compose has slightly different behavior, as there is a default address pool that it is pulling from. The range of this pool also starts with '172.17.0.0/16'. This can be changed in the same json blob we edited above:

{
   "bip": "172.20.0.1/16",
   "default-address-pools": [
     {
       "base": "172.21.0.0/16",
       "size": 24
     }
   ]
}

If for some reason you've hosed your config (syntax error?), don't panic. You can manually make changes to the json file and start up Docker-for-Mac again (e.g. '/Users/jgigliotti/.docker/daemon.json'). 

Once these changes are in place, hit "Apply & Restart" to let the daemon restart with the new settings. When Docker has started successfully, rerun the command above to list the subnets. The default bridge should be updated to reflect the 'bip' setting you added. Any other networks you manually created, or that were created with docker-compose, may still have their old values and need to be recreated to reflect the updated settings. 

Comments

0 comments

Please sign in to leave a comment.