Score:0

Why does api.nuget.org not resolve within my docker-compose devcontainer?

ru flag

I am running Windows Subsystem for Linux v2 with Ubuntu 20.04. Within my WSL I am running a VS Code dev container based on the docker-from-docker-compose container. From within my dev container I cannot resolve api.nuget.org, but everywhere else it works fine. I can also ping other domains within my dev container, it's just this one that fails. I am pretty much a beginner when it comes to networking, so I am looking for some help of how to debug this. I have done a lot of reading over the past day to try to narrow down the issue and I have just come up with more questions. Here are some of the things I've looked at:

  • There were a lot of solutions discussed on this GitHub issue, but none of them work for me
  • I've tried querying with various command line tools such as dig, nslookup, host...here's where things get kind of weird: When I run dig +trace api.nuget.org from my WSL bash shell I get this:
$ dig +trace api.nuget.org

; <<>> DiG 9.16.1-Ubuntu <<>> +trace api.nuget.org
;; global options: +cmd
.                       165287  IN      NS      g.root-servers.net.
.                       165287  IN      NS      h.root-servers.net.
.                       165287  IN      NS      a.root-servers.net.
.                       165287  IN      NS      i.root-servers.net.
.                       165287  IN      NS      j.root-servers.net.
.                       165287  IN      NS      k.root-servers.net.
.                       165287  IN      NS      l.root-servers.net.
.                       165287  IN      NS      m.root-servers.net.
.                       165287  IN      NS      b.root-servers.net.
.                       165287  IN      NS      c.root-servers.net.
.                       165287  IN      NS      d.root-servers.net.
.                       165287  IN      NS      e.root-servers.net.
.                       165287  IN      NS      f.root-servers.net.
;; Received 811 bytes from 172.24.176.1#53(172.24.176.1) in 20 ms

org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
org.                    86400   IN      DS      26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org.                    86400   IN      RRSIG   DS 8 1 86400 20220608050000 20220526040000 47671 . DcP0H0m+uUbKqzYeO8vmGSeU4Ax1AzmdFTBvZl2PmrbkwFLoZTIP79Jn e4S4IIw9zAb2ZBwg5MOC634Q02HJW9znOMPclnT3T0OYbxQZumUZhcJK 3hw2Nf0fuYCzDgau72J8kXQU10CYgpRfY0chh21L11yaWn7m9Allwv9a fn2+FU6O6JhvHW8N+bOjVocqwLsPoUwqTSV/YtxAqKR00fAwaNhUT2lx BFdd3aZpYqNnypcYb96kVCX9eF81z53Bu8hOZDzr7p5IazzF+qFxGB1u G0Pi+WPFR5qOYu0d+7kHQ5HDnraDD7QEGX5kx5RmO7r1lKIX8DYiYAjt IPN3+w==
;; Received 779 bytes from 192.58.128.30#53(j.root-servers.net) in 80 ms

nuget.org.              86400   IN      NS      ns4-205.azure-dns.info.
nuget.org.              86400   IN      NS      ns1-205.azure-dns.com.
nuget.org.              86400   IN      NS      ns2-205.azure-dns.net.
nuget.org.              86400   IN      NS      ns3-205.azure-dns.org.
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A 1I87R64GAJU4O91MHKBU7I9EKBS7K8UT NS SOA RRSIG DNSKEY NSEC3PARAM
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN RRSIG NSEC3 8 2 86400 20220616154216 20220526144216 15843 org. juD6urMvH8mrHHkmAX7sFcQOs3ffqjJ2m5TppBSxCMFlSCHOEyEQT/Hg KpqL3TeoLBmvUi89Z3xSH78EQZGcWXNW5Rq2j5fIRNDMt9t2ePjftEPC 2lIiR4CkHgSGjTlfvaHvnCGUVJ2oXTEtu4Jgjh7Mm3GYXn9dqszel1wA 4BI=
pnnnukt76t98parmvalihebtso9erf6p.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A PNNSJA6RL8J0AOQQ1NMHT3IUVLTC4CEN NS DS RRSIG
pnnnukt76t98parmvalihebtso9erf6p.org. 86400 IN RRSIG NSEC3 8 2 86400 20220615152234 20220525142234 15843 org. rjaBgwKLles40lIIDm+K3iN49tFJ5gFRMLW5WMAjzN9dMDFj/Hribwxi ZMmt6L1GOgDxwBEA9SX0TVQb9RbGztyoeEiIIMytcx4dah5QnuaSKTOg cVCv+U6G6Hvix8+/yE1vSbDKcE8/RvDI2L8v0s+Ve0/oNd195Mb/9LoI mZw=
;; Received 697 bytes from 199.19.54.1#53(b0.org.afilias-nst.org) in 210 ms

api.nuget.org.          300     IN      CNAME   nugetapiprod.trafficmanager.net.
;; Received 87 bytes from 13.107.24.205#53(ns3-205.azure-dns.org) in 50 ms

This is almost identical to what I get when I run it inside my dev container:

$ dig +trace api.nuget.org

; <<>> DiG 9.16.1-Ubuntu <<>> +trace api.nuget.org
;; global options: +cmd
.                       165234  IN      NS      k.root-servers.net.
.                       165234  IN      NS      l.root-servers.net.
.                       165234  IN      NS      m.root-servers.net.
.                       165234  IN      NS      b.root-servers.net.
.                       165234  IN      NS      c.root-servers.net.
.                       165234  IN      NS      d.root-servers.net.
.                       165234  IN      NS      e.root-servers.net.
.                       165234  IN      NS      f.root-servers.net.
.                       165234  IN      NS      g.root-servers.net.
.                       165234  IN      NS      h.root-servers.net.
.                       165234  IN      NS      a.root-servers.net.
.                       165234  IN      NS      i.root-servers.net.
.                       165234  IN      NS      j.root-servers.net.
;; Received 811 bytes from 127.0.0.11#53(127.0.0.11) in 20 ms

org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
org.                    86400   IN      DS      26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org.                    86400   IN      RRSIG   DS 8 1 86400 20220608050000 20220526040000 47671 . DcP0H0m+uUbKqzYeO8vmGSeU4Ax1AzmdFTBvZl2PmrbkwFLoZTIP79Jn e4S4IIw9zAb2ZBwg5MOC634Q02HJW9znOMPclnT3T0OYbxQZumUZhcJK 3hw2Nf0fuYCzDgau72J8kXQU10CYgpRfY0chh21L11yaWn7m9Allwv9a fn2+FU6O6JhvHW8N+bOjVocqwLsPoUwqTSV/YtxAqKR00fAwaNhUT2lx BFdd3aZpYqNnypcYb96kVCX9eF81z53Bu8hOZDzr7p5IazzF+qFxGB1u G0Pi+WPFR5qOYu0d+7kHQ5HDnraDD7QEGX5kx5RmO7r1lKIX8DYiYAjt IPN3+w==
;; Received 779 bytes from 192.5.5.241#53(f.root-servers.net) in 20 ms

nuget.org.              86400   IN      NS      ns1-205.azure-dns.com.
nuget.org.              86400   IN      NS      ns4-205.azure-dns.info.
nuget.org.              86400   IN      NS      ns2-205.azure-dns.net.
nuget.org.              86400   IN      NS      ns3-205.azure-dns.org.
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A 1I87R64GAJU4O91MHKBU7I9EKBS7K8UT NS SOA RRSIG DNSKEY NSEC3PARAM
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN RRSIG NSEC3 8 2 86400 20220616154354 20220526144354 15843 org. J6jAHAorvmIVRWSZ0ew21ooNKkUhCsaMowR5qs+1uqJeCVAZEESSP9RW r7UiYCxXctu2dYIu2QRhypmvhIy4Ek3NXyOrIw3Cc8Ie3ndmG6wp+Ny3 T/IB7KolSZk755VzJd13dmbPSyzeifpdW92h8mCUPJU1RQeffDSciaIQ Ok8=
pnnnukt76t98parmvalihebtso9erf6p.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A PNNSJA6RL8J0AOQQ1NMHT3IUVLTC4CEN NS DS RRSIG
pnnnukt76t98parmvalihebtso9erf6p.org. 86400 IN RRSIG NSEC3 8 2 86400 20220615152234 20220525142234 15843 org. rjaBgwKLles40lIIDm+K3iN49tFJ5gFRMLW5WMAjzN9dMDFj/Hribwxi ZMmt6L1GOgDxwBEA9SX0TVQb9RbGztyoeEiIIMytcx4dah5QnuaSKTOg cVCv+U6G6Hvix8+/yE1vSbDKcE8/RvDI2L8v0s+Ve0/oNd195Mb/9LoI mZw=
;; Received 697 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 190 ms

api.nuget.org.          300     IN      CNAME   nugetapiprod.trafficmanager.net.
;; Received 87 bytes from 40.90.4.205#53(ns1-205.azure-dns.com) in 50 ms

However, when I run nslookup -debug api.nuget.org in my WSL I get this:

$ nslookup -debug api.nuget.org
Server:         172.24.176.1
Address:        172.24.176.1#53

------------
    QUESTIONS:
        api.nuget.org, type = A, class = IN
    ANSWERS:
    ->  api.nuget.org
        canonical name = nugetapiprod.trafficmanager.net.
        ttl = 0
    ->  nugetapiprod.trafficmanager.net
        canonical name = apiprod-mscdn.azureedge.net.
        ttl = 0
    ->  apiprod-mscdn.azureedge.net
        canonical name = apiprod-mscdn.afd.azureedge.net.
        ttl = 0
    ->  apiprod-mscdn.afd.azureedge.net
        canonical name = star-azureedge-prod.trafficmanager.net.
        ttl = 0
    ->  star-azureedge-prod.trafficmanager.net
        canonical name = dual.part-0043.t-0009.t-msedge.net.
        ttl = 0
    ->  dual.part-0043.t-0009.t-msedge.net
        canonical name = part-0043.t-0009.t-msedge.net.
        ttl = 0
    ->  part-0043.t-0009.t-msedge.net
        internet address = 13.107.213.71
        ttl = 0
    ->  part-0043.t-0009.t-msedge.net
        internet address = 13.107.246.71
        ttl = 0
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
api.nuget.org   canonical name = nugetapiprod.trafficmanager.net.
nugetapiprod.trafficmanager.net canonical name = apiprod-mscdn.azureedge.net.
apiprod-mscdn.azureedge.net     canonical name = apiprod-mscdn.afd.azureedge.net.
apiprod-mscdn.afd.azureedge.net canonical name = star-azureedge-prod.trafficmanager.net.
star-azureedge-prod.trafficmanager.net  canonical name = dual.part-0043.t-0009.t-msedge.net.
dual.part-0043.t-0009.t-msedge.net      canonical name = part-0043.t-0009.t-msedge.net.
Name:   part-0043.t-0009.t-msedge.net
Address: 13.107.213.71
Name:   part-0043.t-0009.t-msedge.net
Address: 13.107.246.71
------------
    QUESTIONS:
        part-0043.t-0009.t-msedge.net, type = AAAA, class = IN
    ANSWERS:
    ->  part-0043.t-0009.t-msedge.net
        has AAAA address 2620:1ec:46::71
        ttl = 0
    ->  part-0043.t-0009.t-msedge.net
        has AAAA address 2620:1ec:bdf::71
        ttl = 0
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Name:   part-0043.t-0009.t-msedge.net
Address: 2620:1ec:46::71
Name:   part-0043.t-0009.t-msedge.net
Address: 2620:1ec:bdf::71

Whereas this is what I get from within the dev container:

$ nslookup -debug api.nuget.org
Server:         127.0.0.11
Address:        127.0.0.11#53

------------
    QUESTIONS:
        api.nuget.org, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
------------
    QUESTIONS:
        api.nuget.org, type = AAAA, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
*** Can't find api.nuget.org: No answer
  • The only difference in /etc/nsswitch.conf between my WSL and my dev container is the systemd entries, but it looks like this:
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
  • This is /etc/hosts on my WSL:
$ cat /etc/hosts
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateHosts = false
127.0.0.1       localhost
127.0.1.1       <REDACTED - computer name>

74.121.<REDACTED>   <REDACTED - corporate server>
192.168.0.170   host.docker.internal
192.168.0.170   gateway.docker.internal
127.0.0.1       kubernetes.docker.internal

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

and this is my /etc/hosts in my dev container:

$ cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.19.0.2      1376e18baa2d
  • This is my /etc/resolv.conf on my WSL:
$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.24.176.1

and this is my /etc/resolv.conf on my dev container:

$ cat /etc/resolv.conf 
nameserver 127.0.0.11
options ndots:0
  • As mentioned, I can resolve other domains such as google.com on my dev container:
$ dig +trace google.com

; <<>> DiG 9.16.1-Ubuntu <<>> +trace google.com
;; global options: +cmd
.                       164561  IN      NS      d.root-servers.net.
.                       164561  IN      NS      e.root-servers.net.
.                       164561  IN      NS      f.root-servers.net.
.                       164561  IN      NS      g.root-servers.net.
.                       164561  IN      NS      h.root-servers.net.
.                       164561  IN      NS      a.root-servers.net.
.                       164561  IN      NS      i.root-servers.net.
.                       164561  IN      NS      j.root-servers.net.
.                       164561  IN      NS      k.root-servers.net.
.                       164561  IN      NS      l.root-servers.net.
.                       164561  IN      NS      m.root-servers.net.
.                       164561  IN      NS      b.root-servers.net.
.                       164561  IN      NS      c.root-servers.net.
;; Received 811 bytes from 127.0.0.11#53(127.0.0.11) in 20 ms

com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.                    86400   IN      RRSIG   DS 8 1 86400 20220608050000 20220526040000 47671 . U/z96yxHnZx3nwEda11jaJom4DJC7fOBt4zsn8fC5ep60RfzAwMj1q8Y 4E4jRlSI28vFuiamNG2uuMAPO/lEUUYuHtYtNsHXnzBKcaDDVK1B3wCA VzEKAQwfh9knPSaD9vCRFfi7nGJWALJbKO3488gz1uBywWu7YQPDDfPp FB/whBsl7/yQihidbbNTbCfQ/oAd88bAq1eFt9tGSL6Wyf0jwp1aeWMd DuM+HcLjyR/7rtBa4YCKob3XniEn+NoavFuikKFJU1Nie1V83ZRU1Xcs OevXYQgT53P857tldjpEM/Lyp70+XgFMJXLoPCe0MfsMqoabiuIiDxyQ vUA5Mg==
;; Received 1170 bytes from 192.203.230.10#53(e.root-servers.net) in 20 ms

google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20220530082513 20220523071513 37269 com. rGFmb7KWfFWLa2wdegU/hcqoDHxSKwJUkbj6DMSYfkHrwKot/T2EROZQ RF5KJtD3Ae6u7xRPIqGft5rvKOPQD40klXtYrMmMv23rCwXaHjGkdtez HLFl8//cjwFArN7MQZlUdGqDiFDHRIFP7gj9vJ/f+E9wrZs5zmsGy/We J+5hwjAyDh+GDCvNxTnJcmsRGOVJsdPmSlL7KrTiWOMRBA==
S84BKCIBC38P58340AKVNFN5KR9O59QC.com. 86400 IN NSEC3 1 1 0 - S84BUO64GQCVN69RJFUO6LVC7FSLUNJ5 NS DS RRSIG
S84BKCIBC38P58340AKVNFN5KR9O59QC.com. 86400 IN RRSIG NSEC3 8 2 86400 20220601051858 20220525040858 37269 com. hM5qmz0t0spOwBlaXh4fROrcKNjN3urcmJ3AnAA/NCMGyMJEOKS/r+LF R3Qf3hNRB6dgCN0sL3LAfH9QDMHPbLhfgsga1jBCEjP25fvjb7QW43ey yVOSeQzBaVFdV86vhalBhkANzDNXtsnaSGuWVAbsGcXjalBa3EhcXAE2 Fnlvzyu+nRavl0R6iJEjY2hV1kJxXSJ+RWOw/HVlSWvgWQ==
;; Received 836 bytes from 192.12.94.30#53(e.gtld-servers.net) in 30 ms

google.com.             300     IN      A       142.250.68.14
;; Received 55 bytes from 216.239.38.10#53(ns4.google.com) in 80 ms
  • When I run the same dev container from Docker for Windows using Hyper-V driver (i.e. not from WSL docker) the api.nuget.org domain resolves just fine. In addition, when I run the docker-for-docker dev container from the same repo in my WSL docker everything works fine. Finally, (and this one is relatively obvious) if I set up my docker-compose network to use "host" network mode everything works fine.

Sorry for the long post, just want to provide as much info as possible. Any help on what to investigate next would be much appreciated!

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.