DCNAContainer DNS & Service Discovery

Container DNS & Service Discovery

Docker's embedded DNS server enables containers to discover each other by name.

Embedded DNS Server

On user-defined networks, Docker runs an embedded DNS server at 127.0.0.11:53 inside each container's network namespace.

docker run --rm --network my-net alpine cat /etc/resolv.conf
# nameserver 127.0.0.11
# options ndots:0

The resolver at 127.0.0.11 intercepts DNS queries and resolves:

  • Container names on the same network
  • Network aliases
  • Service names (Swarm)

The default bridge (docker0) does NOT have embedded DNS. Containers on the default bridge use the host's DNS and can only reach each other by IP.

Container Name Resolution

docker network create demo
docker run -d --name web --network demo nginx
docker run -d --name db --network demo postgres

# From web, resolve db:
docker exec web ping db        # resolves to db's container IP
docker exec web nslookup db    # 127.0.0.11 answers

Network Aliases

A container can have multiple DNS names on a network:

docker run -d \
  --name primary-db \
  --network demo \
  --network-alias database \
  --network-alias db \
  postgres

# Both 'database' and 'db' resolve to this container
docker exec web ping database  # works
docker exec web ping db        # works

Aliases for High Availability

Multiple containers with the same alias — Docker returns all their IPs (round-robin DNS):

docker run -d --name replica1 --network demo --network-alias db-read postgres
docker run -d --name replica2 --network demo --network-alias db-read postgres

# nslookup db-read returns both IPs
docker exec web nslookup db-read

Docker Compose Service Discovery

In Compose, each service name is automatically registered as a DNS alias:

services:
  web:
    image: nginx
    # can resolve 'api' and 'redis' by name

  api:
    image: myapi
    environment:
      DATABASE_URL: postgres://db:5432/mydb

  db:
    image: postgres

  redis:
    image: redis

All services share a default network. The service name is the DNS name.

DNS Resolution Flow

Container query: "db"
    │
    ▼
127.0.0.11:53 (Docker embedded DNS)
    │
    ├── Known container/alias? → return container IP
    │
    └── Unknown → forward to host DNS (/etc/resolv.conf upstream)

Custom DNS Configuration

docker run --dns 8.8.8.8 --dns-search mycompany.internal nginx

Or globally in /etc/docker/daemon.json:

{
  "dns": ["8.8.8.8", "8.8.4.4"],
  "dns-search": ["mycompany.internal"]
}

Summary

  • User-defined networks enable automatic DNS via 127.0.0.11
  • The default bridge does not support DNS — use user-defined bridges
  • Network aliases let multiple names point to one container
  • Multiple containers sharing an alias get round-robin DNS
  • Docker Compose automatically creates a shared network with DNS
Network DriversOverlay Networks & Docker Swarm