Name resolution in docker networks

I'm currently getting sane about an issue in docker on openmediavault and I can't find any solution by myself.

Please allow me to describe the issue in some words: When creating docker container for the document management systems paperless-ng the webserver-container is unable to resolve the other containers. I tried to setup that stuff with docker compose, following the installation guide.

After creating the container with the docker-compose up -d command, the webserver-container states could not translate host name "db" to address: Temporary failure in name resolution and even the db-container is in state could not resolve "localhost": Temporary failure in name resolution.

It seems like my docker installation doesn't allow any dns-lookups at all for container in a bridge network and I have no idea why. Do anyone know about any incompatibility between portainer and docker-compose? Or does anyone have an idea where to dig into that issue? I'm googling around for a couple of days but unfortunately, I'm obviously not hitting the right search string...

I've had a comparable problem while testing a mayan edms docker instance: The instance was running fine but was unable to resolve the mayan-homepage for it's integrated update check mechanism. In the meanwhile my portainer and a watchtower instance are running fine on the system bridge network and at least watchtower is able to lookup hosts in the internet as it sends mail and pulls new images as it should.

Before I throw away my current setup and start with a clean install I'd like to send an SOS to the community: Has anyone an idea where to look for the root cause?

Thanks for your answer and I think I got your point.

But as far as I understand the docker-compose docs, a default network is created automatically as described in the first lines of the docs:

Zitat

By default Compose sets up a single network for your app. Each container for a service joins the default network and is both reachable by other containers on that network, and discoverable by them at a hostname identical to the container name.

What I don't understand: Is there any configuration inside docker that prevents docker containers in the same network to reach each other? Let's call it a docker "firewall" setting or something similar? I have no clue where this could make sense but this could explain my issues. Is there another reason why a container will not be able to reach another? In "real life" basic network troubleshooting you would first look for layer 1 which is indisputably present here. Layer 2 and Layer 3 is not clear to me, maybe a container has no ip address in that particular network? But what could prevent that? At least the db container I'd like to reach is connected to the newly created network and has an ip address (I checked this in the Portainer gui) and so should be reachable by the webserver container. But again: Why could the db container not resolve itself via localhost?

It looks like I messed up DNS for all newly created containers but have no idea where to check this.

Any help is highly appreciated

I just tried it with another dockerized project (teedy) which runs quiet fine when using the onboard database but will not work at all if I use it with a dedicated database container... I assume this is an lookup/reachability issue as well.

Zitat von Agricola

If I understand your situation/question:

Two containers deployed from one yml file will place them on the same (custom) network. Deploying them separately in their own yml file will put them on different networks. In Portainer there is a Network tab that will allow you to join them onto the same network. I haven’t done this myself so I don’t know details. Hope this helps.

What you told is quiet right but isn't exactly my issue. Please forgive me if I didn't explain that in round terms. Allow me to try that again: When I deploy a new project - let's take paperless-ng as an example as it is very simple one. It consists of three containers (one database container, one redis container, one app container), a new custom network (called paperless_default) is created automatically and all container are placed in that network.

As far as I understand the docs, all containers in the same network are allowed to lookup all other containers in the same network by their respective name defined in the corresponding yml file that was used to create the containers (and the network).

In fact, even this basic lookup inside this docker network doesn't work for me (as well as lookup of public hostnames in the internet but this is another step and not yet necessary at that point). Do you have any idea what could cause this lookup failure?

Well, this is very easy as I try to set it up with the default yml file (have to change the web port as 8000 is already in use by portainer):

version: "3.4"
services:
  broker:
    image: redis:6.0
    restart: always

  db:
    image: postgres:13
    restart: always
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: paperless
      POSTGRES_USER: paperless
      POSTGRES_PASSWORD: paperless

  webserver:
    image: jonaswinkler/paperless-ng:0.9.11
    restart: always
    depends_on:
      - db
      - broker
    ports:
      - 8888:8000
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000"]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
      - export:/usr/src/paperless/export
      - consume:/usr/src/paperless/consume
    env_file: docker-compose.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_DBHOST: db


volumes:
  data:
  media:
  pgdata:

In the network tab, all three containers are connected to the paperless_default network as expected.