TL;DR: The Quick Fix
Stuck and need a fix right now? Start with a quick sanity check by restarting the Docker service. This simple step often clears out hung network interfaces or stale routing tables:
sudo systemctl restart docker
If that fails, you can force a container to use a specific DNS server. This bypasses the host's configuration entirely and helps you determine if the issue is global or local:
docker run --dns 8.8.8.8 alpine ping -c 4 google.com
What's Actually Going Wrong?
Seeing curl: (6) Could not resolve host means your container is shouting into a void. It has a network connection, but it can't find the phonebook (DNS) to turn "google.com" into an IP address like 142.250.190.46. This breakdown usually stems from three specific areas:
- Blocked IP Forwarding: Your Linux kernel is refusing to pass traffic from the virtual Docker bridge to your physical network card.
- DNS Loopback Issues: Docker is trying to use
127.0.0.53(a local Ubuntu address) inside a container where that address doesn't exist. - Subnet Collisions: Docker’s default IP range is clashing with your office Wi-Fi or a VPN.
Step-by-Step Fixes
1. Enable IPv4 Forwarding
Think of IP forwarding as the bridge between your container's private island and the mainland internet. If this is turned off, containers can talk to each other, but they can't reach the outside world. Many hardened Linux distributions disable this by default for security.
First, check your current status:
sysctl net.ipv4.ip_forward
If the output is 0, forwarding is disabled. To fix this, open /etc/sysctl.conf with root privileges:
sudo nano /etc/sysctl.conf
Look for the line net.ipv4.ip_forward=1. Remove the # at the start to uncomment it. If the line isn't there, just add it to the bottom of the file. Save and apply the changes immediately:
sudo sysctl -p
Don't forget to restart Docker after making this change.
2. Hardcode a Reliable DNS in Docker
Docker usually copies /etc/resolv.conf from your host. However, modern distros like Ubuntu use systemd-resolved, which points to a local loopback IP (127.0.0.53). Containers can't reach this address. When Docker detects this, it defaults to Google's 8.8.8.8. If your corporate firewall blocks external DNS, your container goes blind.
You can set a global DNS for all containers by editing the daemon configuration:
sudo nano /etc/docker/daemon.json
Insert these lines. I recommend using a mix of Cloudflare and Google for redundancy:
{
"dns": ["1.1.1.1", "8.8.8.8"]
}
Restart the daemon to pick up the new settings:
sudo systemctl restart docker
3. Resolve Network Subnet Conflicts
Docker typically grabs the 172.17.0.0/16 subnet for its default bridge. If your office network or VPN also uses 172.17.x.x, packets get lost. Your computer won't know whether to send traffic to a container or to your corporate mail server.
Check your host's IP ranges using ip addr show. If you see an overlap, use the IP Subnet Calculator on ToolCraft to find a safe, non-conflicting range like 10.50.0.1/24. You can then set this in daemon.json using the "bip": "10.50.0.1/24" key.
4. Fix UFW (Uncomplicated Firewall) Rules
If you're running Ubuntu, UFW might be silently dropping the traffic Docker is trying to forward. By default, UFW often sets the forward policy to DROP, which kills container internet access instantly.
Open the UFW configuration file:
sudo nano /etc/default/ufw
Change DEFAULT_FORWARD_POLICY="DROP" to ACCEPT. Reload the firewall to apply the rule:
sudo ufw reload
Verification: Is it Fixed?
Run these two tests to pinpoint exactly where the failure is happening. This separates DNS problems from general routing issues.
Test 1: DNS Resolution
docker run --rm alpine nslookup google.com
If you see an IP address in the output, your DNS is working perfectly.
Test 2: Raw Connectivity
docker run --rm alpine ping -c 4 1.1.1.1
If you can ping 1.1.1.1 but the nslookup above failed, your problem is 100% DNS-related. If both fail, go back and double-check your IP forwarding and firewall settings in Steps 1 and 4.
Further Reading
- Docker Documentation: Bridge network driver
- Ubuntu Wiki: Understanding systemd-resolved
- Docker Engine: Daemon config reference