When localhost(127.0.0.1) is the only entry in the host's '/etc/resolv.conf' file, Docker defaults to using Google public DNS servers inside containers. It is not the best solution for various reasons, ex. it can not resolve internal domain names.

• https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver

With Fedora introducing default local(127.0.0.1:53) DNSSEC resolver on the host, it would the best option for container applications to take full advantage of the same. Currently, there is no way for the Docker containers to talk to the local resolver on the host. 👎

To enable Docker containers to communicate with the local(127.0.0.1:53) resolver on the host, one would need to make following configuration changes on the host.

• Enable local lo routing via docker0 bridge interface. (it is off by default)
  # sysctl -w net.ipv4.conf.docker0.route_localnet=1
• Enable local resolver to accept requests from 172.17.0.0/16 docker sub-network.
  unbound(8): # vi /etc/unbound/unbound.conf -> access-control: 172.17.0.0/16 allow
ndjbdns(8): # touch /etc/ndjbdns/ip/172.17
• Use iptables(8) destination nat(DNAT) to divert DNS traffic from docker0 to lo interface.
  # iptables -t nat -I PREROUTING -p UDP -s 172.17.0.0/16 --dport 53 -i docker0 -j DNAT --to-destination 127.0.0.1:53

Docker daemon is best placed to make above changes on the host. It'll greatly help if the Docker daemon could conditionally make above configurations when the host lists only 127.0.0.1 as its name server.

Could the Docker daemon be updated to make above changes please?

Thank you.