Description
When using docker-compose up without any network configuration in it, a new network is created by docker. A Gateway is also created which will resolve the container dns on that network. This creates a listening UDP port 53 on the gateway IP.
When this network is deleted (for example using docker-compose down, or docker network rm commands), the listening UDP port 53 on that gateway IP is not unbound.
Next time this gateway IP is chosen/used by docker, the resolver will not be started and containers within that network will not be reachable by name.
When a gateway IP is reused on windows, the following event is logged:
Resolver Setup/Start failed for container test_default, "error in opening name server socket listen udp 172.17.48.1:53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted."
The command "netstat -p UDP -a" can be used to show all IP's previously used as gateway by docker.
Steps to reproduce the issue:
- docker-compose up
- docker inspect one of the container to get the Gateway IP
- run "netstat -p UDP -a" and see all bound ports on the Gateway IP
- Shutdown containers using docker-compose down
- Run "netstat -p UDP -a" and observe that Gateway IP port 53 is still bound.
Describe the results you received:
Gateway IP port 53 is still bound
Describe the results you expected:
Gateway IP port 53 is not bound anymore
Additional information you deem important (e.g. issue happens only occasionally):
This seems to happen on various version of docker, linux (18.09.3), windows ee(18.09.3) and windows docker desktop(18.09.2). Restarting docker service will cleanup the ports 53.
The issue in event logs looks sporadic as the same gateway IP needs to be reused in order for containers to be not reachable.
See below a console log demonstrating using docker rm on a windows machine:
ADMIN PS C:\WINDOWS\system32> docker network ls
NETWORK ID NAME DRIVER SCOPE
63a50935c925 platform-tests_default nat local
a0c43e0cda13 nat nat local
716818e83062 none null local
ADMIN PS C:\WINDOWS\system32> netstat -p UDP -an | findstr 172.17.48.1
UDP 172.17.48.1:53 *:*
UDP 172.17.48.1:137 *:*
UDP 172.17.48.1:138 *:*
UDP 172.17.48.1:1900 *:*
UDP 172.17.48.1:57209 *:*
ADMIN PS C:\WINDOWS\system32> docker network rm 63a50935c925
63a50935c925
ADMIN PS C:\WINDOWS\system32> netstat -p UDP -an | findstr 172.17.48.1
UDP 172.17.48.1:53 *:*
Output of docker version:
Client: Docker Engine - Community
Version: 18.09.2
API version: 1.39
Go version: go1.10.8
Git commit: 6247962
Built: Sun Feb 10 04:12:31 2019
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.2
API version: 1.39 (minimum version 1.24)
Go version: go1.10.6
Git commit: 6247962
Built: Sun Feb 10 04:28:48 2019
OS/Arch: windows/amd64
Experimental: false
Output of docker info:
Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 28
Server Version: 18.09.2
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: ics l2bridge l2tunnel nat null overlay transparent
Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: hyperv
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows 10 Enterprise Version 1809 (OS Build 17763.316)
OSType: windows
Architecture: x86_64
CPUs: 12
Total Memory: 31.74GiB
Name: DC-774374
ID: DCUB:SOVD:3QXH:OW76:5R4G:R47C:KVLB:HHNJ:R45Y:OFYC:42NQ:VXDM
Docker Root Dir: C:\ProgramData\Docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: -1
Goroutines: 96
System Time: 2019-03-19T10:34:41.067655+01:00
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
Description
When using docker-compose up without any network configuration in it, a new network is created by docker. A Gateway is also created which will resolve the container dns on that network. This creates a listening UDP port 53 on the gateway IP.
When this network is deleted (for example using docker-compose down, or docker network rm commands), the listening UDP port 53 on that gateway IP is not unbound.
Next time this gateway IP is chosen/used by docker, the resolver will not be started and containers within that network will not be reachable by name.
When a gateway IP is reused on windows, the following event is logged:
Resolver Setup/Start failed for container test_default, "error in opening name server socket listen udp 172.17.48.1:53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted."
The command "netstat -p UDP -a" can be used to show all IP's previously used as gateway by docker.
Steps to reproduce the issue:
Describe the results you received:
Gateway IP port 53 is still bound
Describe the results you expected:
Gateway IP port 53 is not bound anymore
Additional information you deem important (e.g. issue happens only occasionally):
This seems to happen on various version of docker, linux (18.09.3), windows ee(18.09.3) and windows docker desktop(18.09.2). Restarting docker service will cleanup the ports 53.
The issue in event logs looks sporadic as the same gateway IP needs to be reused in order for containers to be not reachable.
See below a console log demonstrating using docker rm on a windows machine:
Output of
docker version:Output of
docker info: