The 'Could not resolve host' error occurs when Docker containers cannot perform DNS lookups to translate hostnames into IP addresses. This is commonly caused by misconfigured DNS settings, systemd-resolved conflicts on Linux, or network isolation issues.
When you see "Could not resolve host" in Docker, it means your container's DNS resolver cannot translate a hostname (like api.example.com or registry.npmjs.org) into an IP address. This prevents the container from establishing network connections to external services. Docker handles DNS by copying the host's /etc/resolv.conf into containers, filtering out localhost nameservers (like 127.0.0.1 or 127.0.0.53). If no valid nameservers remain after filtering, Docker falls back to Google's public DNS servers (8.8.8.8 and 8.8.4.4). The problem often occurs on Ubuntu 18.04+ and other systems using systemd-resolved, which uses 127.0.0.53 as a local DNS cache. Since containers cannot reach the host's localhost, they lose access to DNS resolution entirely.
First, verify what DNS servers your container is using:
docker run --rm alpine cat /etc/resolv.confIf you see nameserver 127.0.0.11 (Docker's embedded DNS) or valid external IPs, the issue may be elsewhere. If you see no nameservers or only localhost addresses, proceed with the fixes below.
Examine your host's DNS settings:
cat /etc/resolv.confIf you see nameserver 127.0.0.53 (systemd-resolved) or nameserver 127.0.0.1 (dnsmasq), this is likely the cause. Docker filters these out, leaving containers without valid DNS.
On systems using systemd-resolved, change the resolv.conf symlink to point to the file with real DNS servers:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.confThen restart Docker:
sudo systemctl restart dockerThis exposes the actual upstream DNS servers to Docker instead of the local stub resolver.
Create or edit /etc/docker/daemon.json to specify DNS servers:
sudo nano /etc/docker/daemon.jsonAdd the following (adjust DNS servers as needed for your network):
{
"dns": ["8.8.8.8", "8.8.4.4", "1.1.1.1"]
}Restart Docker to apply:
sudo systemctl restart dockerNote: If you're behind a corporate firewall, use your internal DNS servers instead of public ones.
For a quick fix or testing, specify DNS directly when running containers:
docker run --dns 8.8.8.8 --dns 8.8.4.4 your-imageFor Docker Compose, add to your service:
services:
your-service:
image: your-image
dns:
- 8.8.8.8
- 8.8.4.4As a workaround, you can use the host's network stack directly:
docker run --network host your-imageOr in Docker Compose:
services:
your-service:
image: your-image
network_mode: hostWarning: This removes network isolation between container and host, which may not be suitable for production or multi-container setups.
Ensure your firewall allows DNS traffic from Docker's bridge network:
# For firewalld
sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
sudo firewall-cmd --reload
# For ufw
sudo ufw allow in on docker0Also verify that outbound UDP port 53 is not blocked for Docker containers.
User-defined networks: Docker's embedded DNS server (127.0.0.11) only works in user-defined bridge networks, not the default bridge. If you create a custom network with docker network create mynet and attach containers to it, they can resolve each other by container name and benefit from better DNS handling.
Docker Desktop vs. Docker Engine: Docker Desktop on macOS and Windows handles DNS differently through its VM layer. These instructions primarily apply to Docker Engine on Linux.
Kubernetes considerations: If running Docker containers within Kubernetes, DNS is handled by CoreDNS/kube-dns. Container-level DNS settings may be overridden by pod specs.
VPN interference: Some VPN clients (especially corporate VPNs) modify the host's routing and DNS in ways that break Docker networking. Try disconnecting the VPN to test, or configure the VPN to exclude Docker's subnet (typically 172.17.0.0/16).
Rootless Docker: In rootless mode, networking behaves differently. You may need to use slirp4netns with custom DNS settings or configure the user's network namespace.
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub