This error occurs when Docker cannot resolve the hostname of a container registry. The DNS lookup fails because the registry hostname is not recognized by your system's DNS resolver, typically due to misconfigured DNS settings, network issues, or incorrect registry URLs.
The "dial tcp: lookup <hostname>: no such host" error indicates that Docker attempted to resolve a hostname to an IP address, but the DNS lookup failed completely. This is a network-level problem that occurs before Docker can even attempt to connect to the registry. When you run commands like `docker pull`, `docker push`, or `docker login`, Docker needs to resolve the registry hostname (e.g., `registry-1.docker.io`, `myregistry:5000`, or `gcr.io`) to an IP address. If the DNS server returns no results or cannot be reached, you'll see this error. This error commonly appears in several scenarios: - **Private registries**: When connecting to an internal/private registry using a hostname that's only resolvable within your corporate network - **Docker Desktop**: When DNS resolution fails within Docker's internal DNS resolver (often at 192.168.65.1 or similar) - **CI/CD pipelines**: When jobs run in isolated network environments without access to DNS servers - **VPN/Proxy environments**: When network routing interferes with DNS queries - **Offline or network-disconnected systems**: When there's no path to DNS servers at all
First, check that you're using the correct hostname for your registry:
Docker Hub:
# Correct - Docker Hub registry
docker pull nginx
# The actual hostname Docker uses is:
# registry-1.docker.ioPrivate registries:
# Check your registry URL format
# Should be: hostname:port/image:tag
docker pull myregistry.company.com:5000/myimage:latest
# Common mistakes:
# - Using IP when you should use hostname (or vice versa)
# - Missing port number for non-standard ports
# - Typos in the hostnameTest DNS resolution from your host:
# Test if the hostname resolves
nslookup registry-1.docker.io
nslookup myregistry.company.com
# Or using dig
dig registry-1.docker.io
# Or using host
host myregistry.company.comVerify your system's DNS settings are working:
On Linux:
# Check current DNS servers
cat /etc/resolv.conf
# Test DNS resolution
nslookup google.com
# If using systemd-resolved
resolvectl statusOn macOS:
# Check DNS servers
scutil --dns | head -20
# Test resolution
dscacheutil -q host -a name registry-1.docker.ioOn Windows:
# Check DNS configuration
Get-DnsClientServerAddress
# Test resolution
nslookup registry-1.docker.io
# Flush DNS cache
ipconfig /flushdnsIf DNS resolution fails from your host, fix your system's DNS settings first.
If your system DNS works but Docker's internal DNS doesn't, configure Docker to use specific DNS servers:
Method 1: Docker daemon configuration (recommended)
Edit or create /etc/docker/daemon.json:
{
"dns": ["8.8.8.8", "8.8.4.4"]
}Restart Docker:
sudo systemctl restart dockerMethod 2: Per-container DNS
docker run --dns 8.8.8.8 --dns 8.8.4.4 myimageMethod 3: Docker Compose
services:
myservice:
image: myimage
dns:
- 8.8.8.8
- 8.8.4.4For Docker Desktop (Windows/macOS):
1. Open Docker Desktop Settings
2. Go to Docker Engine or Daemon tab
3. Add DNS configuration to the JSON:
{
"dns": ["8.8.8.8", "8.8.4.4"]
}4. Click "Apply & Restart"
For private registries not in public DNS, add an entry to your hosts file:
On Linux/macOS:
# Edit hosts file
sudo nano /etc/hosts
# Add your registry (replace with actual IP and hostname)
192.168.1.100 myregistry.internal
192.168.1.100 myregistryOn Windows:
Edit C:\Windows\System32\drivers\etc\hosts as Administrator:
192.168.1.100 myregistry.internal
192.168.1.100 myregistryFor Docker Desktop on Windows/macOS:
Adding to the host's /etc/hosts should work, but you may also need to configure Docker's internal DNS or add the entry to a running container:
docker run --add-host myregistry:192.168.1.100 myimageOr in Docker Compose:
services:
myservice:
extra_hosts:
- "myregistry:192.168.1.100"Docker Desktop uses a virtual machine with its own DNS resolver. Common fixes:
Restart Docker Desktop:
1. Right-click Docker icon in system tray/menu bar
2. Click "Restart"
Reset Docker Desktop networking:
1. Open Docker Desktop Settings
2. Go to "Troubleshoot" or "Reset" section
3. Click "Reset to factory defaults" (last resort)
Check proxy settings in Docker Desktop:
1. Open Docker Desktop Settings
2. Go to "Resources" > "Proxies" (or "Network")
3. Ensure proxy settings are correct or disabled if not needed
4. Add registry domains to "Bypass proxy" list if using a proxy
For Windows with WSL2:
# Restart WSL
wsl --shutdown
# Then restart Docker DesktopDNS bypass for Docker (add to daemon config):
{
"dns": ["8.8.8.8"],
"dns-opts": ["ndots:1"]
}On Linux, DNS resolution can conflict with systemd-resolved or dnsmasq:
Check for systemd-resolved conflicts:
# See if resolved is managing DNS
ls -la /etc/resolv.conf
# If it's a symlink to /run/systemd/resolve/stub-resolv.conf, resolved is active
# Option 1: Use resolved's real DNS
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
# Option 2: Disable stub listener and use direct DNS
sudo mkdir -p /etc/systemd/resolved.conf.d/
sudo tee /etc/systemd/resolved.conf.d/docker.conf << EOF
[Resolve]
DNSStubListener=no
EOF
sudo systemctl restart systemd-resolvedDisable dnsmasq in NetworkManager:
# Edit NetworkManager config
sudo nano /etc/NetworkManager/NetworkManager.conf
# Comment out or remove:
# dns=dnsmasq
# Restart NetworkManager
sudo systemctl restart NetworkManager
# Restart Docker
sudo systemctl restart dockerVerify Docker can resolve hostnames:
# Test from a container
docker run --rm alpine nslookup registry-1.docker.ioIncorrect proxy settings can cause "no such host" errors if Docker tries to look up the proxy hostname:
Check for proxy environment variables:
# On your host
echo $HTTP_PROXY $HTTPS_PROXY $http_proxy $https_proxy
# In Docker's systemd service
sudo systemctl show docker --property=EnvironmentRemove proxy if not needed:
# Unset proxy variables
unset HTTP_PROXY HTTPS_PROXY http_proxy https_proxy NO_PROXY no_proxy
# Test Docker
docker pull alpineConfigure Docker daemon proxy correctly:
Create /etc/systemd/system/docker.service.d/http-proxy.conf:
[Service]
Environment="HTTP_PROXY=http://proxy.company.com:8080"
Environment="HTTPS_PROXY=http://proxy.company.com:8080"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.company.com"Reload and restart:
sudo systemctl daemon-reload
sudo systemctl restart dockerImportant: Add your private registries to NO_PROXY to bypass the proxy for internal traffic.
VPNs often disrupt Docker's DNS resolution:
Split-tunnel VPN issues:
When a VPN doesn't route all traffic, Docker may lose access to DNS:
# Check your current DNS after VPN connection
cat /etc/resolv.conf
# If DNS points to VPN's DNS server that Docker can't reach,
# manually configure Docker's DNS in daemon.jsonDocker Desktop VPN fixes:
1. In Docker Desktop Settings, go to Resources > Network
2. Try toggling "Use kernel networking for UDP" (if available)
3. Add your company's DNS servers explicitly
For corporate VPNs that modify routing:
{
"dns": ["10.0.0.1", "8.8.8.8"],
"bip": "172.17.0.1/16"
}(Replace 10.0.0.1 with your corporate DNS server)
macOS-specific VPN fix:
Some VPN software conflicts with Docker's hyperkit VM:
1. Disconnect VPN
2. Restart Docker Desktop
3. Reconnect VPN
4. If still failing, add DNS servers to Docker daemon config
Firewalls might be blocking DNS queries (UDP/TCP port 53):
On Linux:
# Check if DNS port is blocked
sudo iptables -L -n | grep 53
# Allow DNS traffic
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
# For UFW
sudo ufw allow out 53/udp
sudo ufw allow out 53/tcpOn Windows:
# Check firewall rules for DNS
Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*DNS*"}
# Ensure Windows Firewall isn't blocking Docker's DNS
# Check outbound rules for UDP 53Corporate firewalls:
If your corporate firewall blocks external DNS (8.8.8.8, 1.1.1.1), use your company's internal DNS servers in Docker's configuration instead.
Test DNS resolution from within Docker's network:
# Start an interactive container
docker run -it --rm alpine sh
# Install DNS tools
apk add --no-cache bind-tools
# Test DNS resolution
nslookup registry-1.docker.io
nslookup your-private-registry.com
# Check container's DNS configuration
cat /etc/resolv.conf
# Test connectivity
ping -c 3 8.8.8.8If DNS fails inside container but works on host:
- Docker's internal DNS (usually 127.0.0.11) might not be forwarding correctly
- Add explicit DNS servers to daemon.json
- Check if Docker's embedded DNS server is functioning
Check Docker network configuration:
# List networks
docker network ls
# Inspect default bridge network
docker network inspect bridge
# Check DNS configuration in network
docker network inspect bridge | grep -A 10 "IPAM"Understanding Docker's DNS architecture:
Docker has a built-in DNS server at 127.0.0.11 (inside containers) that handles service discovery and forwards external queries. On Docker Desktop, there's an additional layer with DNS proxying through the VM.
Docker Desktop DNS flow:
1. Container makes DNS query to 127.0.0.11
2. Docker's embedded DNS checks for container/service names
3. If not found, forwards to Docker Desktop's VM DNS (e.g., 192.168.65.1)
4. VM DNS forwards to host's DNS or configured DNS servers
Common DNS debugging commands:
# Check Docker's DNS resolution
docker run --rm tutum/dnsutils nslookup registry-1.docker.io
# Trace DNS query path
docker run --rm tutum/dnsutils dig +trace registry-1.docker.io
# Check container's resolv.conf
docker run --rm alpine cat /etc/resolv.confCI/CD specific issues:
In GitLab CI, GitHub Actions, or Jenkins, the "no such host" error often means:
- The runner's network doesn't have DNS access to your private registry
- The runner is isolated and can't reach external DNS
- You need to add the registry to /etc/hosts in your CI configuration
GitLab CI example with custom DNS:
variables:
FF_NETWORK_PER_BUILD: "true"
services:
- name: docker:dind
command: ["--dns", "8.8.8.8", "--dns", "8.8.4.4"]
build:
script:
- docker pull myregistry:5000/imageFor air-gapped or offline environments:
If you're working in an isolated network without external DNS:
1. Set up a local DNS server with entries for your registries
2. Or use IP addresses directly instead of hostnames
3. Configure insecure registry if using HTTP:
{
"insecure-registries": ["192.168.1.100:5000"]
}Kubernetes and Docker DNS:
When running Docker inside Kubernetes pods (docker-in-docker):
# Pod spec with custom DNS
spec:
dnsPolicy: "None"
dnsConfig:
nameservers:
- 8.8.8.8
searches:
- default.svc.cluster.localimage operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub