In addition to the standard format of expressing IP addresses with numbers and dots, symbolic names can also refer to a host. Symbolic names are preferred as they are easier to remember. A service like Domain Name System (DNS) converts domain names into IP addresses using a database that maintains the mapping between host names (or domain names) and host numbers (or IP addresses).

In the Linux environment, name resolution is described in the /etc/nsswitch.conf file, where the default entry for hosts includes files and DNS. It means that the system will check /etc/hosts file before requesting the DNS server for name resolution.

Docker provides a DNS system that can route service requests using their service names. However, a Fully Qualified Domain Name (FQDN) like cannot be used within Docker. Instead, we'll need to use the container's name to connect between different services.

When using a service name to connect to other containers, the resolution service of Docker will translate the service name into the container's IP address. This is done under the hood, and no additional tools are required to perform it.

Let's get into it!


To follow along with this blog, you'll need the following:

  • Linux System with Docker Pre-Installed
  • Docker-Compose

First, let's set up our DNS Server. We will use BIND 9 for the DNS Server, provided free by the Internet Consortium. It's available as a Docker image at DockerHub.

Setup Docker Network

Let's create a docker network.

docker network create --name lab-net --subnet

For our network, we're using a /16 subnet.

DNS Server Configuration

  1. First, setup a directory to store our BIND 9 configuration and create a new file called named.conf.options to start configuring the BIND 9 server.
mkdir -p /opt/bind9/configuration
vim /opt/bind9/configuration/named.conf.options

2. Copy the contents below into the file.

options {    
directory "/var/cache/bind";    
recursion yes;    
listen-on { any; };    
forwarders {   ;   ;    
Contents of named.conf.options

This ensures that BIND listens on all interfaces for DNS requests, and any domain name requests that cannot be fulfilled by the BIND server (ones outside of the zone file) will be sent to the forwarders for resolution. For example,,, etc.

3. Next, we'll define a Zone called lab-net.lan, which points to /etc/bind/zones/db. Zone File.

Let's create the file that will define our zone.

vim /opt/bind9/configuration/named.conf.local

Copy the contents below into the file.

zone "lab-net.lan" {    
type master;    
file "/etc/bind/zones/db.lab-net.lan";
Contents of named.conf.local

The Zone File called db.lab-net.lan contains the domain names that will be managed by our BIND DNS server. We will assign each domain name an IP address. Mention the container's IP address during container runtime so the domain names can point to the corresponding IP addresses.

We'll now add a few domain names to our zone file. Create the lab-net zone file.

vim /opt/bind9/configuration/db.lab-net.lan

4. Copy the contents below into the zone file.

$TTL    1d ; 
default expiration time (in seconds) of all RRs without their own 
TTL value@       IN      SOA     

ns1.lab-net.lan. root.lab-net.lan. 
(                  3      ; 
Serial  1d; 
Refresh 1h; 
Retry 1w; 
Expire 1h); 
Negative Cache TTL;

name servers - NS records     IN      NS      

name servers - A records
ns1.lab-net.lan.          IN      A 
nginx.lab-net.lan.        IN      A 
httpd.lab-net.lan.        IN      A
Zone file contents

In the above example, one name server ns1.lab-net.lan, and two hosts nginx.lab-net.lan and httpd.lab-net.lan have been added.

The hosts in the zone file can be customized as per your needs. Say you have a Caddy web server and a MongoDB that need domain names specified to them. You can add their names to the zone file and the IP addresses you plan to assign them later.

Build the Docker Image

We'll use the official Docker Image of BIND 9 as a base image and install some additional dependencies into it. Finally, we'll copy our configuration files directly into the Docker image.

  1. Create the Dockerfile.
vim /opt/bind9/Dockerfile.bind9

2. Copy the contents below into the Dockerfile.

#Base Bind9 Image
FROM internetsystemsconsortium/bind9:9.18

#Install required tools and dependencies
RUN apt update && apt install -y \  
        bind9-doc \  
        dnsutils \  
        geoip-bin \  
        mariadb-server \  

#Copy configuration files
COPY configuration/named.conf.options /etc/bind/
COPY configuration/named.conf.local /etc/bind/
COPY configuration/db.lab-net.lan /etc/bind/zones/

# Expose Ports
EXPOSE 53/tcp
EXPOSE 53/udp
EXPOSE 953/tcp

# Start the Name Service
CMD ["/usr/sbin/named", "-g", "-c", "/etc/bind/named.conf", "-u", "bind"]
BIND 9 Image Dockerfile Content

3. Build and tag the BIND image using the command below.

docker build -t dns-master . -f Dockerfile.bind9

Run the Docker Container

Once our container has been successfully built, we will now run it in our lab-net network with an explicitly mentioned IP address.

docker run -d -p 53:53/tcp -p 53:53/udp -p --rm --name=dns-master --net=lab-net --ip= internetsystemsconsortium/bind9:9.18

Verifying server configuration:

docker exec -ti dns-master /bin/bash 
confnamed-checkzone lab-net.lan /etc/bind/zones/db.lab-net.lan
zone lab-net.lan/IN: loaded serial 3
Checking DNS configuration of BIND 9 with named-checkzone

Demo Setup

We can now use the previously started DNS container as our DNS server. Any services we need domain mapping for can simply be rebuilt with the required domain names.

docker run -d --rm --name=nginx --net=lab-net --ip= --dns= nginx:latest
sudo docker run -d --rm --name=httpd --net=lab-net --ip= --dns= httpd:latest

As you can see, all containers now run on the same network.

docker network inspect lab-net

"Name": "lab-net",        
"Subnet": ""                
{            "12hbd7e3b3a033fd643d36fff787c123adlkda485dc5f3d4468212568b8ff4498e776993": 
"Name": "dns-master",                
"IPv4Address": ""            
},            "14deb32e260d15ff8543571f2c5fd1d99eeb9ba97042a97c34d9b933525ca8aa": 
"Name": "service2",                
"IPv4Address": ""            },            "cb6840cfd76d360dfe4cefc96486a11cd4b73f405d114c2830fd792c4883dd8b": 
"Name": "service1",                
"IPv4Address": ""            
Output of Docker network inspect lab-net

We can test whether our domain name mapping functions properly by executing an nslookup command. Using the nslookup command, we will be able to determine the IP address of a domain name and the DNS server supplying the details to us.

docker exec -it nginx nslookup httpd.lab-net.lan 


Name:   httpd.lab-net.lan
Using nslookup to check IP Address of the httpd service

To check if the forwarder is working, we can perform nslookup on a domain like, which exists outside of our internal DNS zone. If our request is successful, we should be able to see the IP address of Google's domain.

docker exec -it nginx nslookup                             Server:

Non-authoritative answer:
Using nslookup to check IP Address of the nginx service

As you can see, the reply that came back has the string Non-authorative. This means the DNS server that supplied us with domain details is not under our control. We got this outcome because we added forwarders in our BIND configuration. The domain name we requested detail for was not available in the local zone file, so its details could not be supplied by the BIND server.


This way, we can set up a local DNS server in Docker.

The benefits of setting up a local DNS server are endless. It helps a lot when you don't have access to domain names and want to test different technologies that rely somehow on a domain name.

Please comment below if you have any queries. I try to update my articles regularly to maintain legibility!