`curl` from a Docker container's network namespace produces different results than `curl` from the container itself

Question

I've set up a Docker container with the ubuntu image. I get different results when I curl from the Docker container than when I enter the container's network namespace and try the same command. What's taking place here?

# Set up the container
docker run -d -it --name mycontainer ubuntu
docker exec mycontainer apt update
docker exec mycontainer apt install -y curl

# Run curl but get two different outputs
docker exec mycontainer curl http://yahoo.com
    # => redirect
PID=$(docker inspect -f '{{.State.Pid}}' mycontainer)
sudo nsenter -n -t $PID curl http://yahoo.com
    # => curl: (6) Could not resolve host: yahoo.com

Why is dns not working from the network namespace when it appears to work from the container? Likewise, I fail to get dns info when I nslookup or dig from the namespace but succeed when I do it from the container.

When in the network namespace, I can check the dns, and I get the same values as I do when checking from my host:

sudo nsenter -n -t $PID nmcli dev show | grep DNS
# => IP4.DNS[1]:                             208.76.152.1
# => IP4.DNS[2]:                             208.76.152.9
# => IP4.DNS[3]:                             192.168.68.1

Answer 1

When you run :

sudo nsenter -n -t $PID ...

You use the container's network namespace, but you use host's DNS resolution mechanism.

Try to put (one by one) following entries in your host's /etc/resolv.conf

nameserver 192.168.68.1
nameserver 208.76.152.1
nameserver 208.76.152.9

to see if it improves.