I'm setting up a Docker container without internet access and it's slow.
The container seems to try make DNS lookups which are bound to fail and only time out slowly.
sudo docker network create --internal test-internal
time sudo docker run --rm --net test-internal -ti alpine ping -c 1 127.0.0.1
# ...
real 0m0.947s
time sudo docker run --rm --net test-internal -ti alpine ping -c 1 google.com
ping: bad address 'google.com'
#...
real 0m5.955s
It takes almost exactly 5 seconds longer to run ping with a hostname. As it happens, DNS resolution timeouts are commonly configured to 5 seconds.
I tried to set the DNS server to an unroutable IP address:
time sudo docker run --rm --net test-internal --dns 240.0.0.1 -ti alpine ping -c 1 google.com
My theory was that the DNS requests would quickly fail to go anywhere, but this didn't happen. The run still takes just as long.
The background here is that I'm running some integration tests to verify robustness when the internet is down. I want external DNS lookups to fail fast, but internal lookups (other Docker containers in the same network) should still work.
Is there a way to tell the Docker embedded DNS to never try external resolution, or to at least fail instantly rather than after 5 seconds?
Alternatively, does anyone know of a dummy DNS server software I could run that returns NXDOMAIN for every request?
To answer your alternative question, sounds simply enough.
make a zone for . and add only the NS record
https://hub.docker.com/r/jacobdevans/nxdomain
and nxdomain.db