How can I specify a static (not DHCP) DNS in my alpine:3.6 Docker container?

Question

I want to execute a Docker container on my home LAN, but I don't want it to have access to anything on my LAN.

Based on the answers to the Stack Overflow question Disable access to LAN from docker container, I've done the following on the machine that will run the container:

sudo iptables -A INPUT -i docker0 -d 192.168.0.0/16 -j DROP
sudo iptables -I FORWARD -i docker0 -d 192.168.0.0/16 -j DROP
sudo iptables -I FORWARD -i docker0 -d 192.168.0.0/16 \
    -m state --state ESTABLISHED,RELATED -j ACCEPT

This works. Docker containers on my machine can't see my LAN, but they can reach the internet.

Unfortunately, they are somehow getting the DNS settings from my LAN's DHCP, and the DNS specified my my DHCP is on my LAN. SO now they can't resolve hostnames.

How can I override the DNS settings to an external DNS (eg: 8.8.8.8)? For a single container would be nice, but for all Docker containers running on this machine would be even better.

My Docker images are based on alpine:3.6, in case it matters, and I'm using Docker version 18.09.2.

Answer 1

As Danila Kiver pointed out, the --dns=8.8.8.8 option for docker run can be used to set the DNS for an individual run of a Docker image.

If you need to override the default DNS for all Docker containers run locally, including those during builds, then DNS options can be added to /etc/docker/daemon.json. For example:

{
  "dns": ["8.8.8.8", "8.8.4.4"],
  "dns-search": ["your.search.domain.example.com"]
}