No network connection from containers run within Docker-in-Docker container on MacOS

Question

I've set up the dind image according to the instructions at https://hub.docker.com/_/docker

How can the network be configured so that docker containers run from within the dind container will have access to the internet?

Currently, wget, curl, and apk update work properly directly within a container run from the dind image but when something is run with a docker run it fails to fetch external sources

For example, with the standard ubuntu:latest running apt-get update

bash-5.1# docker container run -it --rm --net=host ubuntu apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease                   
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease         
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease           
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done        
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
bash-5.1# 

One thing is that, using pre-built containers for curl and wget at https://hub.docker.com/r/curlimages/curl and https://hub.docker.com/r/cirrusci/wget, the SSL seems to be appropriate to allow the respective commands to run in addition to standard apk update or apk add <package>

Docker Client and Server are both 20.10.8 (dind is tag: docker:20.10.8-dind). Running Docker Desktop for MacOS v20.10.8 on host.

Client:
 Version:           20.10.8
 API version:       1.41
 Go version:        go1.16.6
 Git commit:        3967b7d
 Built:             Fri Jul 30 19:50:40 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.8
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.6
  Git commit:       75249d8
  Built:            Fri Jul 30 19:55:09 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.4.9
  GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
 runc:
  Version:          1.0.1
  GitCommit:        v1.0.1-0-g4144b638
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The dind container is started from docker-compose using instructions from the main dind Docker Hub page:

orchestrator:
    privileged: true
    image: orchestrator
    stdin_open: false 
    tty: true
    networks:
        main_network:
          aliases: 
            - docker
    build:
      context: .
      dockerfile: Dockerfile
    init: true
    volumes:
      - .:/opt/app
      - basestack_docker_certs_ca:/certs/ca
      - basestack_docker_certs_client:/certs/client:ro
    environment:
      DOCKER_TLS_CERTDIR: "/certs"
    command: "--dns 8.8.8.8"
    restart: unless-stopped
    container_name: orchestrator 

After some digging, I've found that (Docker Desktop for MacOS) https://docs.docker.com/desktop/mac/networking/ config does not create a docker0 bridge like Linux, could that be the issue?

Another thing to note is that if I use --net=host it will assign the same IP as the DinD container which will work (apt-get inside an ubuntu instance from DinD).

I've tested out the bridge (default) network for containers run from the DinD image in Win10 and Ubuntu20 and network connectivity works properly. For example on Linux:

br-8c25f65c698a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.19.0.1  netmask 255.255.0.0  broadcast 172.19.255.255
        ether 02:42:f5:5f:39:a6  txqueuelen 0  (Ethernet)
        RX packets 6189  bytes 343616 (343.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9717  bytes 86927032 (86.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br-defc39de0a0f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:7d:14:ef:2b  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 852 (852.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 33  bytes 3274 (3.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:26:4c:b3:fa  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and the /etc/hosts for ubuntu run from DinD is aligning with the docker0 bridge

root@cb37b9fb3b85:/# cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2  cb37b9fb3b85

Is this primarily due to an SSL issue? If so is it possible to use the dind network to mount the certificates properly into the containers?

Or, is there a way to use the default bridge network when running the containers from DinD and still have access to the internet using Docker Desktop for MacOS?