#Node sdk from within Dind container network issues

I am trying to run the dagger node sdk from within a docker in docker Jenkins agent on EKS, but get network issues pulling the docker image when I run my node script. Pulling the docker image via docker pull right before the script works fine, but running the script after fails on pulling the image. Wondering if anyone has seen this before?

1.13-12.1675790156: Pulling from ubi9/openjdk-17
Digest: sha256:1478fc79fbf7a8445201b62ce8e37b57a4913c16545f71a288a7fb0fa6a1639e
Status: Image is up to date for registry.access.redhat.com/ubi9/openjdk-17:1.13-12.1675790156
+ node --loader ts-node/esm ./test-with-checks.mts
(node:202) ExperimentalWarning: Custom ESM Loaders is an experimental feature and might change at any time
(Use `node --trace-warnings ...` to show where the warning was created)
Setting commit status to PENDING
GraphQLRequestError: Error message
    at file:///home/jenkins/agent/workspace/QA-Test/DynamicLinks/node_modules/@dagger.io/dagger/dist/api/utils.js:121:23
    at Generator.throw (<anonymous>)
    at rejected (file:///home/jenkins/agent/workspace/QA-Test/DynamicLinks/node_modules/@dagger.io/dagger/dist/api/utils.js:5:65)
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  cause: ClientError: failed to do request: Head "https://registry.access.redhat.com/v2/ubi9/openjdk-17/manifests/1.13-12.1675790156": dial tcp: lookup registry.access.redhat.com on 10.140.0.2:53: dial udp 10.140.0.2:53: connect: network is unreachable: {"response":{"data":null,"errors":[{"message":"failed to do request: Head \"https://registry.access.redhat.com/v2/ubi9/openjdk-17/manifests/1.13-12.1675790156\": dial tcp: lookup registry.access.redhat.com on 10.140.0.2:53: dial udp 10.140.0.2:53: connect: network is unreachable","locations":[{"line":2,"column":24}],"path":["container","from"]}],"status":200,"headers":{}},"request":{"query":"\n        { container  { from (address: \"registry.access.redhat.com/ubi9/openjdk-17:1.13-12.1675790156\")

👋 what happens if you do docker run --rm alpine nslookup registry.access.redhat.com instead?

Thanks for the quick response,

+ docker run --rm alpine nslookup registry.access.redhat.com
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
8921db27df28: Already exists
Digest: sha256:c8deccde20bcc319a17c28ce674b80b9b7e945a8b460a11272b7f0a3e0d6a746
Status: Downloaded newer image for alpine:latest
nslookup: can't connect to remote host (10.230.0.2): Network unreachable

looks like it's the same issue. Adding the --network=host flag fixes this. Is there anyway a similar configuration can be passed to dagger?

it's currently not possible. What you need to do is configure the inner dind daemon to use the correct DNS servers

there's a --dns flag in the dockerd binary that can also be set with docker.conf to set the DNS ip the containers spawn by that daemon will use

you basically need to set the correct IP there which should be the same dns your jenkins pipeline uses since the dind will change it