✦ For everyone, free.

Practical knowledge for real and everyday life

Home

2.1.1.3 Daemon Network Control

A focused guide to Daemon Network Control, connecting core concepts with practical Docker and container operations.

Daemon network control is the daemon's responsibility for creating and managing the virtual networks that connect containers to each other and to the outside world, including assigning IP addresses, providing name resolution between containers, and configuring how container ports are exposed on the host.

Creating Isolated Networks

The daemon can create user-defined networks that group containers together, giving them a shared, isolated network namespace separate from other containers on the same host.

docker network create myapp-net
docker run -d --name db --network myapp-net postgres:16
docker run -d --name app --network myapp-net myapp:1.0

Containers attached to the same network can reach each other; containers on a different network, by default, cannot.

Built-In DNS Resolution

The daemon runs an embedded DNS server for each user-defined network, automatically resolving container names to their current IP addresses, so containers can refer to each other by name rather than needing to track IP addresses that could change.

docker exec app ping db

This succeeds because the daemon's DNS resolves db to whatever IP address that container currently has on the shared network.

Exposing Containers to the Host Network

The daemon manages port mappings that connect a container's internal port to a port on the host, using network address translation rules it configures automatically when a container is started.

docker run -d -p 8080:80 nginx

Requests to port 8080 on the host are forwarded by rules the daemon set up to port 80 inside the container.

Multiple Network Drivers

The daemon supports different network drivers for different needs: a bridge network for single-host container communication, an overlay network for communication across multiple hosts in a Swarm, and a host network that gives a container direct access to the host's own network stack.

docker network create -d overlay --attachable myapp-overlay
Inspecting Network State

Because the daemon tracks all network configuration centrally, the current state of any network — which containers are attached, what IP addresses they have — can be inspected directly.

docker network inspect myapp-net
Why Daemon-Managed Networking Matters

Centralizing network management in the daemon means container networking behaves consistently regardless of which client or tool is used to start a container, since the daemon, not any individual client, is what actually configures the underlying network rules.

Related content