7.3.2.1 Default Bridge DNS Limits
A focused guide to Default Bridge DNS Limits, connecting core concepts with practical Docker and container operations.
Default bridge DNS limits refer specifically to the fact that Docker's automatically provided default bridge network does not support automatic name-based resolution between containers, a key limitation distinguishing it from any explicitly created, user-defined bridge network.
Confirming Containers Are on the Default Bridge
Containers created without any explicit --network flag end up on the default bridge, where this limitation applies.
docker run -d --name container-a alpine sleep 1000
docker inspect container-a --format '{{.HostConfig.NetworkMode}}'
This reports default, confirming the container is using the default bridge network where name resolution is not available.
Why This Specific Network Lacks Resolution
The default bridge network predates Docker's later introduction of an embedded DNS server for user-defined networks, and was never retrofitted with this capability, making it functionally different from a user-defined bridge network despite using the same underlying driver.
docker run -d --name container-a alpine sleep 1000
docker run -d --name container-b alpine sleep 1000
docker exec container-b ping container-a
This fails on the default bridge, despite being functionally similar to a scenario that would succeed on a user-defined bridge network.
The Resolution: Migrating to a User-Defined Network
Recreating containers on an explicitly created network resolves this limitation entirely.
docker network create mynet
docker run -d --name container-a --network mynet alpine sleep 1000
docker run -d --name container-b --network mynet alpine sleep 1000
docker exec container-b ping container-a
Why Legacy Linking Is Not a Recommended Workaround
While --link historically provided limited name resolution on the default bridge, it is considered legacy and generally not recommended in favor of simply using a user-defined network instead.
docker run -d --name container-b --link container-a alpine sleep 1000
Why Understanding This Limitation Matters
Recognizing the default bridge network's specific lack of DNS resolution as a known, well-documented limitation — rather than a confusing bug — clarifies why moving to a user-defined network is the standard, recommended solution for any multi-container application needing name-based communication.