In this article:
    Applicable to:
    • Twingate Component: Client
    • Platform: macOS
    • 3rd Party Component: Docker for Mac

    Overview

    In the sequence of conditions, the Twingate Client is running on the macOS host. A Docker container is able to connect to a DNS resource the first connection attempt, but fails subsequent attempts. The Docker container successfully resolves DNS from the Twingate resolvers the first attempt, but leverages different resolvers on subsequent attempts.

    Symptoms

    • Container instance's first connection to a Twingate protected Resource is successful. Subsequent connection attempts fail.

    Troubleshooting

    1. When performing an nslookup or dig in the container for the first time, you will see a CGNAT IP returned. 
      / # nslookup tg_resource.internal
      Server: 192.168.65.5
      Address: 192.168.65.5:53

      Non-authoritative answer:
      Name: tg_resource.internal
      Address: 100.98.196.176
    2. Performing the nslookup or dig the second time, you will see a non-CGNAT IP returned. 
      / # nslookup tg_resource.internal
      Server: 192.168.65.5
      Address: 192.168.65.5:53

      Non-authoritative answer:
      Name: tg_resource.internal
      Address: 10.140.140.65

    Resolution

    When starting the Docker container instance, add in the following command line arguments to the Docker run command to force the container to use the Twingate resolvers. 

    —dns=100.95.0.251 —dns=100.95.0.252 —dns=100.95.0.253 —dns=100.95.0.254