In this article:
Applicable to:
- Twingate Component: Client
- Platform: macOS
- 3rd Party Component: Docker for Mac
Overview
In the sequence of conditions, the Twingate Client is running on the macOS host. A Docker container is able to connect to a DNS resource the first connection attempt, but fails subsequent attempts. The Docker container successfully resolves DNS from the Twingate resolvers the first attempt, but leverages different resolvers on subsequent attempts.
Symptoms
- Container instance's first connection to a Twingate protected Resource is successful. Subsequent connection attempts fail.
Troubleshooting
- When performing an
nslookupordigin the container for the first time, you will see a CGNAT IP returned./ # nslookup tg_resource.internal
Server: 192.168.65.5
Address: 192.168.65.5:53
Non-authoritative answer:
Name: tg_resource.internal
Address: 100.98.196.176 - Performing the
nslookupordigthe second time, you will see a non-CGNAT IP returned./ # nslookup tg_resource.internal
Server: 192.168.65.5
Address: 192.168.65.5:53
Non-authoritative answer:
Name: tg_resource.internal
Address: 10.140.140.65
Resolution
When starting the Docker container instance, add in the following command line arguments to the Docker run command to force the container to use the Twingate resolvers.
—dns=100.95.0.251 —dns=100.95.0.252 —dns=100.95.0.253 —dns=100.95.0.254