Docker networking confuses people because the defaults are unintuitive and the mental model isn't obvious from the CLI. A container can reach the internet by default, but two containers on the same host can't reach each other unless they're on the same network. Port publishing doesn't work the way most people expect on Linux hosts. Container-to-container DNS just works in Docker Compose but not when you run containers manually. Understanding why requires knowing a bit about how Docker uses Linux networking primitives.

This guide covers each Docker network driver, how DNS works inside containers, port publishing mechanics, and how Docker Compose handles multi-container networking.

Network drivers overview

Docker's networking system is pluggable — different drivers implement different networking behaviors. The built-in drivers are:

bridge — the default for containers on a single host