This applies at least do Docker 1.9.1 on host Ubuntu 15.10.
Docker uses as default google name servers if no external server is defined in resolv.com:
It seems that the firewall has problems with these nameservers within a container. For example when creating an own image in the Docker tutorial :
1. Add other nameservers in /etc/default/docker:
2. As systemd is not using this config file (only Upstart and SysVinit), load and use it in /etc/systemd/system/docker.service.d/docker.conf:
(Empty ExecStart is important.)