Desktop: new network setting (#22710)

<!--Delete sections as needed -->

## Description

New IP setting for DD 

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

Author: aevesdocker

content/manuals/desktop/features/networking.md

@@ -68,6 +68,133 @@ To enable and set up SOCKS proxy support:
 3. Switch on the **Manual proxy configuration** toggle. 
 4. In the **Secure Web Server HTTPS** box, paste your `socks5://host:port` URL.
 
+## Networking mode and DNS behaviour for Mac and Windows
+
+With Docker Desktop version 4.42 and later, you can customize how Docker handles container networking and DNS resolution to better support a range of environments — from IPv4-only to dual-stack and IPv6-only systems. These settings help prevent timeouts and connectivity issues caused by incompatible or misconfigured host networks.
+
+> [!NOTE]
+>
+> These settings can be overridden on a per-network basis using CLI flags or Compose file options.
+
+### Default networking mode
+
+Choose the default IP protocol used when Docker creates new networks. This allows you to align Docker with your host’s network capabilities or organizational requirements, such as enforcing IPv6-only access.
+
+The options available are:
+
+- **Dual IPv4/IPv6** (Default): Supports both IPv4 and IPv6. Most flexible and ideal for environments with dual-stack networking.
+- **IPv4 only**: Only IPv4 addresses are used. Use this if your host or network does not support IPv6.
+- **IPv6 only**: Only IPv6 addresses are used. Best for environments transitioning to or enforcing IPv6-only connectivity.
+
+> [!NOTE]
+>
+> This setting can be overridden on a per-network basis using CLI flags or Compose file options.
+
+### DNS resolution behavior 
+
+Control how Docker filters DNS records returned to containers, improving reliability in environments where only IPv4 or IPv6 is supported. This setting is especially useful for preventing apps from trying to connect using IP families that aren't actually available, which can cause avoidable delays or failures.
+
+Depending on your selected network mode, the options available are:
+
+- **Auto (recommended)**: Docker detects your host's network stack and automatically filters out unsupported DNS record types (A for IPv4, AAAA for IPv6).
+- **Filter IPv4 (A records)**: Prevents containers from resolving IPv4 addresses. Only available in dual-stack mode.
+- **Filter IPv6 (AAAA records)**: Prevents containers from resolving IPv6 addresses. Only available in dual-stack mode.
+- **No filtering**: Docker returns all DNS records (A and AAAA), regardless of host support.
+
+> [!IMPORTANT]
+>
+> Switching the default networking mode resets the DNS filter to Auto.
+
+### Using Settings Management
+
+If you're an administrator, you can use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#networking) to enforce this Docker Desktop setting across your developer's machines. Choose from the following code snippets and at it to your `admin-settings.json` file.
+
+{{< tabs >}}
+{{< tab name="Networking mode" >}}
+
+Dual IPv4/IPv6:
+
+```json
+{
+  "defaultNetworkingMode": {
+    "locked": true
+    "value": "dual-stack"
+  }
+}
+```
+
+IPv4 only:
+
+```json
+{
+  "defaultNetworkingMode": {
+    "locked": true
+    "value": "ipv4only"
+  }
+}
+```
+
+IPv6 only:
+
+```json
+{
+  "defaultNetworkingMode": {
+    "locked": true
+    "value": "ipv6only"
+  }
+}
+```
+
+{{< /tab >}}
+{{< tab name="DNS resolution" >}}
+
+Auto filter:
+
+```json
+{
+  "dnsInhibition": {
+    "locked": true
+    "value": "auto"
+  }
+}
+```
+
+Filter IPv4:
+
+```json
+{
+  "dnsInhibition": {
+    "locked": true
+    "value": "ipv4"
+  }
+}
+```
+
+Filter IPv6:
+
+```json
+{
+  "dnsInhibition": {
+    "locked": true
+    "value": "ipv6"
+  }
+}
+```
+
+No filter:
+
+```json
+{
+  "dnsInhibition": {
+    "locked": true
+    "value": "none"
+  }
+}
+```
+
+{{< /tab >}}
+{{< /tabs >}}
+
 ## Networking features for Mac and Linux
 
 ### SSH agent forwarding

content/manuals/desktop/settings-and-maintenance/settings.md

@@ -307,6 +307,8 @@ To enable Kerberos or NTLM proxy authentication you must pass the `--proxy-enabl
 
 Docker Desktop uses a private IPv4 network for internal services such as a DNS server and an HTTP proxy. In case Docker Desktop's choice of subnet clashes with IPs in your environment, you can specify a custom subnet using the **Network** setting.
 
+On Windows and Mac, you can also set the default networking mode and DNS resolution behavior. For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
+
 On Mac, you can also select the **Use kernel networking for UDP** setting. This lets you use a more efficient kernel networking path for UDP. This may not be compatible with your VPN software.
 
 ### WSL Integration

content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md

@@ -301,6 +301,15 @@ quit and reopened.
 >
 > These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start.
 
+### Networking
+
+|Parameter|OS|Description|Version|
+|:-------------------------------|---|:-------------------------------|---|
+| `defaultNetworkingMode` | Windows and Mac only | Defines the default IP protocol for new Docker networks: `dual-stack` (IPv4 + IPv6, default), `ipv4only`, or `ipv6only`. | Docker Desktop version 4.42 and later. |
+| `dnsInhibition` | Windows and Mac only | Controls DNS record filtering returned to containers. Options: `auto` (recommended), `ipv4`, `ipv6`, `none`| Docker Desktop version 4.42 and later. |
+
+For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
+
 ### Features in development
 
 |Parameter|OS|Description|Version|

content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md

@@ -513,6 +513,36 @@ settings.
 - **Configure this setting with:**
     - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
 
+### Networking mode
+
+| Default value | Accepted values | Format   |
+|---------------|-----------------|----------|
+| `dual-stack` | `ipv4only`, `ipv6only` | String  |
+
+- **Description:** Set the networking mode.
+- **OS:** {{< badge color=blue text="Windows and Mac" >}}
+- **Use case:** Choose the default IP protocol used when Docker creates new networks.
+- **Configure this setting with:**
+    - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
+    - Settings Management: `defaultNetworkingMode` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+
+For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
+
+#### Inhibit DNS resolution for IPv4/IPv6
+
+| Default value | Accepted values | Format   |
+|---------------|-----------------|----------|
+| `auto` | `ipv4`, `ipv6`, `none` | String  |
+
+- **Description:** Filters unsupported DNS record types.
+- **OS:** {{< badge color=blue text="Windows and Mac" >}}
+- **Use case:** Control how Docker filters DNS records returned to containers, improving reliability in environments where only IPv4 or IPv6 is supported.
+- **Configure this setting with:**
+    - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
+    - Settings Management: `dnsInhibition` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+
+For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
+
 ### Enable WSL engine
 
 | Default value | Accepted values | Format   |