diff --git a/tools/osquery/README.md b/tools/osquery/README.md
index e7c5f59df..db870b5f0 100644
--- a/tools/osquery/README.md
+++ b/tools/osquery/README.md
@@ -32,12 +32,20 @@ besides `host.docker.internal:8080`.
 
 The osqueryd instances are configured to use the TLS plugins at `host.docker.internal:8080`. Using the `example_osquery.flags` in this directory should configure Fleet with the appropriate settings for these `osqueryd` containers to connect.
 
-To start one instance each of Centos and Ubuntu `osqueryd`, use:
+To start one instance each of Centos 6, Centos 7, Ubuntu 14, and Ubuntu 16
+`osqueryd`, use:
 
 ```
 docker-compose up
 ```
 
+Linux users should use the overrides (which add DNS entries for
+`host.docker.internal` based on the `DOCKER_HOST` env var):
+
+```
+docker-compose -f docker-compose.yml -f docker-compose.linux-overrides.yml up
+```
+
 The logs will be displayed on the host shell. Note that `docker-compose up` will reuse containers (so the state of `osqueryd` will be maintained across calls). To remove the containers and start from a fresh state on the next call to `up`, use:
 
 ```
diff --git a/tools/osquery/docker-compose.linux-overrides.yml b/tools/osquery/docker-compose.linux-overrides.yml
new file mode 100644
index 000000000..852672aee
--- /dev/null
+++ b/tools/osquery/docker-compose.linux-overrides.yml
@@ -0,0 +1,21 @@
+---
+version: '2'
+
+x-default-settings:
+  extra_hosts: &linux-extra-hosts
+    # Add host.docker.internal record to /etc/hosts of the containers. This is
+    # added on Docker for Mac by default, but needs to be added by Linux users.
+    - "host.docker.internal:${DOCKER_HOST:-172.17.0.1}"
+
+services:
+  ubuntu14-osquery:
+    extra_hosts: *linux-extra-hosts
+
+  ubuntu16-osquery:
+    extra_hosts: *linux-extra-hosts
+
+  centos7-osquery:
+    extra_hosts: *linux-extra-hosts
+
+  centos6-osquery:
+    extra_hosts: *linux-extra-hosts