34

[SOLVED] Podman won't start Pihole with an error saying that it can't bind to port 53, as it is already in use, but nothing is using port 53.

posted
*
by
Avatar
Kalcifer@sh.itjust.works
in
Avatar
selfhosted@lemmy.world
42 comments
hidereport

Solution

It was found (here, and here) that Podman uses its own DNS server, aardvark-dns which is bound to port 53 (this explains why I was able to bind to 53 with nc on the host while the container would still fail). So the solution is to bridge the network for that port. So, in the compose file, the ports section would become:

ports:
  - "<host-ip>:53:53/tcp"
  - "<host-ip>:53:53/udp"
  - "80:80/tcp"

where <host-ip> is the ip of the machine running the container — e.g. 192.168.1.141.

Original Post

I so desperately want to bash my head into a hard surface. I cannot figure out what is causing this issue. The full error is as follows:

Error: cannot listen on the UDP port: listen udp4 :53: bind: address already in use

This is my compose file:

version: "3"
services:
  pihole:
    container_name: pihole
    image: docker.io/pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: '<redacted>'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped

and the result of # ss -tulpn:

Netid       State        Recv-Q       Send-Q                             Local Address:Port               Peer Address:Port       Process                                         
udp         UNCONN       0            0                    [fe80::e877:8420:5869:dbd9]:546                           *:*           users:(("NetworkManager",pid=377,fd=28))       
tcp         LISTEN       0            128                                      0.0.0.0:22                      0.0.0.0:*           users:(("sshd",pid=429,fd=3))                  
tcp         LISTEN       0            128                                         [::]:22                         [::]:*           users:(("sshd",pid=429,fd=4))

I have looked for possible culprit services like systemd-resolved. I have tried disabling Avahi. I have looked for other potential DNS services. I have rebooted the device. I am running the container as sudo (so it has access to all ports). I am quite at a loss.

  • Raspberry Pi Model 1 B Rev 2
  • Raspbian (bookworm)
  • Kernel v6.6.20+rpt-rpi-v6
  • Podman v4.3.1
  • Podman Compose v1.0.3

EDIT (2024-03-14T22:13Z)

For the sake of clarity, # netstat -pna | grep 53 shows nothing on 53, and # lsof -i -P -n | grep LISTEN shows nothing listening to port 53 — the only listening service is SSH on 22, as expected.

Also, as suggested here, I tried manually binding to port 53, and I was able to without issue.

Sort:
HotTopControversialNewOld
Avatar
zikal@lemmynsfw.com
5 points

Check with “sudo ss -tupan | grep 53” to see if there is a process already using port 53. It might be systemd’s resolver or something like that.

permalink
report
reply
Avatar
Kalcifer@sh.itjust.worksOP
1 point

If you read the post, I already did that. It shows no device using port 53.

permalink
report
parent
reply
Avatar
FrostyCaveman@lemm.ee
-1 points
*
Deleted by creator
permalink
report
reply
Avatar
Kalcifer@sh.itjust.worksOP
0 points

systemd-resolved is not running ­— it isn’t even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.

permalink
report
parent
reply
Avatar
kylian0087@lemmy.world
19 points

Ports below 1024 are by default reserved for root. So unless you use sudo or change this you wont be able to use port 80 and 53 without root

permalink
report
reply
Avatar
oxomoxo@lemmy.world
3 points

This article covers the solution https://access.redhat.com/solutions/7044059

permalink
report
parent
reply
Avatar
psmgx@lemmy.world
2 points

Huh doesn’t require enterprise subscription to see that solution

permalink
report
parent
reply
Avatar
Kalcifer@sh.itjust.worksOP
0 points

That is not the solution. As I have already mentioned a number of times, I am running the container in priveleged mode — I am running the container as root. It has access to all ports.

permalink
report
parent
reply
Avatar
Possibly linux@lemmy.zip
-3 points

Have you tried docker?

permalink
report
parent
reply
Avatar
Rayzor@lemmy.ml
1 point

You still running into trouble? Are you able to run ss -alnp as root?

permalink
report
reply
Avatar
Kalcifer@sh.itjust.worksOP
0 points

You still running into trouble?

Yes.

Are you able to run ss -alnp as root?

I have already tried checking if something is listening on 53 in about 10 different ways. That command yields the same outcome as before — nothing appears to be listening on 53.

permalink
report
parent
reply
Avatar
Possibly linux@lemmy.zip
-2 points

Then nothing is listening on 53. Check permissions

permalink
report
parent
reply
Avatar
Rayzor@lemmy.ml
1 point

Ever get this resolved?

permalink
report
parent
reply
Avatar
Kalcifer@sh.itjust.worksOP
2 points
*

Yeah, take a look at the solution at the top of the post.

permalink
report
parent
reply
Avatar
Scott@lem.free.as
0 points

This post from Stack Exchange might help you, switching 80 for 53, of course.

permalink
report
reply
Avatar
Kalcifer@sh.itjust.worksOP
0 points

See the solution in the post.

permalink
report
parent
reply
Avatar
Scott@lem.free.as
2 points

Ahhh… very good. I avoided all this by running Pihole on its own IP on the LAN using a bridged interface from the host.

permalink
report
parent
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 3.5K

    Monthly active users

  • 3.4K

    Posts

  • 77K

    Comments

Community moderators