Podman won't start Pihole with an error saying that it can't bind to port 53, as it is already in use, but nothing is using port 53.

Submitted ⁨⁨8⁩ ⁨months⁩ ago⁩ by ⁨Kalcifer@sh.itjust.works⁩ to ⁨selfhosted@lemmy.world⁩

I so desperately want to bash my head into a hard surface. I cannot figure out what is causing this issue. The full error is as follows:

Error: cannot listen on the UDP port: listen udp4 :53: bind: address already in use

This is my compose file:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: docker.io/pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
     # - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: '<redacted>'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    # cap_add:
    # - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

and the result of # ss -tulpn:

Netid       State        Recv-Q       Send-Q                             Local Address:Port               Peer Address:Port       Process                                         
udp         UNCONN       0            0                    [fe80::e877:8420:5869:dbd9]:546                           *:*           users:(("NetworkManager",pid=377,fd=28))       
tcp         LISTEN       0            128                                      0.0.0.0:22                      0.0.0.0:*           users:(("sshd",pid=429,fd=3))                  
tcp         LISTEN       0            128                                         [::]:22                         [::]:*           users:(("sshd",pid=429,fd=4))

I have looked for possible culprit services like systemd-resolved. I have tried disabling Avahi. I have looked for other potential DNS services. I have rebooted the device. I am running the container as sudo (so it has access to all ports). I am quite at a loss.

Raspberry Pi Model 1 Model B Rev 2
Raspbian (bookworm)
Kernel v6.6.20+rpt-rpi-v6
Podman v4.3.1
Podman Compose v1.0.3

source

Comments

Sort:hotnew top

kylian0087@lemmy.world ⁨8⁩ ⁨months⁩ ago
Ports below 1024 are by default reserved for root. So unless you use sudo or change this you wont be able to use port 80 and 53 without root

source
- oxomoxo@lemmy.world ⁨8⁩ ⁨months⁩ ago
  This article covers the solution access.redhat.com/solutions/7044059
  
  source
  - psmgx@lemmy.world ⁨8⁩ ⁨months⁩ ago
    Huh doesn’t require enterprise subscription to see that solution
    
    source
  - Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
    That is not the solution. As I have already mentioned a number of times, I am running the container in priveleged mode — I am running the container as root. It has access to all ports.
    
    source
    -> View More Comments

Climatic2469@lemmy.world ⁨8⁩ ⁨months⁩ ago

In the /etc/systemd/resolved.conf

Set the DNSStubListener=no like below then restart the network resolvd service

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=127.0.0.1
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

source

Telodzrum@lemmy.world ⁨8⁩ ⁨months⁩ ago
This is the correct solution. OP’s issue is a common one which shows up on the PiHole discussion forums regularly. I frequently forget to perform this step on new installs, too.

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  systemd-resolved is not running — it isn’t even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.
  
  source
Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
systemd-resolved is not running — it isn’t even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.

source
- Climatic2469@lemmy.world ⁨7⁩ ⁨months⁩ ago
  That wasn’t clear from the body, as it says you investigated systemd but hadn’t resolved the issue. I’m glad you found a solution though and have a good day.
  
  source

zikal@lemmynsfw.com ⁨8⁩ ⁨months⁩ ago
Check with “sudo ss -tupan | grep 53” to see if there is a process already using port 53. It might be systemd’s resolver or something like that.

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  If you read the post, I already did that. It shows no device using port 53.
  
  source
tvcvt@lemmy.ml ⁨8⁩ ⁨months⁩ ago
I’ve not done much with podman, but my first thought is that port 53 is privileged and usually podman runs as a non-privileged user, right? Do you have some mechanism in place that would allow podman to use port 53?

source
- Kalcifer@sh.itjust.works ⁨8⁩ ⁨months⁩ ago
  I’m currently running it in privileged mode (as sudo) so it has access to all the ports.
  
  source
Rayzor@lemmy.ml ⁨8⁩ ⁨months⁩ ago
You still running into trouble? Are you able to run ss -alnp as root?

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  
  You still running into trouble?
  
  Yes.
  
  Are you able to run ss -alnp as root?
  
  I have already tried checking if something is listening on 53 in about 10 different ways. That command yields the same outcome as before — nothing appears to be listening on 53.
  
  source
  - Rayzor@lemmy.ml ⁨4⁩ ⁨months⁩ ago
    Ever get this resolved?
    
    source
    -> View More Comments
  - possiblylinux127@lemmy.zip ⁨7⁩ ⁨months⁩ ago
    Then nothing is listening on 53. Check permissions
    
    source
backgroundcow@lemmy.world ⁨7⁩ ⁨months⁩ ago
After checking that you can open port 53 udp yourself with, say, nc (which you tried), strace the binary that tries to open port 53 and fails, and find the system call that fails. You can compare it with an strace on nc to see how it differs.

If this doesn’t clue you in (e.g., you see two attempts to listen to the same port…) Next step would be to find in the source code where it falls (look for the error message printout) and start adding diagnostic printouts before the failing system call.

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  See the solution in the post.
  
  source
FrostyCaveman@lemm.ee ⁨7⁩ ⁨months⁩ ago
[deleted]
source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  systemd-resolved is not running — it isn’t even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.
  
  source
dandroid@sh.itjust.works ⁨8⁩ ⁨months⁩ ago
I used this guide and it worked perfect for me:

b-woody.com/…/2022-05-12-pihole-on-a-rootless-pod…

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  I am running the container in priveleged mode, so it has access to those ports. That being said, I already tried in unpriveleged mode by giving access to ports above 53 in /etc/sysctl.conf and applying it with sysctl -p. All to no avail, of course.
  
  source
catloaf@lemm.ee ⁨8⁩ ⁨months⁩ ago
Can you use nc to bind to udp 53 yourself?

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  Yup. I ran # nc -u -l 0.0.0.0 53 to listen on port 53. Then I ran # drill @127.0.0.1 53 archlinux.org in another shell. I saw the request in the listening shell.
  
  source
  - catloaf@lemm.ee ⁨7⁩ ⁨months⁩ ago
    Hmm. Can you run another service like github.com/vhiribarren/docker-echo-server on udp 53? If it fails, can you bind another port, both under and over 1024, with success? That would tell us if it’s something with that image or a system problem.
    
    source
    -> View More Comments
Decronym@lemmy.decronym.xyz ⁨7⁩ ⁨months⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

DNS Domain Name Service/System

IP Internet Protocol

PiHole Network-wide ad-blocker (DNS sinkhole)

[Thread #602 for this sub, first seen 15th Mar 2024, 07:25] [FAQ] [Full list] [Contact] [Source code]

source
possiblylinux127@lemmy.zip ⁨7⁩ ⁨months⁩ ago
Have you made sure Podman has access to 53? It runs as a local user

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  See the solution in the post.
  
  source
scott@lem.free.as ⁨7⁩ ⁨months⁩ ago
This post from Stack Exchange might help you, switching 80 for 53, of course.

source
- Kalcifer@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  See the solution in the post.
  
  source
  - scott@lem.free.as ⁨7⁩ ⁨months⁩ ago
    Ahhh… very good. I avoided all this by running Pihole on its own IP on the LAN using a bridged interface from the host.
    
    source
PoliticallyIncorrect@lemmy.world ⁨7⁩ ⁨months⁩ ago
What about using Docker image instead?

source

Fewer Letters	More Letters
DNS	Domain Name Service/System
IP	Internet Protocol
PiHole	Network-wide ad-blocker (DNS sinkhole)