Solution
It was found (here, and here) that Podman uses its own DNS server, aardvark-dns
which is bound to port 53 (this explains why I was able to bind to 53 with nc
on the host while the container would still fail). So the solution is to bridge the network for that port. So, in the compose file, the ports section would become:
ports:
- "<host-ip>:53:53/tcp"
- "<host-ip>:53:53/udp"
- "80:80/tcp"
where <host-ip>
is the ip of the machine running the container — e.g. 192.168.1.141
.
Original Post
I so desperately want to bash my head into a hard surface. I cannot figure out what is causing this issue. The full error is as follows:
Error: cannot listen on the UDP port: listen udp4 :53: bind: address already in use
This is my compose file:
version: "3"
services:
pihole:
container_name: pihole
image: docker.io/pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
environment:
TZ: '<redacted>'
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
restart: unless-stopped
and the result of :
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 [fe80::e877:8420:5869:dbd9]:546 *:* users:(("NetworkManager",pid=377,fd=28))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=429,fd=3))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=429,fd=4))
I have looked for possible culprit services like systemd-resolved
. I have tried disabling Avahi. I have looked for other potential DNS services. I have rebooted the device. I am running the container as sudo (so it has access to all ports). I am quite at a loss.
- Raspberry Pi Model 1 B Rev 2
- Raspbian (bookworm)
- Kernel v6.6.20+rpt-rpi-v6
- Podman v4.3.1
- Podman Compose v1.0.3
EDIT (2024-03-14T22:13Z)
For the sake of clarity, shows nothing on 53, and
shows nothing listening to port 53 — the only listening service is SSH on 22, as expected.
Also, as suggested here, I tried manually binding to port 53, and I was able to without issue.
Check with “sudo ss -tupan | grep 53” to see if there is a process already using port 53. It might be systemd’s resolver or something like that.
If you read the post, I already did that. It shows no device using port 53.