0

I am getting an error: Error: cannot listen on the TCP port: listen tcp4 :53: bind: address already in use When creating a container that gets his own IP address, this means that regardless of if there is some host program listening at port 53 the container should have no problems listening in the same port because his IP is not the same as the Host.

The command I am using to start the container is the following: sudo podman run -d --network podnet -p 53:53 --name test-container test-image

And inspecting the network podnet with sudo podman inspect podnet give the following:

[ { "name": "podnet", "id": "<censored>", "driver": "macvlan", "network_interface": "bridge0", "created": "<censored>", "ipv6_enabled": false, "internal": false, "dns_enabled": false, "options": { "mode": "passthru" }, "ipam_options": { "driver": "dhcp" } } ]

I am in a OpenSUSE Leap Micro machine.

Improve this question
3
  • You are passing the -p (--publish) option which attaches the port to your host machine (using all interfaces by default). It sounds like your host machine already has port 53 in use. Does it work if you remove the -p option? Commented Mar 8, 2024 at 23:07
  • @GracefulRestart It works but cannot test if the named service from bind9 is being public, because when running dig google.com @localhost in an exec session in the container it only gives me the error: ;; communications error to ::1#53: connection refused Commented Mar 9, 2024 at 2:27
  • Running the command within an exec session would have nothing to do with using --publish. If it cannot run in the exec session, then it is not working. You should post an example Dockerfile showing your problem to help troubleshoot this issue. Commented Mar 13, 2024 at 2:36

1 Answer 1

Reset to default
0

It is common for systemd servers to run resolved, its own caching DNS resolver.

While this behavior can be disabled, this type of question usually results from a wish to offer DNS service to the LAN, often as part of an ad blocker or other performance-enhancing LAN service. Therefore, let localhost:53 go on doing its systemd thing and bind only to your machine's public IP:

$ podman run \ --publish 192.168.1.2:53:53/tcp \ --publish 192.168.1.2:53:53/udp

Note the dual binding: DNS uses UDP by default, not TCP, but it can end up resorting to TCP for bulk data transfers. You need both.

One more detail: other than the privileged port binding, it is rare for such services to have a legitimate need for root-level access. One of my Rootless Privileged Ports ideas might allow you to avoid binding directly to 53, which has the happy side effect of further insulating you from your OS's meddling with localhost:53.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.