Pi-hole Docker Howto

Solved: Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use

Published by

Problem

While configuring the Duo Network Gateway (DNG) on a Ubuntu device for RDP, I came across the following error while trying to configure a DNS service:

The error is presented because the Ubuntu system is using the UDP port 53 (DNS). This is because there is a network name resolution service called systemd-resolved running by default. This service provides name resolution to local applications using the loopback IP of the device and acts by default as a DNS stub listener. It can also validate DNS/DNSSEC and can be configured for Link-Local Multicast Name Resolution (LLMNR) which when enabled will become a full LLMNR responder and resolver. There are a few other things that systemd-resolved can do but for this article, we won’t discuss those as they’re not relevant. You can find out more about systemd-resolved here.

Solution

II’ve seen articles on the Internet recommending that systemd-resolved should be disabled if you encounter this issue. However, by disabling systemd-resolved, the name resolution will not work, so we need to take another approach. The approach that we’re going to take in this article is to modify the resolved.conf for systemd-resolved. We will modify the configuration so that it no longer listens for DNS requests but rather uses the configured DNS servers for that task.

Verify that port 53 is used on your DNG

Although you have experienced the aforementioned error that more than likely brought you here, let’s not jump the gun! We want to start by checking what is using port 53. Enter the following command to valid port 53 is indeed in use.

sudo lsof -i udp:53

You should recieve a similar output to the one shown in the screenshot below. Here we confirm that systemd-resolved is indeed using UDP 53 (DNS).

We can further validate this by performing an NSLOOKUP to see what the system uses to resolve FQDN’s. Enter the following command.

sudo nslookup google.com

The results should be similar to the screenshot below. You can see that the DNG is using itself to cache and perform DNS lookups.

Modify

If you are using an Ubuntu or Fedora operating system to run the Pi-Hole Docker container, you may need to disable the DNS Stub listener that is built into the Systemd resolve service.

The operating system uses this service to provide network name resolution. As Pi-Hole will want to operate on the same part the resolve service does, we need to disable it.

To start this process, begin editing the “/etc/systemd/resolved.conf

”

Nowconfiguration thatfile weby are 100% certain that systemd-resolved is causing some issues here, lets modify the configruation so that we can return to what we were originally trying to achieve. Enterrunning the following commands and modify the following fields.Now that we are 100% certain that systemd-resolved is causing some issues here, lets modify the configruation so that we can return to what we were originally trying to achieve. Enter the following commands and modify the following fields.command.

sudo nano /etc/systemd/resolved.confCopy

8. Within this file, you will want to find the following line. This setting basically allows us to control whether the DNS stub listener is turned on.

[Resolve]#DNSStubListener=yesCopy

DNS=<Your

After preferredfinding this line you will want to remove the hashtag (#) from the front of this line and change “yes” to “no“.

DNSStubListener=noCopy

9. Once you have made this change, save and quit out of the file by pressing CTRL + X, Y, and then ENTER.

10. Our next step is to remove the existing “resolv.conf” file since it currently points your system’s network to use the now-disabled DNS server/sstub here>resolver.

#FallbackDNS=

You Domains=<entercan yourdelete domainthis here>file #LLMNR=nousing MulticastDNS=nothe #DNSSEC=norm #Cache=yescommand #DNSStubListener=noas shown below.

sudo rm /etc/resolv.confCopy

Once11. saved,With nowthe existing “resolv.conf” file removed, we will now create a symbolic link betweenin forits resolved.conf.place pointing to the version setting in the “/run/systemd/resolve/” directory.

This version of the file is basicallyautomatically justupdated creating a shortcut or alias forusing the configurationDNS file.servers Enterset thewithin followingyour commands.Netplan.

sudo ln -sfs /run/systemd/resolve/resolv.conf /etc/resolv.confCopy

Reboot

12. The last thing we need to do is restart the DNG“systemd-resolved” andservice confirmso that all of our changes

 will be loaded in.

AlthoughOnce wethe service has finished restarting, Pi-hole should now be good and if you performed another NSLOOKUP, you would see that the DNG is no longer authoritive for DNS. Lets reboot the system justable to confirm that the changes are now in place. Enter the following command.

reboot

When the system comes back online, perform another NSLOOKUP. You should now see that you are resolving withutilize the DNS server/sports thaton youyour configured.system.

You

sudo aresystemctl now free to go back to installing DNS within Docker…assuming that’s what you were doing ;-).

Note: If you’re still having issues you could run the following commands. The first command will stoprestart systemd-resolved

and the last command will make sure you can still do DNS lookups with this service now stopped.

sudo systemctl stop systemd-resolved
nslookup google.com

Composefile: