Docker unable to bind to port 53

Running macOS Catalina 10.15.7 with latest docker.

Executing command:
docker run -d --name pihole -e ServerIP=10.100.100.11 -e TZ="Australia/Tasmania" -e WEBPASSWORD="Password" -e DNS1=1.1.1.1 -e DNS2=1.0.0.1 -p 80:80 -p 53:53/tcp -p 53:53/udp -p 443:443 -v ~/pihole/:/etc/pihole/ --restart=unless-stopped pihole/pihole:latest

When attempting to run the pinhole docker I get:
docker: Error response from daemon: driver failed programming external connectivity on endpoint pihole (44b3e302eae1ecb094816a085139b709e5dc59e83ce90ced98f6556b405b8a98): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use.

I have run a port scan and a netstat, nothing seems to be binding to 53.

Ideas?

Am having the exact issue. Mine started after doing a silly upgrade to docker latest version and it killed my pi-hole setup. Have you managed to find a solution yet ?

Have you reported this to any docker forum/support?

Seems to be an issue with the daemon and nobody here will be able to help you.

Is this really the same?

Over here:

docker: Error response from daemon: driver failed programming external connectivity on endpoint pihole (44b3e302eae1ecb094816a085139b709e5dc59e83ce90ced98f6556b405b8a98): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use.

Over there:

ERROR: for dev-dns Cannot start service dev-dns: Ports are not available: listen udp 0.0.0.0:53: bind: address already in use

But maybe it is the same and ours just sounds a bit more dramatic!

No idea, to be honest - just figured I'd drop in a link of something that sounds similar being discussed in a place meant for discussing docker on mac :wink:

1 Like

Also here:

Port 53 is being used at your host machine, that's why you can not bind 53 to host.

To find what is using port 53 you can do: sudo lsof -i -P -n | grep LISTEN

I'm a 99.9% sure that systemd-resolved is what is listening to port 53. To solve that you need to disable it. You can do that with these 2 commands:

  • systemctl disable systemd-resolved.service
  • systemctl stop systemd-resolved

Now you have port 53 open, but no dns configured for your host. To fix that, you need to edit '/etc/resolv.conf' and add the dns address. This is an example with a common dns address:

nameserver 8.8.8.8

If you have another nameserver in that file, I would comment it to prevent issues.
Once pihole docker container gets running, you can change the dns server of your host to localhost, as you are binding port 53 to the host machine. Change again '/etc/resolv.conf' like this

nameserver 127.0.0.1

Hope this helped! ( I recommend you to learn docker-compose, it is easier to use than 'docker run' IMO)

On MacOS?

Whoops... I'm sorry, that is for linux systems. Even tho, linux and mac shouldn't differ that much. You just have to search for what is making port 53 busy.

Try:

  • sudo lsof -i :53

Try that command and paste the result here. It could be whatever service. It could be "named". Let's see what does the command gives us.

I am having the same issue, but using Docker Desktop for Windows and have tried just about everything to figure out what is using the port.

It was working great until an update came for Docker Desktop, then I was getting the same cannot bind errors.

From what I've seen Docker itself is using the port, and it won't start if I disable the services that use the port. I'm not really sure what to do, even if there is anything that can be done.

Same issue here as reported by goo3r. The last Docker for Windows update appears to have broken something. Been using a pi-hole / dnscrypt combo in this scenario without any issues for several months, and now after that update it doesn't work anymore.
The Windows services involved are

  • Host Network Service
  • Internet Connection Sharing (ICS) service

The latter seems to be the one that's occupying port 53. Stopping this service doesn't work as long as the Host Network Service is running. If you stop / disable both, Docker doesn't work anymore (crash on startup), which is kind of expected, since Docker's network connectivity services depend on the Host Network Service.
My guess is that this can only be resolved with a Docker update.

I was able to run the container again as I was before with the latest Docker Desktop update. They addressed the port 53 binding in the change log of the release.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.