pi-hole/docker/portainer/truenas failed to bind port 0.0.0.0:53

PeteDD · April 13, 2025, 3:42pm

Expected Behaviour:

while attempting to install pi-hole in a stack on portainer and specifying port 53 mapped to port 53, I get this error. ...
failed to bind host port for 0.0.0.0:53:172.19.0.2:53/tcp: address already in use

This works on my other proxmox system. The DIFFERENCE is that this system also has a TrueNAS stack.

I have spent the last three hours researching this and none of the posts I have found help.

lsof -nP -i:53
run from the proxmox console, docker shell, or the truenas shell does not show any thing on port 53.

similarly
ss -tulpn | grep LISTEN | grep :53
yields nothing.

This post referes to changing DNSStubListener=yes to no in /etc/systemd/resolved.conf but none of the shells listed above have a /etc/systemd/resolved.conf file

This post (which is quite excellent) also refers to /etc/systemd/resolved.conf as well as the /run/systemd/resolve directory which, again, is not found on my system.

Going crazy on this one...

Proxmox 8.3.1
Docker version 28.0.4, build b8034c0
Portainer Community Edition 2.27.3 LTS
TrueNAS ElectricEel-24.10.2.1

I tried a static route in TrueNAS to my router thinking that might eliminate the use of a DNS server on TrueNAS. I could not find anything about turning off DNS in TrueNAS other than the systemd resolve stuff already mentioned above.

Here is the portainer stack file that throws the error. (Again this stack runs just fine if TrueNAS is not in another stack on the system.

# Docker Compose version
version: "3"

# Define services (containers to be created)
services:
  # Service name: pihole
  pihole:
    # Name of the container instance
    container_name: pihole

    # Image to use for this container
    # Use the specified version of the pihole image
    image: pihole/pihole:latest

    # Expose and map ports (host:container)
    ports:
      - "5353:53/tcp" # DNS (TCP)
      - "5353:53/udp" # DNS (UDP)
      - "7300:80/tcp" # Web UI HTTP
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp" 
      

    # Environment variables
    environment:
      TZ: 'America/Panama'
      FTLCONF_webserver_api_password: "<redacted>"
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
      FTLCONF_dns_listeningMode: 'all'    
    

    # Mount volumes for persistent data
    volumes:
      - "/data/pihole/data/pihole:/etc/pihole" # Pi-hole data
      - "/data/pihole/data/dnsmasq:/etc/dnsmasq.d" # dnsmasq data

    cap_add:
      - NET_ADMIN
      
    # Restart policy for the container when it exits
    restart: unless-stopped

    # DNS servers for this container to use
    dns:
      - 127.0.0.1 # Localhost for internal resolution
      - 1.1.1.1 # Cloudflare DNS for external resolution

Actual Behaviour:

Portainer throws this error when trying to deploy the pi-hole stack:
Failed to deploy a stack: compose up operation failed: Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint pihole (3b5a2f5e9d4f522b9d462c7fd3af7a30676b287649110b14d3174137ed8ef16b): failed to bind host port for 0.0.0.0:53:172.19.0.2:53/tcp: address already in use

Debug Token:

No debug token since pi-hole can't start

Any help here is greatly appreciated.

PeteDD · April 13, 2025, 5:39pm

I found this script which removed all port 53 use. https://raw.githubusercontent.com/bigbeartechworld/big-bear-scripts/master/disable-dns-service/disable_dns_service.sh

Covered in this video
How to install Pi-hole on Portainer

and it can be run as follows:
bash -c "$(wget -qLO - https://raw.githubusercontent.com/bigbeartechworld/big-bear-scripts/master/disable-dns-service/disable_dns_service.sh)"

Bucking_Horn · April 13, 2025, 9:53pm

Since you're mapping your Pi-hole container's port 53 to port 5353 on your host, that would suggest that the port conflict about 0.0.0.0:53:172.19.0.2:53/tcp is not with a port on your host machine, but within Docker's internal network, or perhaps about your target port 5353.

Run from your host machine, please share the output of:

sudo ss -tulpn sport = 53

sudo ss -tulpn sport = 5353

Also, remapping port 53 generally won't work, as port 53 is the standard port for DNS, i.e. all your aspiring Pi-hole clients would use strictly port 53 for DNS by default.

Furthermore, you should not map to port 5353, as that isn't a free port - it is reserved for mDNS protocol usage (which shouldn't be mixed with DNS).

PeteDD · April 14, 2025, 12:05am

Re port 5353, that was a workaround for getting pi-hole stack to deploy. Sorry I forgot to mention that. With port 53:53, I got the error message I posted. But, the script I later posted worked to kill the other process using port 53.