Listen tcp :53: bind: permission denied ERROR!!

[Tej-Singh-Rana]

What happened:

kubectl get po -A
NAMESPACE      NAME                                   READY   STATUS             RESTARTS      AGE
kube-flannel   kube-flannel-ds-962vp                  1/1     Running            0             15m
kube-flannel   kube-flannel-ds-qs6xr                  1/1     Running            0             15m
kube-system    coredns-7db6d8ff4d-6w776               0/1     CrashLoopBackOff   1 (10s ago)   12s
kube-system    coredns-7db6d8ff4d-99tng               0/1     CrashLoopBackOff   1 (9s ago)    12s
kube-system    etcd-controlplane                      1/1     Running            0             12m
kube-system    kube-apiserver-controlplane            1/1     Running            0             12m
kube-system    kube-controller-manager-controlplane   1/1     Running            0             12m
kube-system    kube-proxy-hbt5b                       1/1     Running            0             12m
kube-system    kube-proxy-x96js                       1/1     Running            0             11m
kube-system    kube-scheduler-controlplane            1/1     Running            0             12m

I was setting up the single-node k8s cluster (1 controlplane and 1 worker node). After going through all the installation process from the official k8s site -> at last, after deploying the network plugin on the k8s cluster. CoreDNS pods went into a Crashloopbackoff state. I did check for the container logs and found the following error message:

 listen tcp :53: bind: permission denied

What you expected to happen:

Both coreDNS pods should be in the running state, after deploying the network plugin.

How to reproduce it (as minimally and precisely as possible):

Simply follow the steps from the official k8s site.

Anything else we need to know?: I did some tests, and I used 1024 instead of 53 port, and it started to work.

kubectl logs -n kube-system coredns-7db6d8ff4d-wchnq 
.:1024
[INFO] plugin/reload: Running configuration SHA512 = e20da72760199c1bc59098f3ae16621ae48df8f7756e50bd0dfa5553ccb7be57af61562fff46a43fdcce51ac086b26aa19929386004908ad3afe3aea9b06316a
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2

Environment:

• the version of CoreDNS: registry.k8s.io/coredns/coredns:v1.11.1

• Corefile: The below content is from the coredns configMap.

  Corefile: |
  .:53 {
      errors
      health {
         lameduck 5s
      }
      ready
      kubernetes cluster.local in-addr.arpa ip6.arpa {
         pods insecure
         fallthrough in-addr.arpa ip6.arpa
         ttl 30
      }
      prometheus :9153
      forward . /etc/resolv.conf {
         max_concurrent 1000
      }
      cache 30
      loop
      reload
      loadbalance
  }

• logs, if applicable:

  listen tcp :53: bind: permission denied

• OS (e.g: cat /etc/os-release):

  PRETTY_NAME="Ubuntu 22.04.4 LTS"
  NAME="Ubuntu"
  VERSION_ID="22.04"
  VERSION="22.04.4 LTS (Jammy Jellyfish)"
  VERSION_CODENAME=jammy
  ID=ubuntu
  ID_LIKE=debian
  HOME_URL="https://www.ubuntu.com/"
  SUPPORT_URL="https://help.ubuntu.com/"
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
  UBUNTU_CODENAME=jammy

[osho-20]

would like to work on this

[mariuskimmina]

I don't think there is anything to be done here on the CoreDNS site, it's a problem with the setup. The ports 1-1023 are privileged ports and require sudo permissions, which seem to be missing here. I didn't go through the installation guide, it could be that there is some problem in that - I am pretty sure that this is not a bug in CoreDNS tho.