How to Resolve Port 53 Conflict Between, systemd.resolved and pihole-dnscrypt docker

[chuckdsk]

Problem: port 53 conflict between systemd.resolved and pihole in the pihole-dnscrypt docker

Setup: pi 4, ubuntu 20.04.2 (clean install)

Guides for install:

(1) https://github.com/losuler/pihole-dnscrypt-docker

(2) https://github.com/pi-hole/docker-pi-hole/ (section - Installing Ubuntu)`

Attempted Solutions:

(1) Stop resolution via stub listener:

sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf (from the second guide).

Breaks name resolution on the server.

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl prdel.cz
curl: (6) Could not resolve host: prdel.cz

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$nslookup prdel.cz   
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53
Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.

ERR_NAME_NOT_RESOLVED

(2) Shut off systemd.resolved:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

Breaks name resolution on the server.

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl www.prdel.cz
curl: (6) Could not resolve host: www.prdel.cz

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ nslookup prdel.cz
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53

Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.

ERR_NAME_NOT_RESOLVED

(3) Repeat step 2 and remove symlink from /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf by creating a static /etc/resolv.conf.

This seems to work, but it doesn't seem to be a good solution, as I'm loathe to simply do away with systemd-resolved, as Debian/Ubuntu have it there for reasons.

I'm pretty new to linux networking/admin/dockers, so I've looked wherever I can think of on the net to find a solution. No luck so far.

I have posted this at rpi stack exchange. They referred me here as a starting point:

https://raspberrypi.stackexchange.com/questions/128288/how-to-resolve-port-53-conflict-between-systemd-resolved-and-pihole-dnscrypt-do

I would appreciate any guidance on this.

Thanks!

[losuler]

I just spun up an Ubuntu 20.04.2 LTS machine to test this and I think you may have missed a step from the Installing on Ubuntu section from pi-hole/docker-pi-hole.

After you've set DNSStubListener=no in /etc/systemd/resolved.conf (I think it's a better practice to edit this manually, rather than running that sed command, unless it's apart of an automation pipeline), you'll need to remove the symlink that this setting previously creates. systemd-resolved will infact inform you of this upon restarting the service, displaying a warning that says:

DNSStubListener= is disabled, but /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf which expects DNSStubListener= to be enabled.

To do this you just need to run the following commands and then restart the systemd-resolved service:

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved

After I did this the docker-compose started without error.

[chuckdsk]

Thanks so much for taking the time to have a look at this. I really appreciate it.

I had stepped away from this for a few days, so my memory is stale. I followed your advice above, and I have rechecked everything I could think of. I forgot the netplan step in Installing on Ubuntu originally, so I fixed that.

So, the problem of curl not working from the command line is solved, and I can reach pihole's admin pages.

My router doesn't allow me to set a DNS for the whole network, so I'm left setting DNS addresses manually for now. Therefore, I manually set my client's DNS per step three here to the local IP of the server hosting the docker, but queries are not getting through to pihole.

Process:

(1) Checked Automatic DHCP. (2) Set DNS to pihole server's IP. (3) Set Automatic to off. (4) Restarted wired connection.

However, DNS queries from the client to the server don't seem to make it to pihole. I've played around with tcpdump, and I haven't found them, although I'm a noob at this. In my manual install of dnscrypt-proxy and pihole on another pi, I didn't run into this.

Am I pointing my client in the wrong direction? Am I missing another step somewhere, such as iptables rules or some such?

Thanks!

[chuckdsk]

Sorry, didn't mean to close the issue.