podman: Unable to access UDP port 53 exposed by container from network

I currently have pihole running with docker on Debian, and I’m trying to get it to work on Fedora Server 36 with podman.

To be able to use port 53, I set DNSStubListener=no in /etc/systemd/resolved.conf

I’ve started the container using podman as the root user.

# podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS                      PORTS                                                                             NAMES
e92da0e3e69b  docker.io/pihole/pihole:latest                        9 minutes ago   Up 9 minutes ago (healthy)  0.0.0.0:53->53/udp, 0.0.0.0:67->67/udp, 0.0.0.0:53->53/tcp, 0.0.0.0:8090->80/tcp  pihole

I can use the DNS server using 127.0.0.1:

# nslookup www.google.com 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	www.google.com
Address: 142.250.179.164
Name:	www.google.com
Address: 2a00:1450:400e:80c::2004

However, it doesn’t work from the network. And, even on the machine itself it doesn’t work when using the interface ip address:

# nslookup www.google.com 192.168.1.237
;; connection timed out; no servers could be reached

I tried disabling SELinux, and firewalld, but that doesn’t make a difference.

# firewall-cmd --state
not running
# getenforce
Disabled

The UDP port (53) can only be reach from localhost. The TCP ports can be reached from the network.

cc @mheon @rhatdan

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 27 (20 by maintainers)

Most upvoted comments

OS X is going to be a separate issue, due to the involvement of podman machine and a VM. Please open a fresh issue.

+1
mheon on Mar 3, 2023
Read more comments on GitHub
← podman: Ubuntu 19.10 package conflicts with kubeadm
podman: Unable to authenticate with podman-remote over ssh to drive remote podman.sock →