Pi-hole Moving Port 53

Free up port 53 (for Pi-hole Docker)

In Linux, you need to tell systemd-resolved not to listen on port 53 (via its stub listener), then restart it. This keeps local DNS working on the host while freeing the port for Pi-hole.

Step 1: Confirm what's using port 53

Run one of these commands (use sudo if needed):

sudo ss -tulpn | grep ':53'

sudo lsof -i :53

or the classic:

sudo netstat -tulpn | grep ':53'

Look for output like:

systemd-resolved or systemd-resolve listening on 127.0.0.53:53 (or sometimes 0.0.0.0:53)
Possibly dnsmasq, unbound, named (BIND), or another DNS service if you've installed one before.

If it's systemd-resolved (most common), proceed.

Step 2: Free up port 53 (for Pi-hole Docker)

You need to tell systemd-resolved not to listen on port 53 (via its stub listener), then restart it. This keeps local DNS working on the host while freeing the port for Pi-hole.

Edit the config file:
```
sudo nano /etc/systemd/resolved.conf
```
Find the line #DNSStubListener=yes (it might be commented out).

Change it to (uncomment and set):

text:
```
DNSStubListener=no
```
Save and exit.
Restart the service:
```
sudo systemctl restart systemd-resolved
```
(Or if it was fully disabled before, sudo systemctl enable --now systemd-resolved isn't needed — just restart.)
Verify port 53 is now free:

Run the check command from Step 1 again — no process should be listening on :53 anymore.

If still taken, double-check for other services (e.g., sudo systemctl stop unbound if you have Unbound installed, or sudo systemctl disable --now dnsmasq).

Step 3: Restart your Pi-hole container

Now try again:

sudo docker compose down
sudo docker compose up -d

It should start without the port error.

Important: Fix host DNS resolution after this change

Disabling the stub listener breaks the host's own DNS (it was using 127.0.0.53 as its resolver).

To restore it:

Remove the symlink to the stub resolver:

Bash
```
sudo rm /etc/resolv.conf
```
Create a new static /etc/resolv.conf with a working upstream DNS (temporarily use public ones; later change to your Pi-hole IP once it's up):

Bash
```
sudo nano /etc/resolv.conf
```
Put in something like:

text
```
nameserver 1.1.1.1
nameserver 1.0.0.1
# or nameserver 8.8.8.8
```
Save

To make it persistent (prevent NetworkManager or whatever from overwriting):
- If using NetworkManager: Edit connections or add to /etc/NetworkManager/NetworkManager.conf:
  
  text
```
[main]
dns=default
```
  Then sudo systemctl restart NetworkManager
- Or make resolv.conf immutable temporarily: sudo chattr +i /etc/resolv.confOnce Pi-hole is running and healthy:

Change the host's /etc/resolv.conf to point to 127.0.0.1 (since Pi-hole binds to host's port 53) or your server's LAN IP.
Or keep public upstreams if you prefer.

YOU NEED TO: Change Router's DHCP DNS Settings to Point to Pi-hole

This is the most important step for network-wide blocking.

Log into your router again.
Look for LAN > DHCP Server (or LAN Setup, DHCP Settings, Advanced Network).
Find the DNS Server fields (often Primary/Secondary DNS, or DNS 1/DNS 2).
Set Primary DNS (or DNS Server 1) to your Pi-hole server's static IP (e.g., 192.168.1.50).
For Secondary DNS (optional but smart for redundancy):
- Leave blank, or set to a public one like 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google) as fallback if Pi-hole is down/rebooting.
- Some routers let you set only one — that's fine; devices will fail over if needed.
Important: Do NOT set this in the router's WAN/Internet DNS fields (that's for the router's own upstream queries). Only change the LAN/DHCP side.
Save/Apply changes.
Many routers require a reboot or will prompt to reconnect devices — do that if asked.

After this:

New devices (or ones that renew lease) get Pi-hole IP as DNS automatically.
Existing devices: Force them to renew DHCP (reboot, toggle Wi-Fi off/on, or run ipconfig /renew on Windows, sudo dhclient on Linux).
Test: On a client device, run nslookup pi-hole.net (or any site) — it should show your Pi-hole IP as the server.