Pi-hole Moving Port 53

Free up port 53 (for Pi-hole Docker)

In Linux, you need to tell systemd-resolved not to listen on port 53 (via its stub listener), then restart it. This keeps local DNS working on the host while freeing the port for Pi-hole.

Step 1: Confirm what's using port 53

Run one of these commands (use sudo if needed):

sudo ss -tulpn | grep ':53'

sudo lsof -i :53

or the classic:

sudo netstat -tulpn | grep ':53'

Look for output like:

systemd-resolved or systemd-resolve listening on 127.0.0.53:53 (or sometimes 0.0.0.0:53)
Possibly dnsmasq, unbound, named (BIND), or another DNS service if you've installed one before.

If it's systemd-resolved (most common), proceed.

Step 2: Free up port 53 (for Pi-hole Docker)

You need to tell systemd-resolved not to listen on port 53 (via its stub listener), then restart it. This keeps local DNS working on the host while freeing the port for Pi-hole.

Edit the config file:
```
sudo nano /etc/systemd/resolved.conf
```
Find the line #DNSStubListener=yes (it might be commented out).

Change it to (uncomment and set):

text:
```
DNSStubListener=no
```
Save and exit.
Restart the service:
```
sudo systemctl restart systemd-resolved
```
(Or if it was fully disabled before, sudo systemctl enable --now systemd-resolved isn't needed — just restart.)
Verify port 53 is now free:

Run the check command from Step 1 again — no process should be listening on :53 anymore.

-If the command returns blank, that is good.

If still taken, double-check for other services (e.g., sudo systemctl stop unbound if you have Unbound installed, or sudo systemctl disable --now dnsmasq).

Step 3: Restart your Pi-hole container

Now try again:

sudo docker compose down
sudo docker compose up -d

It should start without the port error.

Important: Fix host DNS resolution after this change

Disabling the stub listener breaks the host's own DNS (it was using 127.0.0.53 as its resolver).

To restore it:

Remove the symlink to the stub resolver:

Bash
```
sudo rm /etc/resolv.conf
```
Create a new static /etc/resolv.conf with a working upstream DNS (temporarily use public ones; later change to your Pi-hole IP once it's up):

Bash
```
sudo nano /etc/resolv.conf
```
Put in something like:

text
```
nameserver 1.1.1.1
nameserver 1.0.0.1
# or nameserver 8.8.8.8
```
Save

Once its running: On your server (the host machine)

/etc/resolv.conf is currently:

nameserver 1.1.1.1
nameserver 1.0.0.1

(or whatever DNS you put in there)

Change it to this: (add nameserver 127.0.0.1)

nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 1.0.0.1

Commands:

sudo nano /etc/resolv.conf

Paste the three lines above, save and exit (Ctrl+O → Enter → Ctrl+X).

Then lock the file so it survives reboot:

sudo chattr +i /etc/resolv.conf

Test it works:

Bash

ping google.com

(Should resolve and ping.)

2. On your router

~~Current~~

~~setting:~~

On your home router

Log in to your router's admin page. Go to LAN → DHCP Server (or LAN Setup / DHCP Settings / Advanced Network). Find the DNS Server fields. Set Primary DNS ~~= 192.168.0.1 (This is wrong — your router is telling devices to use itself for DNS, so Pi-hole is not being used by the network.)~~

~~Change it~~Server

to:

~~Primary DNS Server:~~ 192.168.0.x11 ←(this ~~replace~~is xthe ~~with your Pi-hole server's actual LAN~~host/server IP ~~(Most~~– ~~likely~~do ~~192.168.0.50,~~not ~~192.168.0.100,~~add ~~etc.~~any —port ~~whatever static IP you gave your server)~~here) (Optional but recommended) Set Secondary DNS Server ~~(optional but recommended):~~to: 9.9.9.9 Click

~~How to find your server's IP if unsure:~~

~~On the server run:~~

ip addr show | grep "inet " | grep -v 127.0.0.1

~~Look for the 192.168.0.x address on your main network interface (usually eth0~~Save or ~~enp.~~Apply.~~.).~~

~~After~~

If ~~changing~~prompted, reboot the router ~~DNS settings:~~

~~Save / Apply~~ ~~Reboot the router if it asks (~~or ~~just~~ wait 1–2 ~~minutes)~~minutes.

After router changes

On your ~~phone/laptop:~~phone, ~~toggle~~laptop, or other devices (not the server): Turn Wi-Fi off →and back on (or reboot the device) to pick up the new DHCP ~~settings~~settings.

Quick check after both changes

OnTest access to the Pi-hole dashboard from any ~~phone/laptop~~device ~~(not~~on ~~the~~your ~~server):~~network:

~~Open~~Direct ~~browser~~container →access go(bypassing toNGINX, for testing): http://192.168.0.x/11:8081/admin (replace 8081 with the actual host port you mapped in docker-compose.yml under ports: for the web interface, e.g., if you have "8000:80", use ~~your server's IP)~~:8000)
~~You~~If ~~should~~you ~~see~~already set up NGINX reverse proxy for Pi-hole: http://192.168.0.11/admin (or https://192.168.0.11/admin if HTTPS is configured) → no custom port needed in the URL, NGINX handles it on 80/443

If you set up local DNS in Pi-hole ~~dashboard~~(recommended): http://pi.hole/admin (or https://pi.hole/admin if HTTPS) → no IP or port needed

Verify it's working:

Dashboard loads. Visit a site with lots of ads (news site, YouTube ~~app)~~app on phone) → ~~ads~~most ~~should~~ads/trackers ~~be mostly gone~~blocked. In Pi-hole dashboard → Query Log → ~~you should~~ see queries coming from multiple devices (phones, laptops, etc.).