How to run a Rootless Podman Bind9 DNS Server to resolve my Podman Containers and QEMU KVM Virtualmachines

Hi Fedora Community,

What I want?

I am using Fedora 41 inside a VirtualBox

What I want to do is to set up a dns resolver for my QEMU KVM Virtual Machines and Podman Containers using Bind9 and a Free Domain from DuckDns.

What I did?

Exposing Privileged Port

sudo sysctl -w net.ipv4.ip_unprivileged_port_start=53

My Podman Compose File

services:
  bind9:
    container_name: dns-server
    image: ubuntu/bind9:latest
    environment:
      - BIND9_USER=bind
      - TZ=Asia/Colombo
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - ./config:/etc/bind
      - ./cache:/var/cache/bind
      - ./records:/var/lib/bind
    restart: unless-stopped
    networks:
      - common

networks:
  common:
    name: common
    driver: bridge

Podman Compose Error

podman-compose -f Podman/bind9.yaml up -d            
434d891de35171b4633b648f5d4c8100bc63d7cda6d425ab75023d890aa528a0
Error: rootlessport listen tcp 0.0.0.0:53: bind: address already in use
Error: unable to start container "a329775265e36de75e6213832cedc19102a042262d57363a5754098ff6169678": rootlessport listen tcp 0.0.0.0:53: bind: address already in use

The Solution I found

sudo systemctl disable --now systemd-resolved

But it did not Work

  • I found out another process also using port 53 using sudo fuser 53/udp
  • The Process is dnsmasq, and it was not enabled by systemd
  • Based on my research that dnsmasq is running for the qemu kvm vm to resolve the dns.
🎩  zakee on linux-box at σ°‹œ ~ sudo systemctl disable --now systemd-resolved        
Removed '/etc/systemd/system/sysinit.target.wants/systemd-resolved.service'.
Removed '/etc/systemd/system/dbus-org.freedesktop.resolve1.service'.

🎩  zakee on linux-box at σ°‹œ ~ sudo fuser 53/udp                            
53/udp:               1941

🎩  zakee on linux-box at σ°‹œ ~ ps -ef | grep 1941                       
dnsmasq     1941       1  0 20:27 ?        00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
root        1942    1941  0 20:27 ?        00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
zakee       7186    3902  0 21:50 pts/1    00:00:00 grep --color=auto 1941

🎩  zakee on linux-box at σ°‹œ ~ sudo systemctl status dnsmasq                
β—‹ dnsmasq.service - DNS caching server.
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)

My Question is?

Is that possible to achieve what I want…

To Run Bind9 as a Rootless Podman Container to dns resolve both my Podman Containers and QEMU KVM Virtual Machines.

If yes, how can I achieve that…

Any guidance, ideas or suggestions will be a great help.

Added podman, systemd-resolved

Added dns, qemukvm