Error: The DNS and DHCP service exited prematurely: exit status 2 while creating incus network

echo · May 27, 2025, 6:46am

I ran incus network create incusbr0 --type=bridge and it gives me this error:

Error: The DNS and DHCP service exited prematurely: exit status 2 ("dnsmasq: failed to create listening socket for 10.14.70.1: Address already in use")

I am running unbound DNS on port 53, could that be an issue? Is there a way to run dnsmasq on other port?

Distribution is archlinux.

[user@box ~]$ uname -a
Linux box 6.14.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 09 May 2025 17:36:18 +0000 x86_64 GNU/Linux

stgraber · May 27, 2025, 5:54pm

Yes, that is the issue.

You’ll need to configure unbound to only listen on the addresses that you actually need it on.

echo · May 28, 2025, 5:54am

So should I make unbound listen on the 10.x.x.x address and then explicitly set it as dns.nameserver for the incus network?

osch · May 28, 2025, 6:43am

Incus will on default configure dnsmasq listening or bound to the incusbr0 interface. It seems like your unbound DNS has currently no restrictions configured and listen automatically on all interfaces on your host.
In order to allow Incus spinning up it’s dnsmasq service you need to restrict your unbound DNS to either the host network space or default host network interface, for example add the following into your unbound conf file and restart

interface: 127.0.0.1

Now it only listens on localhost interface and doesn’t block incusbr0.

echo · May 28, 2025, 11:44am

Yeah, I am aware of that. I listen on all addresses (0.0.0.0) which is totally unnecessary. I was wondering if I can use unbound as a primary resolver for the particular incus bridge. Should I listen unbound on one of the address inside incusbr0 and then set dns.nameserver field to that address?

osch · May 28, 2025, 12:28pm

There are multiple options you have to configure your DNS resolution.

On default Incus will setup dnsmasq on incusbr0 including DNS to allow container resolution, so container A can resolve container B by is’t instance name. It will also use the host DNS to resolve names outside of the Incus world. This is as said out of the box behavior.

It is also possible to disable all Incus default features and run it on your own. Requires a few configuration changes during incusbr0 creation to disable DNS, DHCP, etc. After this you can use your own services located on the host or in container instances.

In general Incus default features are recommended as they do everything for you but your milage might be different…

echo · May 28, 2025, 1:19pm

Awesome. Thanks for the help!