[SOLVED] Dnsmasq: failed to create listening socket for Address already in use


I ran into this problem on Ubuntu 18 LTS.

$ sudo lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: 
Do you want to configure a new storage pool? (yes/no) [default=yes]: 
Name of the new storage pool [default=default]: lxd
Name of the storage backend to use (btrfs, dir, lvm, zfs) [default=zfs]: zfs
Create a new ZFS pool? (yes/no) [default=yes]: 
Would you like to use an existing block device? (yes/no) [default=no]: 
Size in GB of the new loop device (1GB minimum) [default=25GB]: 25
Would you like to connect to a MAAS server? (yes/no) [default=no]: 
Would you like to create a new local network bridge? (yes/no) [default=yes]: 
What should the new bridge be called? [default=lxdbr0]: 
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
Would you like LXD to NAT IPv4 traffic on your bridge? [default=yes]: 
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: none
Would you like LXD to be available over the network? (yes/no) [default=no]: 
Would you like stale cached images to be updated automatically? (yes/no) [default=yes] 
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: 
Error: Failed to create network 'lxdbr0': Failed to run: dnsmasq --strict-order --bind-interfaces --pid-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.pid --except-interface=lo --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-a
ddress= --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/lib/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range,,1h -s lxd -S /lxd/ -
-conf-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.raw -u lxd: dnsmasq: failed to create listening socket for Address already in use

This is LXD version 3.0.1-0ubuntu1~18.04.1 installed from the default bionic-updates/main.

The IP subnet does not overlap with any of the existing subnets.

This system uses ifupdown. netplan is disabled. Which I suspect might be the cause of the problem (?) I asked a coworker to test lxd init on the same system that uses netplan and it works there apparently.

How do I get it to work without netplan (assuming that’s my problem here)?

The error says that port 53 (DNS) on the lxcbr0 network interface is already in use.
And LXD cannot setup its own dnsmasq.
Use lsof -i to figure out what is already listening on that port and interface.

Hi Simos,

The lxdbr0 interface is obviously not in use by anything else but lxd. In fact, it isn’t there as lxd init fails to complete its work.

There are several more interfaces configured on this system: br, tun, regular ethernet.

There’s also named server listening on all those IPv4 interfaces, including, but not on specifically. However, named listens on :::53 for tcpv6 and udpv6 connections. There’s also systemd-resolved process listening on

I just stopped named and lxd init was able to to configure and bring up the lxdbr0 interface.

Now, the question is how do I run both lxd and named on the same system?

To be clear, the problem is that when named and dsmasq are running simultaneously name resolving doesn’t work in containers.

You can find several threads here about such conflicts with port 53.
In you specific case it looks that lxdbr0 has IPv6 as well, and as you say, named binds to ::::53.
If you do not need IPv6 in the containers, the disable it and try again. If it works now, the you know where the problem is.

The error that you get, does not start LXD’s dnsmasq, hence no name resolution in the containers.

Well, the problem is (was) that BIND needs to listen on all interfaces except lxdbr0. This was solved by fine-tuning address match list of listen-on statement.

Running debian 9 on the host and adding listen-on {; }; to the bottom of /etc/bind/named.conf worked for me…

Ok… try again… adding these lines to /etc/bind/named.conf.options seems to work

listen-on {
          }; is the IP given when running lxc network info lxdbr0 and the ! tells bind to not listen on this address… Fingers crossed…