This is a followup to an earlier guide on how to get Bind and LXD working together. I consider the old guide obsolete because there seems to be a new step required that I've added here.

This describes steps to resolve a port conflict between Bind and LXD. I put Virtualmin in the title though this isn't specifically related to Virtualmin. It's a Bind and LXD issue, but Virtualmin installs Bind by default so Virtualmin users may run into this problem if they try to use LXD and Virtualmin on the same system.

So the problem is basically due to a the addresses and ports used by Bind and LXD. Both are using port 53. I forget what program is used by an LXD implementation that uses port 53, but it's the one that basically assigns addresses to containers. 

If you have a situation where your LXD containers aren't getting IPV4 addresses, then this might be the solution for you.

Here's the steps I took on a fresh Ubuntu 20.04 install to get Bind and LXD working in perfect harmony. 

  1. Install Virtualmin using the Virtualmin install script. Or install Bind if you're not using Virtualmin.
  2. Comment out the following line in your /etc/bind/named.conf.options file: 
               listen-on-v6 { any; };
  3. Edit your /etc/bind/named.conf.options file to add the following below the line commented out above: 
                  listen-on-v6 {
                      fe80::21c:42ff:fe9b:a24a;  # The IPV6 address on the main internet facing network interface
                  };
                  listen-on port 53 {
                      199.241.136.40;   # The IPV4 address on the main internet facing network interface
                  };
  4. Reload Bind using the following command or equivalent for your operating system: 
      sudo service named reload
  5. Install lxd. I used snap to install it.
  6. Run the following two commands to allow the bridge interface used by LXD to be trusted by the firewall: 
      firewall-cmd --add-interface=lxdbr0 --zone=trusted --permanent
      firewall-cmd --reload

 

That's all it took for me to get my system running Bind and LXD containers without issues. It took me a long time to figure this out and with the help of others on the internet. 

Steps 2 and 3 tell Bind only to tie itself to the public facing address. This allows LXD to have the internal addresses it needs to operate on.

Step 6 tells the firewall to allow the normal operations needed on the bridge interface called lxdbr0 created by the LXD setup script. This step didn't used to be necessary for me in the past but it is now. I found out what to do from this thread at the linux containers forum.

If you have any questions I can try to answer them, but I'm no guru.