If you are reading this, you have most likely already updated to UGOS PRO 1.6.0.2917 and your Pi-hole Docker container failed with the error

failfull start project ‘pi-hole’ err: Container pihole StartingError response from daemon: driver failed programming external connectivity on endpoint pihole (…): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use

if you connect to your NAS over SSH and execute

ssh [email protected]
sudo lsof -i :53

you will see that this update comes with this built-in DNS server dnsmasq that already occupies port :53

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 
dnsmasq 1573 dnsmasq 4u IPv4 1961 0t0 UDP localhost:domain 
dnsmasq 1573 dnsmasq 5u IPv4 1962 0t0 TCP localhost:domain (LISTEN)

This DNS server is probably needed for a new feature that promises container apps access over UGREENlink: Added UGREENlink support for remote access to some container apps (firmware and client update required).

So what to do? Let’s find out how dnsmasq is configured.

ps aux | grep dnsmasq

dnsmasq   347028  0.0  0.0  41368  3008 ?        S    20:52   0:00 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /usr/ugreen/etc/dnsmasq/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --conf-file=/usr/ugreen/etc/dnsmasq/dnsmasq.conf --local-service --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

it shows that –conf-file is located at /usr/ugreen/etc/dnsmasq/dnsmasq.conf, let’s take a look what is inside

sudo nano /usr/ugreen/etc/dnsmasq/dnsmasq.conf

here is default content of this files

# 启用本地 DNS 缓存
cache-size=1000

#DNS记录生存时间（平衡实时性与性能）
local-ttl=600        # 默认缓存10分钟（上游未指定 TTL 时）
#max-cache-ttl=3600  # 强制所有记录最多缓存 1 小时

# 监听本地接口，不监听虚拟网络接口，避免冲突
listen-address=127.0.0.1,::1
bind-interfaces

# 使用指定上游 DNS
resolv-file=/usr/ugreen/etc/dnsmasq/dnsmasq-resolv.conf

# 安全性（可选）
#domain-needed(严格完全限定域名，不能是裸主机名)
#bogus-priv(上游 DNS 返回了私有 IP 地址，dnsmasq 会拒绝返回结果给客户端)

# 日志输出（调试用，可关闭）
#log-queries
# 仅记录错误
log-facility=/var/log/dnsmasq.log

According to this configuration, this DNS server listens only to local traffic and does not reply to requests from LAN IPs

listen-address=127.0.0.1,::1

t resolves DNS using the nameserver (8.8.8.8) specified in the resolv-file

resolv-file=/usr/ugreen/etc/dnsmasq/dnsmasq-resolv.conf

Workaround 1

Just stop dnsmasq if you do not plan to use UGREENlink remote access to container apps. This solutions is not recommended, especially if you use Virtual Machines functionality (see explanation from UGREEN Technical Support).

sudo systemctl stop dnsmasq
sudo systemctl disable dnsmasq

Workaround 2

Configure dnsmasq to use pi-hole for DNS resolution.

1. Expose Pi-hole on another port (for example :5553)

ports:
   - "5553:53/tcp"
   - "5553:53/udp"

2. Allow request from LAN IPs

listen-address=127.0.0.1,::1,192.168.68.53

3. Forward DNS requests to Pi-hole

#resolv-file=/usr/ugreen/etc/dnsmasq/dnsmasq-resolv.conf
no-resolv
server=192.168.68.53#5553

4. Replace 192.168.68.53 by you NAS IP address

5. Final configuration

# 启用本地 DNS 缓存
cache-size=1000

#DNS记录生存时间（平衡实时性与性能）
local-ttl=600        # 默认缓存10分钟（上游未指定 TTL 时）
#max-cache-ttl=3600  # 强制所有记录最多缓存 1 小时

# 监听本地接口，不监听虚拟网络接口，避免冲突
listen-address=127.0.0.1,::1,192.168.68.53
bind-interfaces

# 使用指定上游 DNS
#resolv-file=/usr/ugreen/etc/dnsmasq/dnsmasq-resolv.conf
no-resolv
server=192.168.68.53#5553

# 安全性（可选）
#domain-needed(严格完全限定域名，不能是裸主机名)
#bogus-priv(上游 DNS 返回了私有 IP 地址，dnsmasq 会拒绝返回结果给客户端)

# 日志输出（调试用，可关闭）
#log-queries
# 仅记录错误
log-facility=/var/log/dnsmasq.log

6. Test that DNS resolution works (from another machine)

dig 192.168.68.53 google.com

With this approach, you will lose benefits to pi-hole’s network overview feature. You will see that all traffic comes from the first DNS server (dnsmasq), and your devices will not be distinguishable.

Workaround 3

Use Macvlan network driver and ask docker to assign new IP for Pi-hole container (thanks to JCS and Krishna from Discord)

networks:
  macvlan_net:
    driver: macvlan
    driver_opts:
      parent: eth0 # Or your physical network interface
    ipam:
      config:
        - subnet: 192.168.1.0/24 # Replace with your desired subnet
          gateway: 192.168.1.1 # Replace with your gateway

services:
  pihole:
    image: pihole/pihole:latest
    networks:
      - macvlan_net
    ...

Technical Support

Update 2025-07-02: Here is what I got as a reply to my support ticker.

UGOS PRO system port 53 is occupied by the following service:
1. dnsmasq within the virtual machine environment
2. Host system's dnsmasq

If you want to disable dnsmasq, consider executing the following operations in the background:

1. Clean up virtual machine network configuration:

virsh net-destroy vnet-host
virsh net-destroy vnet-nat0
virsh net-destroy vnet-nat1
virsh net-destroy vnet-nat2


2. Then disable the Virtual Machine service in App Center, execute it on demand, and if you are not using a Virtual Machine, you don't need to execute it.

3. Stop the host machine's dnsmasq service.

systemctl stop dnsmasq


It needs to be made clear that:

1. Is deploying a Pi-hole container for DNS service filtering ads? If so, it will conflict with the NAS's own DNS service.

2. If you need to stop the dnsmasq service in the background, please be aware that it may affect virtual machine functionality.