TCP Port 53 not working (connection reset)

Hi all,

I’m new to Fly.io and in the process of migrating my codebase here. I really love it so far!

Now, the only thing that’s left to do before doing the final switch is to finally make TCP on port 53 work for a DNS name server. Other TCP ports for other protocols are working already, UDP is working too. When changing the DNS TCP port from 53 to any other port (let’s say 8333) in the fly.toml it works on that non-53 port. I can see in my logs that the server is listening locally on that port (::1/0.0.0.0). Both IPv4 and IPv6 are not working.

I’m kind of clueless. Could this be due to some sort of bug or restriction?

% fly info
...
TCP      53 => 53 []                
...
% cat fly.toml
...
[[services]]
  internal_port = 53
  protocol = "tcp"

  [[services.ports]]
    port = "53"
...
(fly ssh) % netstat -pane | grep "LISTEN"
...
tcp6       0      0 :::53                   :::*                    LISTEN      0          650        519/node            
...
(fly ssh) % dig @127.0.0.1 -p53 test.com +tcp
...
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43753
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
...

^This is the same when I run dig @fly-io-ip.example.com -p53 test.com +tcp +short -4 in the fly ssh shell. In this case, the domain I’m querying has an A/AAAA record hosted externally.

% dig @fly-io-ip.example.com -p53 test.com +tcp +short -4
;; communications error to XXX.XXX.XXX.XXX#53: connection reset

^Same on IPv4, as well as on IPv6 and again, no issues on UDP or on other TCP ports.

I’d appreciate if someone could point me in the right direction or point out something that I am may missing…

Similar issue from last year that was due to a bug: Getting connection reset on 53/tcp

Not really finding an issue on the container. Could it be a bug again?

This is a bug! Before we released this: New Feature: Every public port now allowed for TCP services (this means HTTP too) we had a workaround to allow some privileged ports to work which we forgot to remove. It’s been taken out now so this should all work again!

1 Like

Thanks so much! Works now! :slight_smile:

2 Likes