David,

Thank you very much for the quick reply!

I tried querying the DNS with TCP and it worked correctly, using the VRRP address in the reply packet. Unfortunately, UDP is the default for DNS queries.

Thanks for the advice about the options and the workaround. I had just copied them from the Podman docs and modified them slightly. I tried the '--publish 10.1.1.1:53:53/udp --publish 10.1.1.2:53:53/udp' options, and it worked great on the primary server that had the active VRRP address. I was able to query both the regular and VRRP addresses and get a response. Unfortunately, when I tried the same on the secondary server that doesn't have the VRRP address, it refused to bind to the non-existent '10.1.1.2' address.

I tried with both the publish options and got an error (10.1.1.3 is the regular IP of the secondary server).

--publish 10.1.1.3:53:53/udp --publish 10.1.1.2:53:53/udp

Error: unable to start container "XXXX": pasta failed with exit code 1:

Altering mapping of already mapped port number: 10.1.1.2/53-53:53-53

Failed to bind port 53 (Cannot assign requested address) for option '-u 10.1.1.2/53-53:53-53', exiting

I also tried to publish just the VRRP address that isn't currently assigned to the secondary server and got a different error.

--publish 10.1.1.2:53:53/udp

Error: unable to start container "XXXX": pasta failed with exit code 1:

Failed to bind port 53 (Cannot assign requested address) for option '-u 131.230.254.138/53-53:53-53', exiting

Since the goal of this VRRP setup is to have an active/standby failover pair, I have to have the service started and running on the secondary server. If the primary server fails, the VRRP address will move to the secondary server and DNS should then respond to requests.

Unless you can think of another work-around for the secondary server, I might just have to use a rootful container and host networking for now.

I will be happy to submit a bug report. Unfortunately, I'm having trouble getting signed up. I've tried to send the new account email to both my work email address and a personal Gmail address. I have not received the email in either case (I've checked the spam folders too).

I very much appreciate your work and the Pasta project. Thank you for taking the time to respond and helping me out!

Thanks,