Co-Hosting Technitium DNS and e.g. Apache 2 Web Server

[sproggit]

It's possible that the subject of this post might be a "fringe case"... but on the other hand it's possible that this is going to describe some useful resilience in the Technitium DNS code that might help you out of a bind if you stumble across it.

What I'm going to describe here concerns Technitium's web server - previously installed and working on a Raspberry Pi - coming in to conflict with Apache2 web server after I subsequently installed Apache2 on the same host.

Configuration Experiencing the Issue
This happened [for me] on a Raspberry Pi 4B, running the version of Raspberry Pi OS based on Debian 13, "Trixie".
I had previously installed Technitium DNS 14.3 on this host and added a couple of Zones for which the host was a Primary name server, with a Secondary [another Pi4B] running for load balancing and resiliency.
The Pi itself is configured with 3 IP Addresses at the point of the issue:-
172.16.103.2 - this is the "Primary" address for this host - it is where my SSH/VNC connections link to
172.16.100.1 - this is one of two dedicated DNS Addresses and it is where Technitium is configured to "Listen"
Note that.... I configured Technitium DNS "Web Admin" to listen on "172.16.100.1" and "Port 80" using "Settings" >> "Web Service"...
172.16.103.122 - this is an address I added today and configured in to Apache2 [or so I thought].

** Issue Description**
Technitium DNS and the Web Admin interface has been working perfectly for a few weeks now.
Today, I installed Apache2 web server, configured up a single Virtual Host, set that to listen to it's dedicated IP address, and deployed the latest instance of PHPMyAdmin in that virtual machine's "web root" folder...
Testing and accessing the PHPMyAdmin utility worked perfectly...
However, when I subsequently went back to access the Technitium Web Admin screens, all I could see was the default Apache "installation" page to let me know that the installation had completely successfully. What had happened to Technitium's web server?

** Confusion in Triage **
OK, clearly another case of "idiot user"...
This is a Debian-based OS, so I performed "sudo systemctl stop apache2" and "sudo systemctl disable apache2"
Then I tried to access Technitium... No joy.
OK... maybe the appearance of Apache2 caused a conflict, b0rked Technitium's web interface, but left the socket 53 listener intact?
I tested again using "nslookup" for some of my local Zone hosts and could see that the DNS service was working fine...
So... just the web interface.
I tried "sudo systemctl restart dns.service" - but that made no difference...
I tried "sudo systemctl status dns.service" and could see that all appeared to be working as expected...
But no web interface...
I know this is a "nuclear option", but with nothing else left to try, I did a "sudo reboot now" and recycled the host.
Even that made no difference.
I looked in the Logs for Technitium but saw nothing suggesting a problem with the web interface.

Short on ideas, I took a "random punt" and tried to connect to it at the default web admin port of 5380
And got the login screen immediately...

But hang on, this should not have happened.
In my Apache2 setup, I'm using IP-based virtual hosts, and I have a single Virtual Host set with the IP address of 172.16.103.122. So why would Apache2 have conflicted with Technitium - when they are listening on different IP addresses?

Well, the answer is in an Apache2 configuration file, "ports.conf".
On my Raspberry Pi the full path to the default file is /etc/apache2/ports.conf
In this file I found two issues:-

1. The default setup just had the configuration of "Listen 80" - which basically tells the core Apache2 listener that it should monitor all incoming network traffic on ALL configured IP Addresses [and ALL Ethernet ports, if you have more than one on your host]
2. There are a couple of "IfModule" statements that check for the presence of two different types of SSL/TLS module and then, if found, set a listener on socket 443 - again, for all IP addresses known to the host.

So in other words, even though I had set up a properly-configured Virtual Hosts file and even though I had configured that with the correct IP address, the default Raspberry Pi "ports.conf" file says - and I'm paraphrasing - "Yeah, you can just ignore all that user setup - go in to promiscuous mode and listen for traffic on anything that looks like an IP address..."

Which IMHO is a bit naughty.

But now we get to the interesting bit...
Clearly there was conflict here between Apache2 and Technitium... and in this case what seems to have happened is that Technitium has said, "OK, well, if you insist on taking ownership of socket 80 on the IP address I was supposed to be listening for, I'm just going to revert my configuration to listen for port 5380 traffic on ALL addresses, just in case someone wants to talk to me...

Pretty resilient fall-back position from Technitium... and then finding it, fixing the Apache2 issue and reconfiguring Technitium back the way I had it before the meltdown and all was fine.

So:
It is possible to co-host Apache2 and Technitium
If you want to do this, make sure that you cross-check between the "Settings >> Web Service" section of your Technitium DNS Admin setup... and compare that with the "ports.conf" global settings of your Apache2 configuration and - if appropriate - with the individual virtual servers being hosted by Apache2.

One thing I didn't try - intentionally - was to see if I could set Technitium and Apache to listen on different TCP ports on the same IP Address... That strikes me as "inviting trouble"... so my suggestion would be that if you ever want to run Technitium DNS with a different web server on the same host, pay extra careful attention to the respective configuration - and don't trust products like Apache2 to respect your "Virtual Machine" configuration options. Always check their global settings as well.

Hope this helps others...