diff --git a/CHANGES b/CHANGES
index 3e0c613a6..d6c5565b5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2318,4 +2318,5 @@
 * setup UI: fix dark mode
 * wellknown: response to .wellknown/matrix/client
 * purpose field is not required anymore during appstore signup
+* port 53: use the addresses of all available interfaces
 
diff --git a/src/docker.js b/src/docker.js
index 0efd61367..642abfe59 100644
--- a/src/docker.js
+++ b/src/docker.js
@@ -283,16 +283,21 @@ async function getMounts(app, callback) {
     });
 }
 
-function getLowerUpIp() { // see getifaddrs and IFF_LOWER_UP and netdevice
-    const ni = os.networkInterfaces(); // { lo: [], eth0: [] }
-    for (const iname of Object.keys(ni)) {
-        if (iname === 'lo') continue;
-        for (const address of ni[iname]) {
-            if (!address.internal && address.family === 'IPv4') return address.address;
-        }
+function getAddresses() {
+    const deviceLinks = safe.fs.readdirSync('/sys/class/net'); // https://man7.org/linux/man-pages/man5/sysfs.5.html
+    if (!deviceLinks) return [];
+
+    const devices = deviceLinks.map(d => { return { name: d, link: safe.fs.readlinkSync(`/sys/class/net/${d}`) }; });
+    const physicalDevices = devices.filter(d => d.link && !d.link.includes('virtual'));
+
+    const addresses = [];
+    for (const phy of physicalDevices) {
+        const result = safe.JSON.parse(safe.child_process.execSync(`ip -f inet -j addr show ${phy.name}`, { encoding: 'utf8' }));
+        const address = safe.query(result, '[0].addr_info[0].local');
+        if (address) addresses.push(address);
     }
 
-    return null;
+    return addresses;
 }
 
 function createSubcontainer(app, name, cmd, options, callback) {
@@ -332,8 +337,8 @@ function createSubcontainer(app, name, cmd, options, callback) {
         exposedPorts[`${containerPort}/${portType}`] = {};
         portEnv.push(`${portName}=${hostPort}`);
 
-        const hostIp = hostPort === 53 ? getLowerUpIp() : '0.0.0.0'; // port 53 is special because it is possibly taken by systemd-resolved
-        dockerPortBindings[`${containerPort}/${portType}`] = [ { HostIp: hostIp, HostPort: hostPort + '' } ];
+        const hostIps = hostPort === 53 ? getAddresses() : [ '0.0.0.0' ]; // port 53 is special because it is possibly taken by systemd-resolved
+        dockerPortBindings[`${containerPort}/${portType}`] = hostIps.map(hip => { return { HostIp: hip, HostPort: hostPort + '' }; });
     }
 
     let appEnv = [];