diff --git a/src/docker.js b/src/docker.js
index 329cf5699..2d0fd49b1 100644
--- a/src/docker.js
+++ b/src/docker.js
@@ -288,7 +288,9 @@ async function createSubcontainer(app, name, cmd, options) {
         const { hostPort, type:portType, count:portCount } = app.portBindings[portName];
         const portSpec = portType == 'tcp' ? manifest.tcpPorts : manifest.udpPorts;
         const containerPort = portSpec[portName].containerPort || hostPort;
-        const hostIps = hostPort === 53 ? await getAddressesForPort53() : [ '0.0.0.0', '::0' ]; // port 53 is special because it is possibly taken by systemd-resolved
+        // port 53 is special. systemd-resolved is listening on 127.0.0.x port 53 and another process cannot listen to 0.0.0.0 port 53
+        // for port 53 alone, we listen explicitly on the server's interface IP
+        const hostIps = hostPort === 53 ? await getAddressesForPort53() : [ '0.0.0.0', '::0' ];
 
         portEnv.push(`${portName}=${hostPort}`);
         if (portCount > 1) portEnv.push(`${portName}_COUNT=${portCount}`);
@@ -373,7 +375,9 @@ async function createSubcontainer(app, name, cmd, options) {
     if (isAppContainer) {
         containerOptions.Hostname = app.id;
         containerOptions.HostConfig.NetworkMode = 'cloudron'; // user defined bridge network
-        containerOptions.HostConfig.ExtraHosts = [ `${dashboardFqdn}:172.18.0.1` ];
+
+        // Do not inject for AdGuard. It ends up resolving the dashboard domain as the docker bridge IP
+        if (manifest.id !== 'com.adguard.home.cloudronapp') containerOptions.HostConfig.ExtraHosts = [ `${dashboardFqdn}:172.18.0.1` ];
 
         containerOptions.NetworkingConfig = {
             EndpointsConfig: {