= The command ‘docker service create -name dns-cache -p 53:53/udp dns-cache’ is not correct and

will not create a swarm service that only listens on port 53 using the UDP protocol. There are two

errors in the command:

The option -name should be --name with two dashes, otherwise it will be interpreted as a short

option -n followed by an argument ame1.

The option -p or --publish will publish the service port to the host port, which means the service will

be reachable from outside the swarm2. To create a service that only listens on the internal network,

you need to use the --publish-add option with the mode=ingress flag3.

The correct command should be:

docker service create --name dns-cache --publish-add

mode=ingress,target=53,published=53,protocol=udp dns-cache

:

docker service create | Docker Docs

Publish ports on the host | Docker Docs

Publish a port for a service | Docker Docs