diff --git a/daemon/cmd/fqdn.go b/daemon/cmd/fqdn.go
index 1f98efac7842..c5de736941b4 100644
--- a/daemon/cmd/fqdn.go
+++ b/daemon/cmd/fqdn.go
@@ -363,8 +363,12 @@ func (d *Daemon) bootstrapFQDN(possibleEndpoints map[uint16]*endpoint.Endpoint,
 	if option.Config.ToFQDNsProxyPort != 0 {
 		port = uint16(option.Config.ToFQDNsProxyPort)
 	} else if port == 0 {
-		// Try locate old DNS proxy port number from the datapath
-		port = d.datapath.GetProxyPort(proxy.DNSProxyName)
+		// Try locate old DNS proxy port number from the datapath, and reuse it if it's not open
+		oldPort := d.datapath.GetProxyPort(proxy.DNSProxyName)
+		openLocalPorts := proxy.OpenLocalPorts()
+		if _, alreadyOpen := openLocalPorts[oldPort]; !alreadyOpen {
+			port = oldPort
+		}
 	}
 	if err := re.InitRegexCompileLRU(option.Config.FQDNRegexCompileLRUSize); err != nil {
 		return fmt.Errorf("could not initialize regex LRU cache: %w", err)
diff --git a/pkg/proxy/netstat.go b/pkg/proxy/netstat.go
index 12f5f13f6084..0393874c81d7 100644
--- a/pkg/proxy/netstat.go
+++ b/pkg/proxy/netstat.go
@@ -65,3 +65,8 @@ func readOpenLocalPorts(procNetFiles []string) map[uint16]struct{} {
 
 	return openLocalPorts
 }
+
+// OpenLocalPorts returns the set of L4 ports currently open locally.
+func OpenLocalPorts() map[uint16]struct{} {
+	return readOpenLocalPorts(append(procNetTCPFiles, procNetUDPFiles...))
+}