Skip to main content
Topic: alternative solution for allowing dnscrypt-proxy to bind to port 53 without root (Read 252 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

alternative solution for allowing dnscrypt-proxy to bind to port 53 without root

reference: https://wiki.artixlinux.org/Main/Dnscrypt-proxy

the following command allows dnscrypt-proxy to bind to port 53 without running as root:
Code: [Select]
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)

this approach is also recommended for allowing caddy to bind to e.g. port 443:
https://github.com/caddyserver/caddy
Quote
When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges for this, you will need to give your new binary permission to do so. On Linux, this can be done easily with: sudo setcap cap_net_bind_service=+ep ./caddy

with this approach, no further modifications are necessary to the default configuration, i.e. it is not necessary to run dnscrypt-proxy as root.