Skip to main content
Topic: alternative solution for allowing dnscrypt-proxy to bind to port 53 without root (Read 232 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

alternative solution for allowing dnscrypt-proxy to bind to port 53 without root

reference: https://wiki.artixlinux.org/Main/Dnscrypt-proxy

the following command allows dnscrypt-proxy to bind to port 53 without running as root:
Code: [Select]
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)

this approach is also recommended for allowing caddy to bind to e.g. port 443:
https://github.com/caddyserver/caddy
Quote
When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges for this, you will need to give your new binary permission to do so. On Linux, this can be done easily with: sudo setcap cap_net_bind_service=+ep ./caddy

with this approach, no further modifications are necessary to the default configuration, i.e. it is not necessary to run dnscrypt-proxy as root.