[Unit] Description=DNSCrypt-proxy client Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki ## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism. ## Always try without systemd sockets before reporting any issues related to speed, latency or reliability. ## If you enable this, the `listen_addresses` list in the main configuration file can be empty. ## Or, at least, the addresses it contains should not overlap with the systemd socket addresses. # Requires=dnscrypt-proxy.socket After=network.target Wants=network.target Before=nss-lookup.target Wants=nss-lookup.target [Service] ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml NonBlocking=true DynamicUser=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes CacheDirectory=dnscrypt-proxy ConfigurationDirectory=dnscrypt-proxy LogsDirectory=dnscrypt-proxy RuntimeDirectory=dnscrypt-proxy ## Allow binding to 127.0.0.1:53 as non-root user ## without the .socket unit CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] Also=dnscrypt-proxy.socket WantedBy=multi-user.target