dnscrypt-proxy on systemd targets (at least Ubuntu)

If you ever tried to run dnscrypt-proxy on a recent Ubuntu 18, you will likely encounter something like this:

[FATAL] listen udp 127.0.0.1:53: bind: permission denied

Well, turns out that the systemd configuration file isn't allowing dnscrypt-proxy to bind to priviledged ports (everything less than 1024).

The fix is simple. Modify your systemd configuration file , in my case located at

/etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service

and add

# Add capabilities to bind to privileged ports
AmbientCapabilities=CAP_NET_BIND_SERVICE

somewhere within the [Services] section. Bad thing is that it seems to overwrite that configuration file on an update. Yikes.