From aeab0a2e43b97ce7c99555296d4d8f7cc71bfdbb Mon Sep 17 00:00:00 2001 From: EyBmY Date: Mon, 16 Feb 2026 07:21:42 +0000 Subject: [PATCH] Use Systemd override file instead of editing "/usr/lib/systemd/system/dnscrypt-proxy.socket" directly Signed-off-by: EyBmY Co-authored-by: RD WebDesign --- docs/guides/dns/dnscrypt-proxy.md | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/guides/dns/dnscrypt-proxy.md b/docs/guides/dns/dnscrypt-proxy.md index 5bef82e..2a2f2ff 100644 --- a/docs/guides/dns/dnscrypt-proxy.md +++ b/docs/guides/dns/dnscrypt-proxy.md @@ -17,13 +17,31 @@ However for those using distributions which don't provide an official package, [ By default, `FTLDNS` listens on the standard DNS port 53. -To avoid conflicts with `FTLDNS`, edit `/usr/lib/systemd/system/dnscrypt-proxy.socket`, ensuring `dnscrypt-proxy` listens on a port that is not in use by other services. +To avoid conflicts with `FTLDNS`, add a systemd override file with `sudo systemctl edit dnscrypt-proxy.socket`, ensuring `dnscrypt-proxy` listens on a port that is not in use by other services. -The following settings in `/usr/lib/systemd/system/dnscrypt-proxy.socket`, let `dnscrypt-proxy` listen on localhost on port 5053: +You will be greeted with an empty override file: ```text +### Editing /etc/systemd/system/dnscrypt-proxy.socket.d/override.conf +### Anything between here and the comment below will become the contents of the drop-in file + + +### Edits below this comment will be discarded +``` + +In the new systemd override file, unset the old values first and let `dnscrypt-proxy` listen on localhost on port 5053: + +```text +### Editing /etc/systemd/system/dnscrypt-proxy.socket.d/override.conf +### Anything between here and the comment below will become the contents of the drop-in file + +[Socket] +ListenStream= +ListenDatagram= ListenStream=127.0.0.1:5053 ListenDatagram=127.0.0.1:5053 + +### Edits below this comment will be discarded ``` If you have `cloudflared` installed, you may uninstall it, as `dnscrypt-proxy` will replace it, or choose a unique port for `dnscrypt-proxy`.