# net-dns/dnscrypt-proxy 2.0.0 fails to bind to port 53

## Skinjob2707

My system recently upgraded to dnscrypt-proxy 2.0.0 and it isn't starting.  

systemctl status dnscrypt-proxy

Results in:

```
● dnscrypt-proxy.service - DNSCrypt client proxy

   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)

   Active: failed (Result: exit-code) since Sat 2018-02-17 12:41:28 EST; 40min ago

     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki

  Process: 5801 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml (code=exited, status=255)

 Main PID: 5801 (code=exited, status=255)

Feb 17 12:41:28 bluemeanie systemd[1]: Started DNSCrypt client proxy.

Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.>

Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [NOTICE] dnscrypt-proxy 2.0.0

Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [FATAL] listen udp 127.0.0.1:53: bind: address already in use

Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=255/n/a

Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Start request repeated too quickly.

Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

Feb 17 12:41:28 bluemeanie systemd[1]: Failed to start DNSCrypt client proxy.
```

/etc/systemd/resolved.conf contains:

```
#  This file is part of systemd.

#

#  systemd is free software; you can redistribute it and/or modify it

#  under the terms of the GNU Lesser General Public License as published by

#  the Free Software Foundation; either version 2.1 of the License, or

#  (at your option) any later version.

#

# Entries in this file show the compile time defaults.

# You can change settings by editing this file.

# Defaults can be restored by simply deleting this file.

#

# See resolved.conf(5) for details

[Resolve]

#DNS=

#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844

#Domains=

#LLMNR=yes

#MulticastDNS=yes

#DNSSEC=no

#Cache=yes

DNSStubListener=no

```

After changing the DNSStublisneer to no, I disabled and re-enabled the service.  With systemd-resloved specifically stopped, netstat -tulpn produces:

```
Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      4754/smbd           

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4730/sshd           

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      4700/cupsd          

tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      4731/postgres       

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      4754/smbd           

tcp6       0      0 :::139                  :::*                    LISTEN      4754/smbd           

tcp6       0      0 :::22                   :::*                    LISTEN      4730/sshd           

tcp6       0      0 ::1:631                 :::*                    LISTEN      4700/cupsd          

tcp6       0      0 ::1:5432                :::*                    LISTEN      4731/postgres       

tcp6       0      0 :::445                  :::*                    LISTEN      4754/smbd           

tcp6       0      0 :::6881                 :::*                    LISTEN      5205/ktorrent       

udp     8320      0 0.0.0.0:8881            0.0.0.0:*                           5205/ktorrent       

udp    41728      0 0.0.0.0:9100            0.0.0.0:*                           4696/socat          

udp6     832      0 fe80::325e:f37f:d1d:546 :::*                                5520/dhclient       

udp6   25984      0 :::8881                 :::*                                5205/ktorrent  
```

Even with netstat showing nothing bound to 127.0.0.1:53, I still get the error message about not being able to bind to the address. 

Thanks in advance for your help!

----------

## gyakovlev

hey, you should change listen_addresses value to [] if running under systemd.

this may do the trick for you:

```
sed -i 's|\['\''127\.0\.0\.1:53'\'', '\''\[::1\]:53'\''\]|\[\]|g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml
```

----------

## comio

 *gyakovlev wrote:*   

> hey, you should change listen_addresses value to [] if running under systemd.
> 
> this may do the trick for you:
> 
> ```
> ...

 

this is true only if you are using systemd socket.

can you attach dnscrypt config? are you using a limited user to start dnscrypt? if yes, can this user open port 53? are you enabled filecaps USE flag? this last is required in order to listen port on 53 (if you are using the service directly).

Give also the output of 

```
systemctl status dnscrypt-proxy.socket
```

 and 

```
systemctl status dnscrypt-proxy.service
```

ciao

luigi

----------

