# /usr/lib/systemd/system/kresd@.service.d/override.conf

# If systemd.227+ isn't available (e.g. CentOS 7), socket activation can't be used
# and the following modifications are required to use the service with
# manual activation.

# CAP_NET_BIND_SERVICE is necessary to be able to bind to a well-known port
# as an unprivilidged user.

# Explicit --forks=1 turns off interactive mode.

[Service]
Type=simple
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=
ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf --forks=1
Sockets=