If you ever tried to run dnscrypt-proxy on a recent Ubuntu 18, you will likely encounter something like this:
[FATAL] listen udp 127.0.0.1:53: bind: permission denied
Well, turns out that the systemd configuration file isn't allowing dnscrypt-proxy to bind to priviledged ports (everything less than 1024).
The fix is simple. Modify your systemd configuration file , in my case located at
# Add capabilities to bind to privileged ports AmbientCapabilities=CAP_NET_BIND_SERVICE
somewhere within the [Services] section. Bad thing is that it seems to overwrite that configuration file on an update. Yikes.