[Unit]
Description=Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely
After=network.target

[Service]
User=acme-dns
Group=acme-dns
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/acme-dns
Restart=on-failure

SystemCallArchitecture=native
RestrictAddressFamilies=AF_INET AF_INET6
SystemCallFilter=@system-service
PrivateTmp=yes

[Install]
WantedBy=multi-user.target