CoreDNS currently runs as root. It would be better to create a dedicated user and group 'coredns' to run the daemon as. Apart from the creation of the user and group, this would only require the addition of the -u flag to the /usr/sbin/daemon arguments in the rc-script.
> Apart from the creation of the user and group, this would only require the addition of the -u flag to the /usr/sbin/daemon arguments in the rc-script. With privileged ports (53 is a privileged ports) this wouldn't work because the application wouldn't be able to listen on it after setuid. I asked CoreDNS to implement setuid based on a command line argument.
Oops, hadn't thought of that. Thanks.
Apparently, golang is not capable of setuid. So let's just close this issue.
For the record, I asked Golang to support setuid: https://github.com/golang/go/issues/49404
Here is an example how to do setuid from Golang: https://gist.github.com/BorePlusPlus/4f9b2b4cc687c05dbdfb#file-setuid-go-L14