diff --git a/Dockerfile b/Dockerfile
index 32dd004..4e274ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,7 +36,7 @@ RUN apt-get install -qy --no-install-recommends $BUILD_DEPS && \
     curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
 
 RUN export PATH="$HOME/.cargo/bin:$PATH" && \
-    echo "Compiling encrypted-dns version 0.2.2" && \
+    echo "Compiling encrypted-dns version 0.2.3" && \
     cargo install encrypted-dns && \
     mkdir -p /opt/encrypted-dns/sbin && \
     mkdir -p /opt/encrypted-dns/etc/keys && \
diff --git a/encrypted-dns.toml.in b/encrypted-dns.toml.in
index 3cbf7d8..3bdb055 100644
--- a/encrypted-dns.toml.in
+++ b/encrypted-dns.toml.in
@@ -93,12 +93,12 @@ daemonize = false
 
 ## User name to drop privileges to, when started as root.
 
-# user = "_encrypted-dns"
+user = "_encrypted-dns"
 
 
 ## Group name to drop privileges to, when started as root.
 
-# group = "_encrypted-dns"
+group = "_encrypted-dns"
 
 
 ## Path to chroot() to, when started as root.
diff --git a/watchdog.sh b/watchdog.sh
index 9e3b16f..e9ae931 100755
--- a/watchdog.sh
+++ b/watchdog.sh
@@ -5,11 +5,3 @@ sleep 300
 for service in unbound encrypted-dns; do
     sv check "$service" || sv force-restart "$service"
 done
-
-KEYS_DIR="/opt/encrypted-dns/etc/keys"
-GRACE_PERIOD=60
-
-provider_name=$(cat "${KEYS_DIR}/provider_name")
-
-drill -p 443 -Q TXT "$provider_name" @127.0.0.1 ||
-    sv force-restart encrypted-dns