diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml
index 9f59e33e..c2a73f3e 100644
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@@ -136,6 +136,8 @@
         value: 1
       - item: "{{ 'net.ipv6.conf.all.forwarding' if ipv6_support else none }}"
         value: 1
+      - item: net.ipv4.conf.all.route_localnet
+        value: 1
 
 - name: Install packages (batch optimization)
   include_tasks: packages.yml
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 0937d896..e1eee5f2 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -3,7 +3,6 @@
   include_tasks: ubuntu.yml
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 
-
 - name: dnscrypt-proxy ip-blacklist configured
   template:
     src: ip-blacklist.txt.j2
@@ -26,11 +25,12 @@
 
 - meta: flush_handlers
 
-- name: Ubuntu | Ensure dnscrypt-proxy socket is enabled
+- name: Ubuntu | Ensure dnscrypt-proxy socket is enabled and started
   systemd:
     name: dnscrypt-proxy.socket
     enabled: true
     state: started
+    daemon_reload: true
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 
 - name: dnscrypt-proxy enabled and started
diff --git a/roles/dns/tasks/ubuntu.yml b/roles/dns/tasks/ubuntu.yml
index c1bc239c..fc9bbca7 100644
--- a/roles/dns/tasks/ubuntu.yml
+++ b/roles/dns/tasks/ubuntu.yml
@@ -76,11 +76,16 @@
       NoDelay=true
       DeferAcceptSec=1
     mode: '0644'
+  register: socket_override
   notify:
     - daemon-reload
     - restart dnscrypt-proxy.socket
     - restart dnscrypt-proxy
 
+- name: Ubuntu | Flush handlers to restart socket if needed
+  meta: flush_handlers
+  when: socket_override.changed
+
 - name: Ubuntu | Add custom requirements to successfully start the unit
   copy:
     dest: /etc/systemd/system/dnscrypt-proxy.service.d/99-algo.conf