diff --git a/example-encrypted-dns.toml b/example-encrypted-dns.toml
index eef291a..c5da1ce 100644
--- a/example-encrypted-dns.toml
+++ b/example-encrypted-dns.toml
@@ -195,8 +195,14 @@ enabled = false
 
 
 # Allowed upstream ports
+# This is a list of commonly used ports for encrypted DNS services
 
-allowed_ports = [ 443 ]
+allowed_ports = [ 443, 553, 853, 1443, 2053, 4343, 4434, 4443, 5353, 5443, 8443, 15353 ]
+
+
+# Allow all ports >= 1024 in addition to the list above
+
+allow_non_reserved_ports = false
 
 
 # Blacklisted upstream IP addresses
diff --git a/src/anonymized_dns.rs b/src/anonymized_dns.rs
index 6d56840..8a3ca8c 100644
--- a/src/anonymized_dns.rs
+++ b/src/anonymized_dns.rs
@@ -45,7 +45,8 @@ pub async fn handle_anonymized_dns(
     );
     let port = BigEndian::read_u16(&encrypted_packet[16..18]);
     ensure!(
-        globals.anonymized_dns_allowed_ports.contains(&port),
+        (globals.anonymized_dns_allow_non_reserved_ports && port >= 1024)
+            || globals.anonymized_dns_allowed_ports.contains(&port),
         "Forbidden upstream port"
     );
     let upstream_address = SocketAddr::new(ip, port);
diff --git a/src/config.rs b/src/config.rs
index 3101ea5..60f05f0 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -13,6 +13,7 @@ use tokio::prelude::*;
 pub struct AnonymizedDNSConfig {
     pub enabled: bool,
     pub allowed_ports: Vec<u16>,
+    pub allow_non_reserved_ports: Option<bool>,
     pub blacklisted_ips: Vec<IpAddr>,
 }
 
diff --git a/src/globals.rs b/src/globals.rs
index 67d44d4..2bb3bef 100644
--- a/src/globals.rs
+++ b/src/globals.rs
@@ -42,6 +42,7 @@ pub struct Globals {
     pub blacklist: Option<BlackList>,
     pub anonymized_dns_enabled: bool,
     pub anonymized_dns_allowed_ports: Vec<u16>,
+    pub anonymized_dns_allow_non_reserved_ports: bool,
     pub anonymized_dns_blacklisted_ips: Vec<IpAddr>,
     #[cfg(feature = "metrics")]
     #[derivative(Debug = "ignore")]
diff --git a/src/main.rs b/src/main.rs
index ee8c332..3094fe1 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -615,15 +615,20 @@ fn main() -> Result<(), Error> {
                 .map_err(|e| format_err!("Unable to load the blacklist [{:?}]: [{}]", path, e))?,
         ),
     };
-    let (anonymized_dns_enabled, anonymized_dns_allowed_ports, anonymized_dns_blacklisted_ips) =
-        match config.anonymized_dns {
-            None => (false, vec![], vec![]),
-            Some(anonymized_dns) => (
-                anonymized_dns.enabled,
-                anonymized_dns.allowed_ports,
-                anonymized_dns.blacklisted_ips,
-            ),
-        };
+    let (
+        anonymized_dns_enabled,
+        anonymized_dns_allowed_ports,
+        anonymized_dns_allow_non_reserved_ports,
+        anonymized_dns_blacklisted_ips,
+    ) = match config.anonymized_dns {
+        None => (false, vec![], false, vec![]),
+        Some(anonymized_dns) => (
+            anonymized_dns.enabled,
+            anonymized_dns.allowed_ports,
+            anonymized_dns.allow_non_reserved_ports.unwrap_or(false),
+            anonymized_dns.blacklisted_ips,
+        ),
+    };
 
     let globals = Arc::new(Globals {
         runtime: runtime.clone(),
@@ -655,6 +660,7 @@ fn main() -> Result<(), Error> {
         blacklist,
         anonymized_dns_enabled,
         anonymized_dns_allowed_ports,
+        anonymized_dns_allow_non_reserved_ports,
         anonymized_dns_blacklisted_ips,
         #[cfg(feature = "metrics")]
         varz: Varz::default(),