Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.
The long answer: you can redirect connections on port 80 to some other port you can open as normal user.
Run as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):
# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).
EDIT: as per comment question - to delete the above rule:
# iptables -t nat --line-numbers -n -L
This will output something like:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 8088
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:
# iptables -t nat -D PREROUTING 2
Here is a blog where somebody got > 1,000,000 outbounds from a box.
In Part 1, we set the range to "1024 65535" - meaning there are 65535-1024 = 64511 unprivileged ports available. Some of them will be used by other processes, but we'll never get over 64511 client connections, because we'll run out of ports.
...
So let's bring up 17 new IP addresses, with the intention of making 62,000 connections from each - giving us a total of 1,054,000 connections
Best Answer
I assume you are using the server as an authoritive DNS server for a domain name. If that is the case any client that would need to resolve a name that your server has authority for would only need to use UDP. TCP is to be used for zone transfers.
And i also asume that you do not want the world to be able to do zone transfers. While not a security risk in itself zone transfers are usually only allowed to the secondary/backup dns servers. Most dns software also has ACL's to controll wich server is allowed to do zone transfers so you also have a second method of restricting that. But since i see security as allow only what is needed i suggest that you block tcp on port 53 for hosts that dont need to do zone transfers from you.
As a side note, tcp connections from random adsl hosts on tcp port 53 have malicious intent. This is because no legit client should need to do zone transfers from you. They might be trying to access confidential information related to your network, or to explit vulnerabilities to certain DNS software.
While that is not something to be paranoid about it is something that you should be aware of.