- Random connection issues under mobile data. (see [DNSCrypt/dnscrypt-proxy/discussions/2020](https://github.com/DNSCrypt/dnscrypt-proxy/discussions/2020))
-`dns.digitalsize.net` resolver (A public, non-tracking, non-filtering DNS resolver with DNSSEC enabled and hosted in Germany (https://dns.digitalsize.net)).
-`dnswarden-asia-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Singapore. by Bhanu Pratap).
-`dnswarden-eu-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Germany. by Bhanu Pratap).
-`dnswarden-us-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in USA (Dallas). by Bhanu Pratap).
-`plan9-ns2` resolver (DNSCrypt server in Florida, USA. Non-logging, non-filtering, DNSSEC, anonymized. info - https://jlongua.github.io/plan9-dns/).
-`pryv8boi` resolver (By pryv8, non Logging, uncensored, DNSSEC - hosted on contabo servers).
-`resolver4.dns.openinternet.io` resolver (DNSCrypt resolver on dedicated hardware, colocated at Sonic.net in Santa Rosa, CA in the United States. No log, no filter, DNSSEC. Uses Sonic's recusrive DNS servers as upstream resolvers (but is not affiliated with Sonic in any way). Provided by https://openinternet.io).
-`suami` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Frankfurt. by lucenera).
-`zackptg5-us-il-ipv4` resolver (DNSSEC/unfiltered/non-logged. Hosted on Vultr in Chicago, IL. Running the official Docker image by @zackptg5).
-`zackptg5-us-pit-ipv4` resolver (DNSSEC/unfiltered/non-logged. Hosted on TeraSwitch in Pittsburgh, PA. Running the official Docker image by @zackptg5).
- Optimized relays.
### Changed
- The path of the config. files from `/data/media/0/dnscrypt-proxy` to `/storage/emulated/0/dnscrypt-proxy` (fix for log issues on `A11+` and an issue on `A6-` where the config. files could not be modified).
- Set `dnscrypt-proxy.log` level from `2` to `0` (but keep it disabled by default).
-`allowed-ips.txt` and `blocked-ips.txt` files (as placeholder).
- Cleanup unneeded binary files after the installation.
-`acsacsar-ams-ipv4` resolver (Public non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver hosted on Scaleway by [acsacsar](https://nitter.net/acsacsar)).
-`arvind-io` resolver (Public resolver by EnKrypt (https://arvind.io). Hosted in Bangalore, India. Non-logging, non-filtering, supports DNSSEC.).
-`moulticast-uk-ipv4` resolver (Public | Non-filtering | Non-logging | DNSSEC aware | Hosted in UK | Operated by @herver (Github) | https://moulticast.net/dnscrypt/).
-`plan9-dns` resolver (Resolver in New Jersey, USA. DNSCrypt protocol. Non-logging, non-filtering, DNSSEC, anonymized. Running the official Docker image on Vultr by @jlongua1).
-`pwoss.org-dnscrypt` resolver (No filter | No logs | DNSSEC | Nuremberg, Germany (netcup) | Maintained by https://pwoss.org/ (Dan)).
-`sarpel-dns-istanbul` resolver (No-filter | No-logs | Uncensored | Hosted in Istanbul(Turkey) on Cloudeos).
-`serbica` resolver (Public DNSCrypt server in the Netherlands by https://litepay.ch).
-`ventricle.us` resolver (Public DNSCrypt resolver provided by Jacob Henner. Hosted by Digital Ocean, New York).
- New option: `block_unqualified` to block `A`/`AAAA` queries with
unqualified host names. These will very rarely get an answer from upstream
resolvers, but can leak private information to these, as well as to root
servers.
- When a `CNAME` pointer is blocked, the original query name is now logged
along with the pointer. This makes it easier to know what the original
query name, so it can be whitelisted, or what the pointer was, so it
can be removed from the blacklist.
### Added
-`scaleway-ams` resolver (DNSSEC/Non-logged/Uncensored in Amsterdam- ARM server donated by Scaleway.com) Maintained by Frank Denis- https://fr.dnscrypt.info).
-`ffmuc.net` resolver (An open DNSCrypt resolver operated by Freifunk Munich with nodes in DE. https://ffmuc.net/).
- Optimized relays.
### Changed
- Updated `blacklist.txt` to `2019.12.09`.
### Fixed
- Backup an existing `.toml` file before proceed with the installation.
## 2.0.34
### Upstream
- Blacklisted names are now also blocked if they appear in `CNAME`
pointers.
-`dnscrypt-proxy` can now act as a local DoH *server*. Firefox can
be configured to use it, so that ESNI can be enabled without bypassing
your DNS proxy.
### Added
-`ibksturm`- dnscrypt-server (nginx- encrypted-dns- unbound backend), DNSSEC / Non-Logged / Uncensored, OpenNIC and Root DNS-Zone- Hosted in Switzerland by ibksturm, aka Andreas Ziegler).
-`blacklist.txt` file to prevent `CNAME Cloaking` tracking feature.
- Optimized relays.
### Removed
-`charis` and `suami` resolvers.
## 2.0.33
### Upstream
- Fixes an issue that caused some valid queries to return `PARSE_ERROR`.
- On certificate errors, the server name is now logged instead of the
provider name, which is generally more useful.
- IP addresses for DoH servers that require DNS lookups are now cached
for at least 12 hours.
-`ignore_system_dns` is now set to `true` by default.
- A workaround for a bug in Cisco servers has been implemented.
- A corrupted or incomplete resolvers list is now ignored, keeping the
last good known cached list until the next update. In addition, logging was
improved and unit tests were also added. Awesome contribution from William
Elwood, thanks!
- On Windows, the network probe immediately returned instead of blocking
if `netprobe_timeout` was set to `-1`. This has been fixed.
- Expired cached IP addresses now have a grace period, to avoid breaking the
service if they temporarily can't be refreshed.
- On Windows, the service now returns immediately, solving a long-standing
issue when initialization took more than 30 seconds ("The service did not
respond to the start or control request in a timely fashion"). Fantastic
work by Alison Winters, thanks!
- The `SERVER_ERROR` error code has been split into two new error codes:
`NETWORK_ERROR` (self-explanatory) and `SERVFAIL` (a response was returned,
but it includes a `SERVFAIL` error code).
- Responses are now always compressed.
### Added
-`v.dnscrypt.uk-ipv4` (DNSCrypt v2, no logs, uncensored, DNSSEC. Hosted in London UK on Vultr- https://www.dnscrypt.uk).
- Optimized relays (set to use other providers different from the main one).
## 2.0.31
### Upstream
- This version fixes a startup issue introduced in version 2.0.29, on systems for which the service cannot be automatically installed (such as OpenBSD and FreeBSD). Reported by @5ch17 and Vinícius Zavam, and fixed by Will Elwood, thanks!
- This version fixes two regressions introduced in version 2.0.29: DoH server couldn't be reached over IPv6 any more, and the proxy couldn't be interrupted while servers were being benchmarked.
### Changed
- Another way to backup an existing `.toml` file (the old configuration is now backed up with `year-month-day-hour-minute.bak` suffix, thanks to @lindroidux).
## 2.0.29
### Upstream
- Support for Anonymized DNS has been added!
- Wait before stopping, fixing an issue with Unbound (thanks to Vladimir Bauer)
- DNS stamps are now included in the `-list-all-json` ouptut
- The `netprobe_timeout` setting from the configuration file or command-line was ignored. This has been fixed.
- The TTL or cloaked entries can now be adjusted (thanks to Markus Linnala)
- Cached IP address from DoH servers now expire (thanks to Markus Linnala)
- DNSCrypt certificates can be fetched over Tor and SOCKS proxies
- Retries over TCP are faster
- Improved logging (thanks to Alison Winters)
- Ignore non-TXT records in certificate responses (thanks to Vladimir Bauer)
- A lot of internal cleanups, thanks to Markus Linnala
### Added
-`publicarray-au` resolver Australia (DNSSEC/OpenNIC/Non-logging/Uncensored- hosted on vultr.com maintained by publicarray- https://dns.seby.io).
-`publicarray-au2` resolver Australia (DNSSEC/OpenNIC/Non-logging/Uncensored- hosted on ovh.com.au maintained by publicarray- https://dns.seby.io).
- Optimized relays.
## 2.0.29-beta.3
### Upstream
- Support for Anonymized DNSCrypt has been added.
- Latency with large responses has actually been reduced.
- DNSCrypt certificates can now be retrieved over Tor, proxies, and DNS relays.
- Improved server error reporting (thanks to Alison Winters)
- Quite a lot of internal improvements and bug fixes have been made, thanks to Markus Linnala.
- Improved logging
- Added a workaround for DNS servers using a non-standard provider name.
### Added
-`anonymized_dns` feature (each resolver has 2 relays assigned).
-`scaleway-fr` resolver (DNSSEC/Non-logging/Uncensored- Maintained by Frank Denis- https://fr.dnscrypt.info).
## 2.0.28
### Upstream
- Invalid server entries are now skipped instead of preventing a source from being used. Thanks to Alison Winters for the contribution!
- Truncated responses are immediately retried over TCP instead of waiting for the client to retry. This reduces the latency for large responses.
- Responses sent to the local network are assumed to support at least 1252 bytes packets, and use optional information from EDNS up to 4096 bytes. This also reduces latency.
- Logging improvements: servers are not logged for cached, synthetic and cloaked responses. And the forwarder is logged instead of the regular server for forwarded responses.
## 2.0.27
### Upstream
- The X25519 implementation was changed from using the Go standard implementation to using Cloudflare's CIRCL library. Unfortunately, CIRCL appears to be broken on big-endian systems. That change has been reverted.
- All the dependencies have been updated.
### Changed
- New project mantainer, @quindecim :)
### v2.8.7 (@bluemeda)
- Changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
- Updated binary & configuration files to 2.0.25
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
### v2.8.5 (@bluemeda)
- Fix #40
### v2.8.4 (@bluemeda)
- Fix failed to copy or backup config file
### v2.8.3 (@bluemeda)
- Fix permission issue
- Add option to replace or backup-restore config file
### v2.8.2 (@bluemeda)
- Fix "binary file is missing"
### v2.8.7 (@bluemeda)
- Update Magisk 18100 requirements
### v2.8.0 (@bluemeda)
- Update binary files 2.0.22
### v2.7.0 (@bluemeda)
- Update binary files 2.0.21
### v2.6.0 (@bluemeda)
- Update binary files to 2.0.19
### v2.5.0 (@bluemeda)
- Update binary files to 2.0.16
- add exception for cloudflare fallback resolver.
### v2.4.0 (@bluemeda)
- Update binary files to 2.0.14
### v2.3.0 (@bluemeda)
- Update binary files to 2.0.10
- Add option to choose auto redirect DNS or manually set with 3rd-party app.
### v2.2.0 (@bluemeda)
- Update binary files to 2.0.8
### v2.1.3 (@bluemeda)
- If you have previous version, please uninstall it first then reinstall it again or you can change listen port manually in dnscrypt-proxy.toml file.
- Fix Tethering Client cannot Resolve DNSCrypt
- Fix Chromecast devices not showing jedisct1/dnscrypt-proxy#226
- Add binary files for x86 and x86_64 (test)
### v2.1.2 (@bluemeda)
- Bug Fixes
### v2.1.1 (@bluemeda)
- Bug fixes
### v2.1 (@bluemeda)
- Bug fixes
### v2.0 (@bluemeda)
- Resolve download.dnscrypt.info first before executing iptable
- Don't override dnscrypt-proxy.toml if exist
- Update binary files to v2.0.6
### v1.1 (@bluemeda)
- Change listen port to 5353 (avoid conflict while tethering)