dnscrypt-proxy-android/README.md

92 lines
4.8 KiB
Markdown
Raw Normal View History

2021-02-02 08:07:26 +00:00
# DNSCrypt Proxy 2 for Android | privacy oriented
2018-02-27 14:42:14 +00:00
2021-02-02 08:07:26 +00:00
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt) and [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt).
2018-02-27 14:42:14 +00:00
2019-10-24 07:31:00 +00:00
2021-02-02 08:07:26 +00:00
## Features
2020-12-10 17:19:54 +00:00
2021-02-02 08:07:26 +00:00
- For all features please refer to the [OFFICIAL PAGE](https://github.com/DNSCrypt/dnscrypt-proxy#features)
- All binary files are downloaded from the [OFFICIAL RELEASE PAGE](https://github.com/DNSCrypt/dnscrypt-proxy/releases)
2018-02-27 14:42:14 +00:00
2019-10-24 07:31:00 +00:00
2021-02-02 08:07:26 +00:00
## Pre-built binaries
2019-10-24 08:04:40 +00:00
2021-02-02 08:07:26 +00:00
Up-to-date, pre-built binaries are available for:
2019-10-24 08:04:40 +00:00
2021-02-02 08:07:26 +00:00
- Android/arm
- Android/arm64
- Android/x86
- Android/x86_64
2019-10-24 08:04:40 +00:00
2021-02-02 08:07:26 +00:00
## Differences from the main dnscrypt-proxy project
2019-10-01 20:57:13 +00:00
2021-02-02 08:07:26 +00:00
- `server_names` = `acsacsar-ams-ipv4` [NLD], `arvind-io` [IND], `bcn-dnscrypt` [ESP], `d0wn-tz-ns1` [TZA], `dnscrypt.be` [BEL], `dnscrypt.ca-1` [CAN], `dnscrypt.ca-2` [CAN], `dnscrypt.eu-dk` [DNK], `dnscrypt.eu-nl` [NLD], `dnscrypt.one` [DEU], `dnscrypt.pl` [POL], `dnscrypt.uk-ipv4` [GBR], `ev-canada` [CAN], `jp.tiar.app` [JPN], `meganerd` [NLD], `moulticast-ca-ipv4` [CAN], `moulticast-de-ipv4` [DEU], `moulticast-fr-ipv4` [FRA], `moulticast-sg-ipv4` [SGP], `moulticast-uk-ipv4` [GBR], `plan9-dns` [USA], `publicarray-au` [AUS], `pwoss.org-dnscrypt` [DEU], `sarpel-dns-istanbul` [TUR], `scaleway-ams` [NLD], `scaleway-fr` [FRA], `serbica` [NLD], `v.dnscrypt.uk-ipv4` [GBR], `ventricle.us` [USA], `zackptg5-us-il-ipv4` [USA] are the resolvers in use.
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `doh_servers` = `false` (disable servers implementing the `DNS-over-HTTPS` protocol)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `require_dnssec` = `true` (server must support `DNSSEC` security extension)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `timeout` = `1000` (set the max. response time of a single DNS query from `5000` to `1000` ms.)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `blocked_query_response` = `'refused'` (set `refused` response to blocked queries)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `dnscrypt_ephemeral_keys` = `true` (create a new, unique key for every single DNS query)
2020-12-07 01:36:01 +00:00
- `bootstrap_resolvers` = `['91.239.100.100:53']` (use [UncensoredDNS](https://blog.uncensoreddns.org/) instead [CloudFlare](https://iscloudflaresafeyet.com/))
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `netprobe_address` = `'91.239.100.100:53'` (use [UncensoredDNS](https://blog.uncensoreddns.org/) instead [CloudFlare](https://iscloudflaresafeyet.com/))
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `block_ipv6` = `true` (immediately respond to IPv6-related queries with an empty response)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `blocked_names_file`, `blocked_ips_file`, `allowed_names_file` and `allowed_ips_file` options enabled. (you can now filter your web content, to know how, please refer to the [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters) or take a look at my [block repository](https://git.nixnet.services/quindecim/block))
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `anonymized_dns` feature enabled. (`routes` are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `skip_incompatible` = `true` (skip resolvers incompatible with anonymization instead of using them directly)
2020-12-07 01:36:01 +00:00
2021-02-02 08:07:26 +00:00
- `direct_cert_fallback` = `false` (prevent direct connections through the resolvers for failed certificate retrieved via relay)
2019-10-24 07:31:00 +00:00
2019-10-01 20:57:13 +00:00
2021-02-02 08:07:26 +00:00
## Installation
2021-02-02 08:07:26 +00:00
1. Download the latest `.zip` file from the [Releases](https://git.nixnet.services/quindecim/dnscrypt-proxy-android/releases) page or from my [dnscrypt-proxy-android | CHANNEL](https://t.me/dnscrypt_proxy) on Telegram and flash it with [Magisk](https://github.com/topjohnwu/Magisk):
2020-12-10 17:19:54 +00:00
2021-02-02 08:07:26 +00:00
```
Magisk Manager > Modules > + > dnscrypt-proxy-android-v*.zip
```
2020-12-10 17:19:54 +00:00
2021-02-02 08:07:26 +00:00
2. Reboot your device.
2020-12-10 17:19:54 +00:00
2021-02-02 08:07:26 +00:00
3. Test your DNS: https://dnsleaktest.com/
2021-02-02 08:07:26 +00:00
### Configuration (post-installing)
2019-10-01 10:39:00 +00:00
2021-02-02 08:07:26 +00:00
- You can edit `dnscrypt-proxy.toml` as you wish located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml`, or `/data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml`.
- For more detailed configuration please refer to [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Configuration).
- For more support on a good privacy oriented setup, join our group at [dnscrypt-proxy-android | CHAT](https://t.me/qd_invitations) on Telegram.
2019-10-01 10:39:00 +00:00
2019-10-24 07:31:00 +00:00
2021-02-02 08:07:26 +00:00
#### AFWall+ users only
2020-05-11 21:24:59 +00:00
2021-02-02 08:07:26 +00:00
If you experience no connection issue after flashing the module I suggest you to insert these scripts: (in both, enter and shutdown boxes)
2020-05-11 21:24:59 +00:00
2021-02-02 08:07:26 +00:00
```
iptables -A "afwall" -d 127.0.0.1 -p tcp --dport 5354 -j ACCEPT
iptables -A "afwall" -d 127.0.0.1 -p udp --dport 5354 -j ACCEPT
```
2020-05-11 21:24:59 +00:00
2021-02-02 08:07:26 +00:00
The issue is related to the use of `AFWall+` and only happens on some devices, it depends on how the DNS configuration is implemented in the device itself.
2020-05-13 08:50:41 +00:00
2020-05-11 21:24:59 +00:00
2021-02-02 08:07:26 +00:00
## Changelog
2019-10-01 10:03:11 +00:00
2021-02-02 08:07:26 +00:00
[Full changelog](https://git.nixnet.services/quindecim/dnscrypt-proxy-android/blob/master/CHANGELOG.md)
2018-02-27 14:42:14 +00:00
2019-10-24 07:31:00 +00:00
2021-02-02 08:07:26 +00:00
## Credits
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/DNSCrypt/dnscrypt-proxy)
- [bluemeda](https://github.com/bluemeda) for the original module
- [All contributors](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)