diff --git a/README.md b/README.md index 2648d80..f402653 100755 --- a/README.md +++ b/README.md @@ -34,6 +34,8 @@ Just flash and forget. - For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Basic-dnscrypt-proxy.toml-editing) ## Changelog +### v2.7.0 + - Update binary files to 2.0.21 ### v2.6.0 - Update binary files to 2.0.19 ### v2.5.0 diff --git a/binary/dnscrypt-proxy-arm b/binary/dnscrypt-proxy-arm index 999a1e5..cd62304 100755 Binary files a/binary/dnscrypt-proxy-arm and b/binary/dnscrypt-proxy-arm differ diff --git a/binary/dnscrypt-proxy-arm64 b/binary/dnscrypt-proxy-arm64 index b667d4a..e121f19 100755 Binary files a/binary/dnscrypt-proxy-arm64 and b/binary/dnscrypt-proxy-arm64 differ diff --git a/binary/dnscrypt-proxy-x86 b/binary/dnscrypt-proxy-x86 index f6c2155..99bf78c 100755 Binary files a/binary/dnscrypt-proxy-x86 and b/binary/dnscrypt-proxy-x86 differ diff --git a/binary/dnscrypt-proxy-x86_64 b/binary/dnscrypt-proxy-x86_64 index 7c3874c..e4f0d3a 100755 Binary files a/binary/dnscrypt-proxy-x86_64 and b/binary/dnscrypt-proxy-x86_64 differ diff --git a/changelog.md b/changelog.md index cb2eef9..bf90810 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ # Changelog ## Changelog +### v2.7.0 + - Update binary files 2.0.21 ### v2.6.0 - Update binary files to 2.0.19 ### v2.5.0 diff --git a/config/example-cloaking-rules.txt b/config/example-cloaking-rules.txt index 9b52907..e672afb 100644 --- a/config/example-cloaking-rules.txt +++ b/config/example-cloaking-rules.txt @@ -20,3 +20,4 @@ youtube.googleapis.com restrictmoderate.youtube.com www.youtube-nocookie.com restrictmoderate.youtube.com localhost 127.0.0.1 +localhost ::1 diff --git a/config/example-dnscrypt-proxy.toml b/config/example-dnscrypt-proxy.toml index df84952..02b613f 100644 --- a/config/example-dnscrypt-proxy.toml +++ b/config/example-dnscrypt-proxy.toml @@ -27,7 +27,7 @@ ## The proxy will automatically pick the fastest, working servers from the list. ## Remove the leading # first to enable this; lines starting with # are ignored. -# server_names = ['cloudflare', 'google'] +# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. @@ -38,17 +38,13 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53'] ## Maximum number of simultaneous client connections to accept -max_clients = 250 +max_clients = 150 -## Switch to a non-privileged system user after listening sockets have been created. -## Two processes will be running. -## The first one will keep root privileges, but is only a supervisor, that does nothing -## except create the sockets, manage the service, and restart it if it crashes. -## The second process is the service itself, and that one will always run as a different -## user. +## Switch to a different system user after listening sockets have been created. ## Note (1): this feature is currently unsupported on Windows. ## Note (2): this feature is not compatible with systemd socket activation. +## Note (3): when using -pidfile, the PID file directory must be writable by the new user # user_name = 'nobody' @@ -79,9 +75,12 @@ require_nolog = true # Server must not enforce its own blacklist (for parental control, ads blocking...) require_nofilter = true +# Server names to avoid even if they match all criteria +disabled_server_names = [] + ## Always use TCP to connect to upstream servers. -## This can be can be useful if you need to route everything through Tor. +## This can be useful if you need to route everything through Tor. ## Otherwise, leave this to `false`, as it doesn't improve security ## (dnscrypt-proxy will always encrypt everything even using UDP), and can ## only increase latency. @@ -89,17 +88,22 @@ require_nofilter = true force_tcp = false -## HTTP / SOCKS proxy +## SOCKS proxy ## Uncomment the following line to route all TCP connections to a local Tor node ## Tor doesn't support UDP, so set `force_tcp` to `true` as well. # proxy = "socks5://127.0.0.1:9050" +## HTTP/HTTPS proxy +## Only for DoH servers + +# http_proxy = "http://127.0.0.1:8888" + ## How long a DNS query will wait for a response, in milliseconds -timeout = 2500 +timeout = 1500 ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds @@ -107,6 +111,13 @@ timeout = 2500 keepalive = 30 +## Use the REFUSED return code for blocked responses +## Setting this to `false` means that some responses will be lies. +## Unfortunately, `false` appears to be required for Android 8+ + +refused_code_in_responses = false + + ## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random' # lb_strategy = 'p2' @@ -157,7 +168,7 @@ cert_refresh_delay = 240 ## Keep tls_cipher_suite empty if you have issues fetching sources or ## connecting to some DoH servers. Google and Cloudflare are fine with it. -# tls_cipher_suite = [52392, 49199] +tls_cipher_suite = [52392, 49199] ## Fallback resolver @@ -174,7 +185,7 @@ cert_refresh_delay = 240 ## People in China may need to use 114.114.114.114:53 here. ## Other popular options include 8.8.8.8 and 1.1.1.1. -fallback_resolver = '1.1.1.1:53' +fallback_resolver = '9.9.9.9:53' ## Never let dnscrypt-proxy try to use the system DNS settings; @@ -189,7 +200,7 @@ ignore_system_dns = false ## connectivity is not guaranteed to be immediately available. ## Use 0 to disable. -netprobe_timeout = 30 +netprobe_timeout = 60 ## Offline mode - Do not use any remote encrypted servers. @@ -202,7 +213,7 @@ netprobe_timeout = 30 ## Automatic log files rotation # Maximum log files size in MB -log_files_max_size = 10 +log_files_max_size = 1 # How long to keep backup files, in days log_files_max_age = 7 @@ -491,6 +502,15 @@ cache_neg_max_ttl = 600 refresh_delay = 72 prefix = '' + ## Quad9 over DNSCrypt - https://quad9.net/ + + # [sources.quad9-resolvers] + # urls = ["https://www.quad9.net/quad9-resolvers.md"] + # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN" + # cache_file = "quad9-resolvers.md" + # refresh_delay = 72 + # prefix = "quad9-" + ## Another example source, with resolvers censoring some websites not appropriate for children ## This is a subset of the `public-resolvers` list, so enabling both is useless diff --git a/module.prop b/module.prop index 51cead2..8477e5a 100755 --- a/module.prop +++ b/module.prop @@ -1,7 +1,11 @@ id=dnscrypt-proxy name=DNSCrypt-Proxy 2 -version=v2.6.0 -versionCode=15 + +version=v2.7.0 + + + +versionCode=16 author=bluemeda -description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. +description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Using DNSCrypt-proxy 2.0.21 minMagisk=1700