diff --git a/README.md b/README.md index 82c0acd..71aba81 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# DNSCrypt Proxy 2 for Android +# dnscrypt-proxy for Android A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt) and [DNS-over-HTTP/2](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03). @@ -8,7 +8,7 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D - All binary files are downloaded from [https://github.com/jedisct1/dnscrypt-proxy/releases](https://github.com/jedisct1/dnscrypt-proxy/releases) ## Installation -- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions. +- Download [.zip module](https://t.me/dnscrypt_proxy), flash it in Magisk Manager App or in Recovery and follow the instructions. ### Set DNS server manually with 3rd-party app (not included in this module) - DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6 @@ -16,44 +16,25 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D ``` iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 - ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354 - ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354 - ``` + ``` and this shutdown script ``` iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 - ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354 - ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354 - ``` + ``` ## Configuration (post-installing) - Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml] - For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration) ## Changelog -### v2.8.7 -- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard] -- updated binary & configuration files to 2.0.25 -- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only. -### v2.8.5 - - Fix #40 -### v2.8.4 - - Fix failed to copy or backup config file -### v2.8.3 - - Fix permission issue - - Add option to replace or backup-restore config file -### v2.8.2 - - Fix "binary file is missing" -### v2.8.1 - - Update Magisk 18100 requirements -### v2.8.0 - - Update binary files to 2.0.22 -### v2.7.0 - - Update binary files to 2.0.21 +### v1.0.0 +- updated binary & configuration files to 2.0.27 +- updated configuration file [dnscrypt.toml] according to the revision https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.27 [Full changelog](changelog.md) ## Credit - DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy) +- [bluemeda](https://github.com/bluemeda) for the original module - [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors) diff --git a/binary/dnscrypt-proxy-arm b/binary/dnscrypt-proxy-arm old mode 100755 new mode 100644 index bbca1f9..e2caff4 Binary files a/binary/dnscrypt-proxy-arm and b/binary/dnscrypt-proxy-arm differ diff --git a/binary/dnscrypt-proxy-arm64 b/binary/dnscrypt-proxy-arm64 old mode 100755 new mode 100644 index e6fd28a..57ca70b Binary files a/binary/dnscrypt-proxy-arm64 and b/binary/dnscrypt-proxy-arm64 differ diff --git a/binary/dnscrypt-proxy-x86 b/binary/dnscrypt-proxy-x86 old mode 100755 new mode 100644 index 7ce15dd..5b0d330 Binary files a/binary/dnscrypt-proxy-x86 and b/binary/dnscrypt-proxy-x86 differ diff --git a/binary/dnscrypt-proxy-x86_64 b/binary/dnscrypt-proxy-x86_64 old mode 100755 new mode 100644 index 06df028..cd9f638 Binary files a/binary/dnscrypt-proxy-x86_64 and b/binary/dnscrypt-proxy-x86_64 differ diff --git a/changelog.md b/changelog.md index d37c5ad..188ee2f 100644 --- a/changelog.md +++ b/changelog.md @@ -1,54 +1,6 @@ # Changelog ## Changelog -### v2.8.7 -- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard] -- updated binary & configuration files to 2.0.25 -- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only. -### v2.8.5 -- Fix #40 -### v2.8.4 -- Fix failed to copy or backup config file -### v2.8.3 -- Fix permission issue -- Add option to replace or backup-restore config file -### v2.8.2 -- Fix "binary file is missing" -### v2.8.1 -- Update Magisk 18100 requirements -### v2.8.0 -- Update binary files 2.0.22 -### v2.7.0 -- Update binary files 2.0.21 -### v2.6.0 -- Update binary files to 2.0.19 -### v2.5.0 -- Update binary files to 2.0.16 -- add exception for cloudflare fallback resolver. -## v2.4.0 -* Update binary files to 2.0.14 -## v2.3.0 -* Update binary files to 2.0.10 -* Add option to choose auto redirect DNS or manually set with 3rd-party app. -## v2.2.0 -* Update binary files to 2.0.8 -## v2.1.3 -* __If you have previous version, please uninstall it first then reinstall it again or you can change listen port manually in `dnscrypt-proxy.toml` file.__ -* Fix Tethering Client cannot Resolve DNSCrypt -* Fix Chromecast devices not showing [jedisct1/dnscrypt-proxy#226](https://github.com/jedisct1/dnscrypt-proxy/issues/226) -* Add binary files for x86 and x86_64 (test) -## v2.1.2 -* Bug Fixes -## v2.1.1 -* Bug fixes -## v2.1 -* Bug fixes -## v2.0 -* Resolve download.dnscrypt.info first before executing `iptables` -* Don't override dnscrypt-proxy.toml if exist -* Update binary files to v2.0.6 -## v1.1 -* Change listen port to 5353 (avoid conflict while tethering) ## v1.0 * Initial release -* dnscrypt-proxy v2.0.5 +* dnscrypt-proxy v2.0.27 diff --git a/config/example-cloaking-rules.txt b/config/example-cloaking-rules.txt index 249410d..314d7b5 100644 --- a/config/example-cloaking-rules.txt +++ b/config/example-cloaking-rules.txt @@ -15,6 +15,8 @@ www.bing.com strict.bing.com yandex.ru familysearch.yandex.ru +=duckduckgo.com safe.duckduckgo.com + www.youtube.com restrictmoderate.youtube.com m.youtube.com restrictmoderate.youtube.com youtubei.googleapis.com restrictmoderate.youtube.com diff --git a/config/example-dnscrypt-proxy.toml b/config/example-dnscrypt-proxy.toml index 6fdfe35..8455f8d 100644 --- a/config/example-dnscrypt-proxy.toml +++ b/config/example-dnscrypt-proxy.toml @@ -92,13 +92,13 @@ force_tcp = false ## Uncomment the following line to route all TCP connections to a local Tor node ## Tor doesn't support UDP, so set `force_tcp` to `true` as well. -# proxy = "socks5://127.0.0.1:9050" +# proxy = 'socks5://127.0.0.1:9050' ## HTTP/HTTPS proxy ## Only for DoH servers -# http_proxy = "http://127.0.0.1:8888" +# http_proxy = 'http://127.0.0.1:8888' ## How long a DNS query will wait for a response, in milliseconds @@ -111,11 +111,12 @@ timeout = 2500 keepalive = 30 -## Use the REFUSED return code for blocked responses -## Setting this to `false` means that some responses will be lies. -## Unfortunately, `false` appears to be required for Android 8+ +## Response for blocked queries. Options are `refused`, `hinfo` (default) or +## an IP response. To give an IP response, use the format `a:,aaaa:`. +## Using the `hinfo` option means that some responses will be lies. +## Unfortunately, the `hinfo` option appears to be required for Android 8+ -refused_code_in_responses = false +# blocked_query_response = 'refused' ## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random' @@ -165,6 +166,8 @@ cert_refresh_delay = 240 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 +## 4865 = TLS_AES_128_GCM_SHA256 +## 4867 = TLS_CHACHA20_POLY1305_SHA256 ## ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), ## the following suite improves performance. @@ -203,7 +206,7 @@ ignore_system_dns = false ## initializing the proxy. ## Useful if the proxy is automatically started at boot, and network ## connectivity is not guaranteed to be immediately available. -## Use 0 to not test for connectivity at all, +## Use 0 to not test for connectivity at all (not recommended), ## and -1 to wait as much as possible. netprobe_timeout = 60 @@ -217,7 +220,7 @@ netprobe_timeout = 60 ## On other operating systems, the connection will be initialized ## but nothing will be sent at all. -netprobe_address = "9.9.9.9:53" +netprobe_address = '9.9.9.9:53' ## Offline mode - Do not use any remote encrypted servers. @@ -227,6 +230,14 @@ netprobe_address = "9.9.9.9:53" # offline_mode = false +## Additional data to attach to outgoing queries. +## These strings will be added as TXT records to queries. +## Do not use, except on servers explicitly asking for extra data +## to be present. + +# query_meta = ["key1:value1", "key2:value2", "key3:value3"] + + ## Automatic log files rotation # Maximum log files size in MB @@ -516,17 +527,15 @@ cache_neg_max_ttl = 600 urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] cache_file = 'public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 prefix = '' ## Quad9 over DNSCrypt - https://quad9.net/ # [sources.quad9-resolvers] - # urls = ["https://www.quad9.net/quad9-resolvers.md"] - # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN" - # cache_file = "quad9-resolvers.md" - # refresh_delay = 72 - # prefix = "quad9-" + # urls = ['https://www.quad9.net/quad9-resolvers.md'] + # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' + # cache_file = 'quad9-resolvers.md' + # prefix = 'quad9-' ## Another example source, with resolvers censoring some websites not appropriate for children ## This is a subset of the `public-resolvers` list, so enabling both is useless @@ -543,5 +552,5 @@ cache_neg_max_ttl = 600 [static] - # [static.'google'] - # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA' + # [static.'myserver'] + # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' diff --git a/config/example-whitelist.txt b/config/example-whitelist.txt index c1cbdd1..6619078 100644 --- a/config/example-whitelist.txt +++ b/config/example-whitelist.txt @@ -15,6 +15,8 @@ ## ads[0-9]* | matches "ads" followed by one or more digits ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster +tracker.debian.org + ## Time-based rules diff --git a/install.sh b/install.sh index 0b572b0..c2e3fc7 100755 --- a/install.sh +++ b/install.sh @@ -124,11 +124,11 @@ REPLACE=" print_modname() { ui_print " " ui_print "*******************************" - ui_print "* DNSCrypt-Proxy2 *" + ui_print "* dnscrypt-proxy-fresh *" ui_print "* Magisk Module *" ui_print "*******************************" - ui_print "* v2.8.7 *" - ui_print "* bluemeda *" + ui_print "* v1.0.0 *" + ui_print "* lucenera *" ui_print "*******************************" ui_print " " } diff --git a/module.prop b/module.prop index adb8bb6..28737d6 100755 --- a/module.prop +++ b/module.prop @@ -1,6 +1,6 @@ id=dnscrypt-proxy -name=DNSCrypt-Proxy 2 -version=v2.8.7 -versionCode=25 -author=bluemeda -description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Using DNSCrypt-proxy 2.0.25 +name=dnscrypt-proxy +version=v2.0.0 +versionCode=1 +author=lucenera +description=dnscrypt-proxy for Android