commit
9def43372a
35
README.md
35
README.md
|
@ -1,4 +1,4 @@
|
||||||
# DNSCrypt Proxy 2 for Android
|
# dnscrypt-proxy for Android
|
||||||
|
|
||||||
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt) and [DNS-over-HTTP/2](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03).
|
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt) and [DNS-over-HTTP/2](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03).
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
|
||||||
- All binary files are downloaded from [https://github.com/jedisct1/dnscrypt-proxy/releases](https://github.com/jedisct1/dnscrypt-proxy/releases)
|
- All binary files are downloaded from [https://github.com/jedisct1/dnscrypt-proxy/releases](https://github.com/jedisct1/dnscrypt-proxy/releases)
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
|
- Download [.zip module](https://t.me/dnscrypt_proxy), flash it in Magisk Manager App or in Recovery and follow the instructions.
|
||||||
|
|
||||||
### Set DNS server manually with 3rd-party app (not included in this module)
|
### Set DNS server manually with 3rd-party app (not included in this module)
|
||||||
- DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
|
- DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
|
||||||
|
@ -16,44 +16,25 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
|
||||||
```
|
```
|
||||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
```
|
||||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
|
||||||
```
|
|
||||||
and this shutdown script
|
and this shutdown script
|
||||||
```
|
```
|
||||||
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
```
|
||||||
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuration (post-installing)
|
## Configuration (post-installing)
|
||||||
- Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
|
- Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
|
||||||
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
|
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
### v2.8.7
|
### v1.0.0
|
||||||
- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
- updated binary & configuration files to 2.0.27
|
||||||
- updated binary & configuration files to 2.0.25
|
- updated configuration file [dnscrypt.toml] according to the revision https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.27
|
||||||
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
|
||||||
### v2.8.5
|
|
||||||
- Fix #40
|
|
||||||
### v2.8.4
|
|
||||||
- Fix failed to copy or backup config file
|
|
||||||
### v2.8.3
|
|
||||||
- Fix permission issue
|
|
||||||
- Add option to replace or backup-restore config file
|
|
||||||
### v2.8.2
|
|
||||||
- Fix "binary file is missing"
|
|
||||||
### v2.8.1
|
|
||||||
- Update Magisk 18100 requirements
|
|
||||||
### v2.8.0
|
|
||||||
- Update binary files to 2.0.22
|
|
||||||
### v2.7.0
|
|
||||||
- Update binary files to 2.0.21
|
|
||||||
|
|
||||||
[Full changelog](changelog.md)
|
[Full changelog](changelog.md)
|
||||||
|
|
||||||
## Credit
|
## Credit
|
||||||
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
|
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
|
||||||
|
- [bluemeda](https://github.com/bluemeda) for the original module
|
||||||
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)
|
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
50
changelog.md
50
changelog.md
|
@ -1,54 +1,6 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
## Changelog
|
## Changelog
|
||||||
### v2.8.7
|
|
||||||
- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
|
||||||
- updated binary & configuration files to 2.0.25
|
|
||||||
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
|
||||||
### v2.8.5
|
|
||||||
- Fix #40
|
|
||||||
### v2.8.4
|
|
||||||
- Fix failed to copy or backup config file
|
|
||||||
### v2.8.3
|
|
||||||
- Fix permission issue
|
|
||||||
- Add option to replace or backup-restore config file
|
|
||||||
### v2.8.2
|
|
||||||
- Fix "binary file is missing"
|
|
||||||
### v2.8.1
|
|
||||||
- Update Magisk 18100 requirements
|
|
||||||
### v2.8.0
|
|
||||||
- Update binary files 2.0.22
|
|
||||||
### v2.7.0
|
|
||||||
- Update binary files 2.0.21
|
|
||||||
### v2.6.0
|
|
||||||
- Update binary files to 2.0.19
|
|
||||||
### v2.5.0
|
|
||||||
- Update binary files to 2.0.16
|
|
||||||
- add exception for cloudflare fallback resolver.
|
|
||||||
## v2.4.0
|
|
||||||
* Update binary files to 2.0.14
|
|
||||||
## v2.3.0
|
|
||||||
* Update binary files to 2.0.10
|
|
||||||
* Add option to choose auto redirect DNS or manually set with 3rd-party app.
|
|
||||||
## v2.2.0
|
|
||||||
* Update binary files to 2.0.8
|
|
||||||
## v2.1.3
|
|
||||||
* __If you have previous version, please uninstall it first then reinstall it again or you can change listen port manually in `dnscrypt-proxy.toml` file.__
|
|
||||||
* Fix Tethering Client cannot Resolve DNSCrypt
|
|
||||||
* Fix Chromecast devices not showing [jedisct1/dnscrypt-proxy#226](https://github.com/jedisct1/dnscrypt-proxy/issues/226)
|
|
||||||
* Add binary files for x86 and x86_64 (test)
|
|
||||||
## v2.1.2
|
|
||||||
* Bug Fixes
|
|
||||||
## v2.1.1
|
|
||||||
* Bug fixes
|
|
||||||
## v2.1
|
|
||||||
* Bug fixes
|
|
||||||
## v2.0
|
|
||||||
* Resolve download.dnscrypt.info first before executing `iptables`
|
|
||||||
* Don't override dnscrypt-proxy.toml if exist
|
|
||||||
* Update binary files to v2.0.6
|
|
||||||
## v1.1
|
|
||||||
* Change listen port to 5353 (avoid conflict while tethering)
|
|
||||||
## v1.0
|
## v1.0
|
||||||
* Initial release
|
* Initial release
|
||||||
* dnscrypt-proxy v2.0.5
|
* dnscrypt-proxy v2.0.27
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,8 @@ www.bing.com strict.bing.com
|
||||||
|
|
||||||
yandex.ru familysearch.yandex.ru
|
yandex.ru familysearch.yandex.ru
|
||||||
|
|
||||||
|
=duckduckgo.com safe.duckduckgo.com
|
||||||
|
|
||||||
www.youtube.com restrictmoderate.youtube.com
|
www.youtube.com restrictmoderate.youtube.com
|
||||||
m.youtube.com restrictmoderate.youtube.com
|
m.youtube.com restrictmoderate.youtube.com
|
||||||
youtubei.googleapis.com restrictmoderate.youtube.com
|
youtubei.googleapis.com restrictmoderate.youtube.com
|
||||||
|
|
|
@ -92,13 +92,13 @@ force_tcp = false
|
||||||
## Uncomment the following line to route all TCP connections to a local Tor node
|
## Uncomment the following line to route all TCP connections to a local Tor node
|
||||||
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
|
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
|
||||||
|
|
||||||
# proxy = "socks5://127.0.0.1:9050"
|
# proxy = 'socks5://127.0.0.1:9050'
|
||||||
|
|
||||||
|
|
||||||
## HTTP/HTTPS proxy
|
## HTTP/HTTPS proxy
|
||||||
## Only for DoH servers
|
## Only for DoH servers
|
||||||
|
|
||||||
# http_proxy = "http://127.0.0.1:8888"
|
# http_proxy = 'http://127.0.0.1:8888'
|
||||||
|
|
||||||
|
|
||||||
## How long a DNS query will wait for a response, in milliseconds
|
## How long a DNS query will wait for a response, in milliseconds
|
||||||
|
@ -111,11 +111,12 @@ timeout = 2500
|
||||||
keepalive = 30
|
keepalive = 30
|
||||||
|
|
||||||
|
|
||||||
## Use the REFUSED return code for blocked responses
|
## Response for blocked queries. Options are `refused`, `hinfo` (default) or
|
||||||
## Setting this to `false` means that some responses will be lies.
|
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
|
||||||
## Unfortunately, `false` appears to be required for Android 8+
|
## Using the `hinfo` option means that some responses will be lies.
|
||||||
|
## Unfortunately, the `hinfo` option appears to be required for Android 8+
|
||||||
|
|
||||||
refused_code_in_responses = false
|
# blocked_query_response = 'refused'
|
||||||
|
|
||||||
|
|
||||||
## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'
|
## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'
|
||||||
|
@ -165,6 +166,8 @@ cert_refresh_delay = 240
|
||||||
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||||
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||||
|
## 4865 = TLS_AES_128_GCM_SHA256
|
||||||
|
## 4867 = TLS_CHACHA20_POLY1305_SHA256
|
||||||
##
|
##
|
||||||
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
|
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
|
||||||
## the following suite improves performance.
|
## the following suite improves performance.
|
||||||
|
@ -203,7 +206,7 @@ ignore_system_dns = false
|
||||||
## initializing the proxy.
|
## initializing the proxy.
|
||||||
## Useful if the proxy is automatically started at boot, and network
|
## Useful if the proxy is automatically started at boot, and network
|
||||||
## connectivity is not guaranteed to be immediately available.
|
## connectivity is not guaranteed to be immediately available.
|
||||||
## Use 0 to not test for connectivity at all,
|
## Use 0 to not test for connectivity at all (not recommended),
|
||||||
## and -1 to wait as much as possible.
|
## and -1 to wait as much as possible.
|
||||||
|
|
||||||
netprobe_timeout = 60
|
netprobe_timeout = 60
|
||||||
|
@ -217,7 +220,7 @@ netprobe_timeout = 60
|
||||||
## On other operating systems, the connection will be initialized
|
## On other operating systems, the connection will be initialized
|
||||||
## but nothing will be sent at all.
|
## but nothing will be sent at all.
|
||||||
|
|
||||||
netprobe_address = "9.9.9.9:53"
|
netprobe_address = '9.9.9.9:53'
|
||||||
|
|
||||||
|
|
||||||
## Offline mode - Do not use any remote encrypted servers.
|
## Offline mode - Do not use any remote encrypted servers.
|
||||||
|
@ -227,6 +230,14 @@ netprobe_address = "9.9.9.9:53"
|
||||||
# offline_mode = false
|
# offline_mode = false
|
||||||
|
|
||||||
|
|
||||||
|
## Additional data to attach to outgoing queries.
|
||||||
|
## These strings will be added as TXT records to queries.
|
||||||
|
## Do not use, except on servers explicitly asking for extra data
|
||||||
|
## to be present.
|
||||||
|
|
||||||
|
# query_meta = ["key1:value1", "key2:value2", "key3:value3"]
|
||||||
|
|
||||||
|
|
||||||
## Automatic log files rotation
|
## Automatic log files rotation
|
||||||
|
|
||||||
# Maximum log files size in MB
|
# Maximum log files size in MB
|
||||||
|
@ -516,17 +527,15 @@ cache_neg_max_ttl = 600
|
||||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
|
||||||
cache_file = 'public-resolvers.md'
|
cache_file = 'public-resolvers.md'
|
||||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||||
refresh_delay = 72
|
|
||||||
prefix = ''
|
prefix = ''
|
||||||
|
|
||||||
## Quad9 over DNSCrypt - https://quad9.net/
|
## Quad9 over DNSCrypt - https://quad9.net/
|
||||||
|
|
||||||
# [sources.quad9-resolvers]
|
# [sources.quad9-resolvers]
|
||||||
# urls = ["https://www.quad9.net/quad9-resolvers.md"]
|
# urls = ['https://www.quad9.net/quad9-resolvers.md']
|
||||||
# minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
|
# minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
|
||||||
# cache_file = "quad9-resolvers.md"
|
# cache_file = 'quad9-resolvers.md'
|
||||||
# refresh_delay = 72
|
# prefix = 'quad9-'
|
||||||
# prefix = "quad9-"
|
|
||||||
|
|
||||||
## Another example source, with resolvers censoring some websites not appropriate for children
|
## Another example source, with resolvers censoring some websites not appropriate for children
|
||||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
||||||
|
@ -543,5 +552,5 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[static]
|
[static]
|
||||||
|
|
||||||
# [static.'google']
|
# [static.'myserver']
|
||||||
# stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'
|
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
## ads[0-9]* | matches "ads" followed by one or more digits
|
## ads[0-9]* | matches "ads" followed by one or more digits
|
||||||
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
|
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
|
||||||
|
|
||||||
|
tracker.debian.org
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Time-based rules
|
## Time-based rules
|
||||||
|
|
|
@ -124,11 +124,11 @@ REPLACE="
|
||||||
print_modname() {
|
print_modname() {
|
||||||
ui_print " "
|
ui_print " "
|
||||||
ui_print "*******************************"
|
ui_print "*******************************"
|
||||||
ui_print "* DNSCrypt-Proxy2 *"
|
ui_print "* dnscrypt-proxy-fresh *"
|
||||||
ui_print "* Magisk Module *"
|
ui_print "* Magisk Module *"
|
||||||
ui_print "*******************************"
|
ui_print "*******************************"
|
||||||
ui_print "* v2.8.7 *"
|
ui_print "* v1.0.0 *"
|
||||||
ui_print "* bluemeda *"
|
ui_print "* lucenera *"
|
||||||
ui_print "*******************************"
|
ui_print "*******************************"
|
||||||
ui_print " "
|
ui_print " "
|
||||||
}
|
}
|
||||||
|
|
10
module.prop
10
module.prop
|
@ -1,6 +1,6 @@
|
||||||
id=dnscrypt-proxy
|
id=dnscrypt-proxy
|
||||||
name=DNSCrypt-Proxy 2
|
name=dnscrypt-proxy
|
||||||
version=v2.8.7
|
version=v2.0.0
|
||||||
versionCode=25
|
versionCode=1
|
||||||
author=bluemeda
|
author=lucenera
|
||||||
description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Using DNSCrypt-proxy 2.0.25
|
description=dnscrypt-proxy for Android
|
||||||
|
|
Loading…
Reference in New Issue