Merge pull request #57 from lucenera/master

Update to version 2.0.27

README.md

@@ -1,4 +1,4 @@
-# DNSCrypt Proxy 2 for Android
+# dnscrypt-proxy for Android
 
 A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt) and [DNS-over-HTTP/2](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03).
 
@@ -8,7 +8,7 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
 - All binary files are downloaded from [https://github.com/jedisct1/dnscrypt-proxy/releases](https://github.com/jedisct1/dnscrypt-proxy/releases)
 
 ## Installation
-- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
+- Download [.zip module](https://t.me/dnscrypt_proxy), flash it in Magisk Manager App or in Recovery and follow the instructions.
 
 ### Set DNS server manually with 3rd-party app (not included in this module)
 - DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
@@ -16,44 +16,25 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
   ```
   iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
   iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-  ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-  ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-  ```
+   ```
   and this shutdown script
   ```
   iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
   iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-  ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-  ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-  ```
+    ```
 
 ## Configuration (post-installing)
 - Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
 - For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
 
 ## Changelog
-### v2.8.7
-- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
-- updated binary & configuration files to 2.0.25
-- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
-### v2.8.5
- - Fix #40
-### v2.8.4
- - Fix failed to copy or backup config file
-### v2.8.3
- - Fix permission issue
- - Add option to replace or backup-restore config file
-### v2.8.2
- - Fix "binary file is missing"
-### v2.8.1
- - Update Magisk 18100 requirements
-### v2.8.0
- - Update binary files to 2.0.22
-### v2.7.0
- - Update binary files to 2.0.21
+### v1.0.0
+- updated binary & configuration files to 2.0.27
+- updated configuration file [dnscrypt.toml] according to the revision https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.27
 
 [Full changelog](changelog.md)
 
 ## Credit
 - DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
+- [bluemeda](https://github.com/bluemeda) for the original module
 - [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)

changelog.md

@@ -1,54 +1,6 @@
 # Changelog
 ## Changelog
-### v2.8.7
-- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
-- updated binary & configuration files to 2.0.25
-- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
-### v2.8.5
-- Fix #40
-### v2.8.4
-- Fix failed to copy or backup config file
-### v2.8.3
-- Fix permission issue
-- Add option to replace or backup-restore config file
-### v2.8.2
-- Fix "binary file is missing"
-### v2.8.1
-- Update Magisk 18100 requirements
-### v2.8.0
-- Update binary files 2.0.22
-### v2.7.0
-- Update binary files 2.0.21
-### v2.6.0
-- Update binary files to 2.0.19
-### v2.5.0
-- Update binary files to 2.0.16
-- add exception for cloudflare fallback resolver.
-## v2.4.0
-* Update binary files to 2.0.14
-## v2.3.0
-* Update binary files to 2.0.10
-* Add option to choose auto redirect DNS or manually set with 3rd-party app.
-## v2.2.0
-* Update binary files to 2.0.8
-## v2.1.3
-* __If you have previous version, please uninstall it first then reinstall it again or you can change listen port manually in `dnscrypt-proxy.toml` file.__
-* Fix Tethering Client cannot Resolve DNSCrypt
-* Fix Chromecast devices not showing [jedisct1/dnscrypt-proxy#226](https://github.com/jedisct1/dnscrypt-proxy/issues/226)
-* Add binary files for x86 and x86_64 (test)
-## v2.1.2
-* Bug Fixes
-## v2.1.1
-* Bug fixes
-## v2.1
-* Bug fixes
-## v2.0
-* Resolve download.dnscrypt.info first before executing `iptables`
-* Don't override dnscrypt-proxy.toml if exist
-* Update binary files to v2.0.6
-## v1.1
-* Change listen port to 5353 (avoid conflict while tethering)
 ## v1.0
 * Initial release
-* dnscrypt-proxy v2.0.5
+* dnscrypt-proxy v2.0.27
 

config/example-cloaking-rules.txt

@@ -15,6 +15,8 @@ www.bing.com             strict.bing.com
 
 yandex.ru                familysearch.yandex.ru
 
+=duckduckgo.com          safe.duckduckgo.com
+
 www.youtube.com          restrictmoderate.youtube.com
 m.youtube.com            restrictmoderate.youtube.com
 youtubei.googleapis.com  restrictmoderate.youtube.com

config/example-dnscrypt-proxy.toml

@@ -92,13 +92,13 @@ force_tcp = false
 ## Uncomment the following line to route all TCP connections to a local Tor node
 ## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
 
-# proxy = "socks5://127.0.0.1:9050"
+# proxy = 'socks5://127.0.0.1:9050'
 
 
 ## HTTP/HTTPS proxy
 ## Only for DoH servers
 
-# http_proxy = "http://127.0.0.1:8888"
+# http_proxy = 'http://127.0.0.1:8888'
 
 
 ## How long a DNS query will wait for a response, in milliseconds
@@ -111,11 +111,12 @@ timeout = 2500
 keepalive = 30
 
 
-## Use the REFUSED return code for blocked responses
-## Setting this to `false` means that some responses will be lies.
-## Unfortunately, `false` appears to be required for Android 8+
+## Response for blocked queries.  Options are `refused`, `hinfo` (default) or
+## an IP response.  To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
+## Using the `hinfo` option means that some responses will be lies.
+## Unfortunately, the `hinfo` option appears to be required for Android 8+
 
-refused_code_in_responses = false
+# blocked_query_response = 'refused'
 
 
 ## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'
@@ -165,6 +166,8 @@ cert_refresh_delay = 240
 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+##  4865 = TLS_AES_128_GCM_SHA256
+##  4867 = TLS_CHACHA20_POLY1305_SHA256
 ##
 ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
 ## the following suite improves performance.
@@ -203,7 +206,7 @@ ignore_system_dns = false
 ## initializing the proxy.
 ## Useful if the proxy is automatically started at boot, and network
 ## connectivity is not guaranteed to be immediately available.
-## Use 0 to not test for connectivity at all,
+## Use 0 to not test for connectivity at all (not recommended),
 ## and -1 to wait as much as possible.
 
 netprobe_timeout = 60
@@ -217,7 +220,7 @@ netprobe_timeout = 60
 ## On other operating systems, the connection will be initialized
 ## but nothing will be sent at all.
 
-netprobe_address = "9.9.9.9:53"
+netprobe_address = '9.9.9.9:53'
 
 
 ## Offline mode - Do not use any remote encrypted servers.
@@ -227,6 +230,14 @@ netprobe_address = "9.9.9.9:53"
 # offline_mode = false
 
 
+## Additional data to attach to outgoing queries.
+## These strings will be added as TXT records to queries.
+## Do not use, except on servers explicitly asking for extra data
+## to be present.
+
+# query_meta = ["key1:value1", "key2:value2", "key3:value3"]
+
+
 ## Automatic log files rotation
 
 # Maximum log files size in MB
@@ -516,17 +527,15 @@ cache_neg_max_ttl = 600
   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
   cache_file = 'public-resolvers.md'
   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-  refresh_delay = 72
   prefix = ''
 
   ## Quad9 over DNSCrypt - https://quad9.net/
 
   # [sources.quad9-resolvers]
-  # urls = ["https://www.quad9.net/quad9-resolvers.md"]
-  # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
-  # cache_file = "quad9-resolvers.md"
-  # refresh_delay = 72
-  # prefix = "quad9-"
+  # urls = ['https://www.quad9.net/quad9-resolvers.md']
+  # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
+  # cache_file = 'quad9-resolvers.md'
+  # prefix = 'quad9-'
 
   ## Another example source, with resolvers censoring some websites not appropriate for children
   ## This is a subset of the `public-resolvers` list, so enabling both is useless
@@ -543,5 +552,5 @@ cache_neg_max_ttl = 600
 
 [static]
 
-  # [static.'google']
-  # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'
+  # [static.'myserver']
+  # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'

config/example-whitelist.txt

@@ -15,6 +15,8 @@
 ## ads[0-9]*     | matches "ads" followed by one or more digits
 ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
 
+tracker.debian.org
+
 
 
 ## Time-based rules

install.sh

@@ -124,11 +124,11 @@ REPLACE="
 print_modname() {
   ui_print " "
   ui_print "*******************************"
-  ui_print "*       DNSCrypt-Proxy2       *"
+  ui_print "*     dnscrypt-proxy-fresh    *"
   ui_print "*        Magisk Module        *"
   ui_print "*******************************"
-  ui_print "*            v2.8.7           *"
-  ui_print "*           bluemeda          *"
+  ui_print "*            v1.0.0           *"
+  ui_print "*           lucenera          *"
   ui_print "*******************************"
   ui_print " "
 }

module.prop

@@ -1,6 +1,6 @@
 id=dnscrypt-proxy
-name=DNSCrypt-Proxy 2
-version=v2.8.7
-versionCode=25
-author=bluemeda
-description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Using DNSCrypt-proxy 2.0.25
+name=dnscrypt-proxy
+version=v2.0.0
+versionCode=1
+author=lucenera
+description=dnscrypt-proxy for Android