Remove `dnscrypt.ca-*` resolvers (thank you)

https://github.com/DNSCrypt/dnscrypt-resolvers/pull/861

CHANGELOG.md

@@ -1,7 +1,168 @@
 # Changelog
 
 ## unreleased
--
+### Changed
+- `dct-nl1` name resolver to `dct-nl`.
+- `dct-ru1` name resolver to `dct-ru`.
+- Optimized relays.
+
+### Removed
+- `dct-at1` resolver (ceased).
+- `dnscrypt.ca-1` resolver (ceased).
+- `dnscrypt.ca-2` resolver (ceased).
+
+## 2.1.5
+### Upstream
+ - dnscrypt-proxy can be compiled with Go 1.21.0+
+ - Responses to blocked queries now include extended error codes
+ - Reliability of connections using HTTP/3 has been improved
+ - New configuration directive: `tls_key_log_file`. When defined, this
+is the path to a file where TLS secret keys will be written to, so
+that DoH traffic can be locally inspected.
+
+### Changed
+- Optimized relays.
+
+### Removed
+- `altername` resolver (temporarily down).
+- `dct-de1` resolver (ceased).
+- `dns.watch` resolver (unresponsive).
+- `starrydns` resolver (ceased).
+
+## 2.1.4
+### Upstream
+ - Fixes a regression from version 2.1.3: when cloaking was enabled,
+blocked responses were returned for records that were not A/AAAA/PTR
+even for names that were not in the cloaked list.
+
+### Added
+- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia).
+
+## 2.1.3
+### Upstream
+ - DNS-over-HTTP/3 (QUIC) should be more reliable. In particular,
+version 2.1.2 required another (non-QUIC) resolver to be present for
+bootstrapping, or the resolver's IP address to be present in the
+stamp. This is not the case any more.
+ - dnscrypt-proxy is now compatible with Go 1.20+
+ - Commands (-check, -show-certs, -list, -list-all) now ignore log
+files and directly output the result to the standard output.
+ - The `cert_ignore_timestamp` configuration switch is now documented.
+It allows ignoring timestamps for DNSCrypt certificate verification,
+until a first server is available. This should only be used on devices
+that don't have any ways to set the clock before DNS service is up.
+However, a safer alternative remains to use an NTP server with a fixed
+IP address (such as time.google.com), configured in the captive portals
+file.
+ - Cloaking: when a name is cloaked, unsupported record types now
+return a blocked response rather than the actual records.
+ - systemd: report Ready earlier as dnscrypt-proxy can itself manage
+retries for updates/refreshes.
+
+### Added
+- Script in `customize.sh` file for automatically disable Private DNS feature.
+- `dct-nl1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Naaldwijk, Netherlands).
+- `openinternet` resolver (DNSCrypt resolver colocated at Sonic.net in Santa Rosa, CA in the United States. No log, no filter, DNSSEC. Provided by https://openinternet.io).
+
+### Changed
+- Optimized relays.
+
+### Removed
+- `acsacsar-ams-ipv4` resolver (unresponsive).
+- `dct-ru1` resolver (unresponsive).
+- `dnscrypt.eu-nl` resolver (ceased).
+- `dotya.ml` resolver (unresponsive).
+- `resolver4.dns.openinternet.io` resolver (changed).
+- `sgp-dn53` resolver (unresponsive).
+
+### Fixed
+- Show the correct changelog version in Magisk app.
+
+## 2.1.2.4
+### Added
+- Automatic redirections in `post-fs-data.sh` file.
+
+### Changed
+- Use a more modern [DNS.SB](https://dns.sb/) as `bootstrap_resolvers`.
+
+## 2.1.2.3
+### Changed
+- Use [DNS.SB](https://dns.sb/) as `bootstrap_resolvers`.
+- Use [DNS.SB](https://dns.sb/) as `netprobe_address`.
+
+### Removed
+- Automatic redirections in `post-fs-data.sh` file.
+
+## 2.1.2.2
+### Fixed
+- Forgotten scripts in `post-fs-data` file (it prevent using bootstrap resolvers correctly).
+
+## 2.1.2.1
+### Added
+- `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria).
+- `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany).
+- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia).
+- `dnswarden-uncensor-dc-swiss` resolver (Hosted in Switzerland. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
+- `dotya.ml` resolver (Free, uncensored, DNSSEC-validated, non-logging DNSCrypt server hosted in Nuremberg, Germany on Contabo servers. Operated by dotya.ml, configs live [here](https://git.dotya.ml/dotya.ml/dnscrypt-server)).
+- `sby-limotelu` resolver (non-censoring, non-logging, DNSSEC-capable Hosted in Surabaya, Indonesia (Dnscrypt) https://limotelu.org maintained by [poentodewo](https://github.com/poentodewo)).
+- `sgp-dn53` resolver (non-censoring, non-logging, DNSSEC-capable Hosted in Singapore (Dnscrypt) https://limotelu.org maintained by [poentodewo](https://github.com/poentodewo)).
+- `starrydns` resolver (DNSCrypt server in Singapore, no filter, no logs, DNSSEC support).
+
+### Changed
+- Optimized relays.
+- Use [dns.watch](https://dns.watch/) `resolver1` and `resolver2` as `bootstrap_resolvers`.
+- Use [dns.watch](https://dns.watch/) `resolver1` as `netprobe_address`.
+
+### Removed
+- `breddns` resolver (unresponsive).
+- `dnswarden-uncensor-fr1-dc` resolver (changed).
+- `dnswarden-uncensor-ind1-dc` resolver (changed).
+- `dnswarden-uncensor-sg1-dc` resolver (changed).
+- `dnswarden-uncensor-us1-dc` resolver (changed).
+- `moulticast-fr-ipv4` resolver (unresponsive).
+- `moulticast-sg-ipv4` resolver (unresponsive).
+- `moulticast-uk-ipv4` resolver (unresponsive).
+- `pwoss.org-dnscrypt` resolver (unresponsive).
+
+## 2.1.2
+### Upstream
+- Support for DoH over HTTP/3 (DoH3, HTTP over QUIC) has been added.
+Compatible servers will automatically use it. Note that QUIC uses UDP
+(usually over port 443, like DNSCrypt) instead of TCP.
+- In previous versions, memory usage kept growing due to channels not
+being properly closed, causing goroutines to pile up. This was fixed,
+resulting in an important reduction of memory usage. Thanks to
+@lifenjoiner for investigating and fixing this!
+- DNS64: `CNAME` records are now translated like other responses.
+Thanks to @ignoramous for this!
+- A relay whose name has been configured, but doesn't exist in the
+list of available relays is now a hard error. Thanks to @lifenjoiner!
+- Mutexes/locking: bug fixes and improvements, by @ignoramous
+- Official packages now include linux/riscv64 builds.
+- `dnscrypt-proxy -resolve` now reports if ECS (EDNS-clientsubnet) is
+supported by the server.
+- `dnscrypt-proxy -list` now includes ODoH (Oblivious DoH) servers.
+- Local DoH: queries made using the `GET` method are now handled.
+- The service can now be installed on OpenRC-based systems.
+- `PTR` queries are now supported for cloaked domains. Contributed by
+Ian Bashford, thanks!
+
+### Added
+- Scripts in `post-fs-data.sh` file for force disable IPv6 connections at OS level, preventing possible leaks.
+- `breddns` resolver (Non-logging DNSCrypt server located in Luxembourg, operated by @tmclo).
+- `dnswarden-uncensor-fr1-dc` resolver (Hosted in France. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
+- `dnswarden-uncensor-ind1-dc` resolver (Hosted in India. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
+- `dnswarden-uncensor-sg1-dc` resolver (Hosted in Singapore. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
+- `dnswarden-uncensor-us1-dc` resolver (Hosted in USA (Dallas). For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
+
+### Changed
+- Adjusted `versionCode` in `module.prop` file (more easy share beta and manage minor dnscrypt-proxy versions with two digits).
+- Optimized relays.
+
+### Removed
+- `dnswarden-asia-uncensor-dcv4` resolver (changed).
+- `dnswarden-eu-uncensor-dcv4` resolver (changed).
+- `dnswarden-us-uncensor-dcv4` resolver (changed).
 
 ## 2.1.1-3
 ### Added
@@ -41,8 +202,8 @@
 ### Added
 - `uninstall.sh` file for `dnscrypt-proxy` folder removal after module uninstallation (Android 7 and below at the moment).
 - `update.json` file for enable the new auto-update feature from `Magisk v24+`.
-- `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria.).
-- `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany.).
+- `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria).
+- `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany).
 - `dns.digitalsize.net` resolver (A public, non-tracking, non-filtering DNS resolver with DNSSEC enabled and hosted in Germany (https://dns.digitalsize.net)).
 - `dnswarden-asia-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Singapore. by Bhanu Pratap).
 - `dnswarden-eu-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Germany. by Bhanu Pratap).
@@ -97,10 +258,10 @@ clarity. Please update your configuration file accordingly.
 - UncensoredDNS (Unicast) in addition to UncensoredDNS (Anycast) as `bootstrap_resolvers`.
 - `ams-dnscrypt-nl` resolver (Resolver in Amsterdam. Dnscrypt protocol. Non-logging, non-filtering, DNSSEC).
 - `altername` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, EmerDNS | Location: Moscow, Russia).
-- `dama.no-osl-s04` resolver (DNSCrypt server located in Oslo/Norway. Link-speed 100 Mbit/s. Non-censoring, non-logging, DNSSEC-capable.).
+- `dama.no-osl-s04` resolver (DNSCrypt server located in Oslo/Norway. Link-speed 100 Mbit/s. Non-censoring, non-logging, DNSSEC-capable).
 - `dama.no-sa-a80` resolver (DNSCrypt Server located in Sandefjord/Norway. non-censoring, non-logging, DNSSEC-capable).
-- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Saint Petersburg, Russia.).
-- `dct-ru2` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia.).
+- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Saint Petersburg, Russia).
+- `dct-ru2` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia).
 - `dns.watch` resolver (Free, uncensored, non-logging server in Germany. https://dns.watch).
 - `gombadi-syd` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, Unbound | Location: Sydney, AU).
 - `kenshiro` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Amsterdam. by lucenera).
@@ -178,13 +339,13 @@ relays and parental-control.
 - `allowed-ips.txt` and `blocked-ips.txt` files (as placeholder).
 - Cleanup unneeded binary files after the installation.
 - `acsacsar-ams-ipv4` resolver (Public non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver hosted on Scaleway by [acsacsar](https://nitter.net/acsacsar)).
-- `arvind-io` resolver (Public resolver by EnKrypt (https://arvind.io). Hosted in Bangalore, India. Non-logging, non-filtering, supports DNSSEC.).
-- `bcn-dnscrypt` resolver (Resolver in Barcelona, Spain. DNSCrypt protocol. Non-logging, non-filtering, DNSSEC.).
+- `arvind-io` resolver (Public resolver by EnKrypt (https://arvind.io). Hosted in Bangalore, India. Non-logging, non-filtering, supports DNSSEC).
+- `bcn-dnscrypt` resolver (Resolver in Barcelona, Spain. DNSCrypt protocol. Non-logging, non-filtering, DNSSEC).
 - `d0wn-tz-ns1` resolver (Server provided by Martin 'd0wn' Albus) Hosted by Aptus Solutions Ltd. in Tanzania.
 - `dnscrypt.be` resolver (Resolver in Leuven, Belgium (UCLL Campus Proximus). Non-logging/DNSSEC/Uncensored. https://dnscrypt.be
 Maintained by Sigfried (https://sigfried.be) hosted by ISW Leuven (https://iswleuven.be)).
-- `dnscrypt.ca-1` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure.).
-- `dnscrypt.ca-2` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure.).
+- `dnscrypt.ca-1` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure).
+- `dnscrypt.ca-2` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure).
 - `dnscrypt.one` resolver (Non-logging, non-censoring, DNSSEC-capable DNSCrypt resolver hosted in Germany (Nuremberg), https://dnscrypt.one).
 - `dnscrypt.pl` resolver (Free | No filtering | Zero logs | DNSSEC | Poland | https://dnscrypt.pl/).
 - `ev-canada` resolver (Non-logging, uncensored DNS resolver provided by evilvibes.com Location: Vancouver, Canada).
@@ -247,15 +408,15 @@ forced to use TCP.
 
 ## 2.0.42-3
 ### Added
-- `DROP` properly `IPv6` queries in `post-fs-data.sh` file (no more DNS leaks this time).
+- `DROP` properly IPv6 queries in `post-fs-data.sh` file (no more DNS leaks this time).
 
 ## 2.0.42-2
 ### Added
-- 2nd attempt to `DROP` `IPv6` queries in `post-fs-data.sh` file.
+- 2nd attempt to `DROP` IPv6 queries in `post-fs-data.sh` file.
 
 ## 2.0.42-1
 ### Added
-- 1st attempt to `DROP` `IPv6` queries in `post-fs-data.sh` file.
+- 1st attempt to `DROP` IPv6 queries in `post-fs-data.sh` file.
 - `whitelist.txt` file (as placeholder, once the blacklist goes public).
 - `meganerd` resolver (Non-logging, non-filtering, supports DNSSEC by MegaNerd.nl).
 

LICENSE.md

@@ -632,7 +632,7 @@ state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     dnscrypt-proxy-android
-    Copyright (C) 2020-2022, quindecim
+    Copyright (C) 2020-2023, d3cim
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    dnscrypt-proxy-android  Copyright (C) 2020-2022, quindecim
+    dnscrypt-proxy-android  Copyright (C) 2020-2023, d3cim
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

README.md

@@ -1,7 +1,7 @@
 # DNSCrypt Proxy 2 for Android
 
-![GitHub release (latest by date)](https://img.shields.io/github/v/release/quindecim/dnscrypt-proxy-android?style=for-the-badge)
-![GitHub all releases](https://img.shields.io/github/downloads/quindecim/dnscrypt-proxy-android/total?style=for-the-badge)
+![GitHub release (latest by date)](https://img.shields.io/github/v/release/d3cim/dnscrypt-proxy-android?style=for-the-badge)
+![GitHub all releases](https://img.shields.io/github/downloads/d3cim/dnscrypt-proxy-android/total?style=for-the-badge)
 
 A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) and [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md).
 
@@ -22,7 +22,7 @@ All the binary files are downloaded from the [official release page](https://git
 
 ## Differences from the main project
 
-- `server_names` = `acsacsar-ams-ipv4` [NLD], `altername` [RUS], `ams-dnscrypt-nl` [NLD], `d0wn-tz-ns1` [TZA], `dns.watch` [DEU], `dnscrypt.be` [BEL], `dnscrypt.ca-1` [CAN], `dnscrypt.ca-2` [CAN], `dnscrypt.eu-nl` [NLD], `dnscrypt.pl` [POL], `dnscrypt.uk-ipv4` [GBR], `dnswarden-asia-uncensor-dcv4` [SGP], `dnswarden-eu-uncensor-dcv4` [DEU], `dnswarden-us-uncensor-dcv4` [USA], `meganerd` [NLD], `moulticast-fr-ipv4` [FRA], `moulticast-sg-ipv4` [SGP], `moulticast-uk-ipv4` [GBR], `plan9dns-fl` [USA], `plan9dns-mx` [MEX], `plan9dns-nj` [USA], `pryv8boi` [DEU], `pwoss.org-dnscrypt` [DEU], `resolver4.dns.openinternet.io` [USA], `scaleway-ams` [NLD], `scaleway-fr` [FRA], `serbica` [NLD], `techsaviours.org-dnscrypt` [DEU], `v.dnscrypt.uk-ipv4` [GBR] are the resolvers in use.
+- `server_names` = `ams-dnscrypt-nl` [NLD], `d0wn-tz-ns1` [TZA], `dct-nl` [NLD], `dct-ru` [RUS], `dnscrypt.be` [BEL], `dnscrypt.pl` [POL], `dnscrypt.uk-ipv4` [GBR], `dnswarden-uncensor-dc-swiss` [CHE], `meganerd` [NLD], `openinternet` [USA], `plan9dns-fl` [USA], `plan9dns-mx` [MEX], `plan9dns-nj` [USA], `pryv8boi` [DEU], `sby-limotelu` [IDN], `scaleway-ams` [NLD], `scaleway-fr` [FRA], `serbica` [NLD], `techsaviours.org-dnscrypt` [DEU], `v.dnscrypt.uk-ipv4` [GBR] are the resolvers in use.
 
 - `doh_servers = false` (disable servers implementing the `DNS-over-HTTPS` protocol)
 
@@ -38,13 +38,13 @@ All the binary files are downloaded from the [official release page](https://git
 
 - `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query)
 
-- `bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53']` (use [UncensoredDNS (Anycast & Unicast)](https://blog.uncensoreddns.org/) instead [CloudFlare](https://archive.today/tS1Ln))
+- `bootstrap_resolvers = ['45.11.45.11:53']` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
 
-- `netprobe_address = '91.239.100.100:53'` (use [UncensoredDNS (Anycast)](https://blog.uncensoreddns.org/) instead [CloudFlare](https://archive.today/tS1Ln))
+- `netprobe_address = '45.11.45.11:53'` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
 
 - `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response)
 
-- `blocked-names.txt`, `blocked-ips.txt`, `allowed-names.txt` and `allowed-ips.txt` files enabled. (to know more specifics about this, please refer to the [Filters (optional)](https://github.com/quindecim/dnscrypt-proxy-android#filters-optional) section below)
+- `blocked-names.txt`, `blocked-ips.txt`, `allowed-names.txt` and `allowed-ips.txt` files enabled. (to know more specifics about this, please refer to the [Filters (optional)](https://github.com/d3cim/dnscrypt-proxy-android#filters-optional) section below)
 
 - `anonymized_dns` feature enabled. (`routes` are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)
 
@@ -54,7 +54,7 @@ All the binary files are downloaded from the [official release page](https://git
 
 ## Installation
 
-**1.** Download the latest `dnscrypt-proxy-android-*.zip` file from the [Releases](https://github.com/quindecim/dnscrypt-proxy-android/releases/latest) page and flash it with [Magisk](https://github.com/topjohnwu/Magisk):
+**1.** Download the latest `dnscrypt-proxy-android-*.zip` file from the [Releases](https://github.com/d3cim/dnscrypt-proxy-android/releases/latest) page and flash it with [Magisk](https://github.com/topjohnwu/Magisk):
 
 ```
 Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip
@@ -74,22 +74,23 @@ For a more detailed configuration you can refer to the [official documentation](
 
 Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.
 
-This [module](https://github.com/quindecim/dnscrypt-proxy-android) comes with the [filtering feature](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters) enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of `dnscrypt-proxy` service.\
-To know more about it you can consult the [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters), or in a simpler way through my [block repository](https://github.com/quindecim/block).
+This [module](https://github.com/d3cim/dnscrypt-proxy-android) comes with the [filtering feature](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters) enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of `dnscrypt-proxy` service.\
+To know more about it you can consult the [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters), or in a simpler way through my [block repository](https://github.com/d3cim/block).
 
-I'm also providing the `allowed-names.txt` and `blocked-names.txt` files regularly updated at [dnscrypt-proxy-filters | CHANNEL](https://t.me/dnscrypt_proxy_filters). The [sources](https://github.com/quindecim/block#sources) used for this merge are among the hardest on the web.
+I'm also providing the `allowed-names.txt` and `blocked-names.txt` files regularly updated at [dnscrypt-proxy-filters | CHANNEL](https://t.me/dnscrypt_proxy_filters). The [sources](https://github.com/d3cim/block#sources) used for this merge are among the hardest on the web.
 
-You can contribute to this blocklist at anytime, opening a [New Issue](https://github.com/quindecim/dnscrypt-proxy-android/issues) here or simply reporting the issue at [dnscrypt-proxy-filters | CHAT](https://t.me/qd_invitations) on [Telegram](https://telegram.org/).
+You can contribute to this blocklist at anytime, opening a [New Issue](https://github.com/d3cim/dnscrypt-proxy-android/issues) here or simply reporting the issue at [dnscrypt-proxy-filters | CHAT](https://t.me/qd_invitations) on [Telegram](https://telegram.org/).
 
 ## Changelog
 
-- See [CHANGELOG](https://github.com/quindecim/dnscrypt-proxy-android/blob/master/CHANGELOG.md).
+- See [CHANGELOG](https://github.com/d3cim/dnscrypt-proxy-android/blob/master/CHANGELOG.md).
 
 ## Version numbers
 
-dnscrypt-proxy-android version numbers consist of 4 parts: `MAJOR.MINOR.BUILD-PATCH`.
+dnscrypt-proxy-android tags follow the format `{dnscrypt-proxy_version}.{revision}` where
 
-`MAJOR`, `MINOR` and `BUILD` will be updated according to the main project, these values ​​will always be in sync with it.  `PATCH` is an optional value that will be set on my side when I release a build before the original project.
+* `dnscrypt-proxy_version` is the version of dnscrypt-proxy used in `x.x.x` format, and
+* `revision` is a number indicating the version of dnscrypt-proxy-android for the corresponding dnscrypt-proxy version.
 
 ## Donations
 

config/LICENSE

@@ -1,6 +1,6 @@
 ISC License
 
-Copyright (c) 2018-2022, Frank Denis <j at pureftpd dot org>
+Copyright (c) 2018-2023, Frank Denis <j at pureftpd dot org>
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above

config/allowed-ips.txt

@@ -3,10 +3,10 @@
 #        IP allowlist        #
 ##############################
 
-## Author      : quindecim   : https://github.com/quindecim
-##                             https://git.nixnet.services/quindecim
+## Author      : d3cim  : https://github.com/d3cim
+##                        https://git.nixnet.services/d3cim
 ##
-## License     : GPLv3       : https://github.com/quindecim/block/blob/master/LICENSE.md
+## License     : GPLv3  : https://github.com/d3cim/block/blob/master/LICENSE.md
 ##
 ##
 ## DO NOT DELETE THIS FILE !!
@@ -14,4 +14,4 @@
 ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
 ##
 ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
-##               https://github.com/quindecim/block
+##               https://github.com/d3cim/block

config/allowed-names.txt

@@ -3,10 +3,10 @@
 #        Allowlist        #
 ###########################
 
-## Author      : quindecim   : https://github.com/quindecim
-##                             https://git.nixnet.services/quindecim
+## Author      : d3cim  : https://github.com/d3cim
+##                        https://git.nixnet.services/d3cim
 ##
-## License     : GPLv3       : https://github.com/quindecim/block/blob/master/LICENSE.md
+## License     : GPLv3  : https://github.com/d3cim/block/blob/master/LICENSE.md
 ##
 ##
 ## DO NOT DELETE THIS FILE !!
@@ -14,4 +14,4 @@
 ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
 ##
 ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
-##               https://github.com/quindecim/block
+##               https://github.com/d3cim/block

config/blocked-ips.txt

@@ -3,12 +3,12 @@
 #        IP blocklist        #
 ##############################
 
-## Author      : quindecim   : https://github.com/quindecim
-##                             https://git.nixnet.services/quindecim
+## Author      : d3cim     : https://github.com/d3cim
+##                           https://git.nixnet.services/d3cim
 ##
-## Based on    : DNSCrypt    : Rebind Protection   : https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebind-protection
+## Based on    : DNSCrypt  : Rebind Protection  : https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebind-protection
 ##
-## License     : GPLv3       : https://github.com/quindecim/block/blob/master/LICENSE.md
+## License     : GPLv3     : https://github.com/d3cim/block/blob/master/LICENSE.md
 ##
 ##
 ## DO NOT DELETE THIS FILE !!
@@ -16,7 +16,7 @@
 ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
 ##
 ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
-##               https://github.com/quindecim/block
+##               https://github.com/d3cim/block
 
 # Blocklist from [https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebinding-protection]
 # Localhost rebind protection

config/blocked-names.txt

@@ -3,10 +3,10 @@
 #        Blocklist        #
 ###########################
 
-## Author      : quindecim   : https://github.com/quindecim
-##                             https://git.nixnet.services/quindecim
+## Author      : d3cim  : https://github.com/d3cim
+##                        https://git.nixnet.services/d3cim
 ##
-## License     : GPLv3       : https://github.com/quindecim/block/blob/master/LICENSE.md
+## License     : GPLv3  : https://github.com/d3cim/block/blob/master/LICENSE.md
 ##
 ##
 ## DO NOT DELETE THIS FILE !!
@@ -14,4 +14,4 @@
 ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
 ##
 ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
-##               https://github.com/quindecim/block
+##               https://github.com/d3cim/block

config/dnscrypt-proxy.toml

@@ -29,7 +29,7 @@
 ##
 ## Remove the leading # first to enable this; lines starting with # are ignored.
 
-server_names = ['acsacsar-ams-ipv4', 'altername', 'ams-dnscrypt-nl', 'd0wn-tz-ns1', 'dns.watch', 'dnscrypt.be', 'dnscrypt.ca-1', 'dnscrypt.ca-2', 'dnscrypt.eu-nl', 'dnscrypt.pl', 'dnscrypt.uk-ipv4', 'dnswarden-asia-uncensor-dcv4', 'dnswarden-eu-uncensor-dcv4', 'dnswarden-us-uncensor-dcv4', 'meganerd', 'moulticast-fr-ipv4', 'moulticast-sg-ipv4', 'moulticast-uk-ipv4', 'plan9dns-fl', 'plan9dns-mx', 'plan9dns-nj', 'pryv8boi', 'pwoss.org-dnscrypt', 'resolver4.dns.openinternet.io', 'scaleway-ams', 'scaleway-fr', 'serbica', 'techsaviours.org-dnscrypt', 'v.dnscrypt.uk-ipv4']
+server_names = ['ams-dnscrypt-nl', 'd0wn-tz-ns1', 'dct-nl', 'dct-ru', 'dnscrypt.be', 'dnscrypt.pl', 'dnscrypt.uk-ipv4', 'dnswarden-uncensor-dc-swiss', 'meganerd', 'openinternet', 'plan9dns-fl', 'plan9dns-mx', 'plan9dns-nj', 'pryv8boi', 'sby-limotelu', 'scaleway-ams', 'scaleway-fr', 'serbica', 'techsaviours.org-dnscrypt', 'v.dnscrypt.uk-ipv4']
 
 
 ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
@@ -97,6 +97,13 @@ disabled_server_names = []
 force_tcp = true
 
 
+## Enable *experimental* support for HTTP/3 (DoH3, HTTP over QUIC)
+## Note that, like DNSCrypt but unlike other HTTP versions, this uses
+## UDP and (usually) port 443 instead of TCP.
+
+http3 = false
+
+
 ## SOCKS proxy
 ## Uncomment the following line to route all TCP connections to a local Tor node
 ## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
@@ -118,7 +125,7 @@ force_tcp = true
 timeout = 1000
 
 
-## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
+## Keepalive for HTTP (HTTPS, HTTP/2, HTTP/3) queries, in seconds
 
 keepalive = 30
 
@@ -181,6 +188,13 @@ blocked_query_response = 'refused'
 cert_refresh_delay = 240
 
 
+## Initially don't check DNSCrypt server certificates for expiration, and
+## only start checking them after a first successful connection to a resolver.
+## This can be useful on routers with no battery-backed clock.
+
+# cert_ignore_timestamp = false
+
+
 ## DNSCrypt: Create a new, unique key for every single DNS query
 ## This may improve privacy but can also have a significant impact on CPU usage
 ## Only enable if you don't have a lot of network load
@@ -193,24 +207,30 @@ dnscrypt_ephemeral_keys = true
 # tls_disable_session_tickets = false
 
 
-## DoH: Use a specific cipher suite instead of the server preference
+## DoH: Use TLS 1.2 and specific cipher suite instead of the server preference
 ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-##  4865 = TLS_AES_128_GCM_SHA256
-##  4867 = TLS_CHACHA20_POLY1305_SHA256
 ##
 ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
 ## the following suite improves performance.
 ## This may also help on Intel CPUs running 32-bit operating systems.
 ##
 ## Keep tls_cipher_suite empty if you have issues fetching sources or
-## connecting to some DoH servers. Google and Cloudflare are fine with it.
+## connecting to some DoH servers.
 
 # tls_cipher_suite = [52392, 49199]
 
 
+## Log TLS key material to a file, for debugging purposes only.
+## This file will contain the TLS master key, which can be used to decrypt
+## all TLS traffic to/from DoH servers.
+## Never ever enable except for debugging purposes with a tool such as mitmproxy.
+
+# tls_key_log_file = '/tmp/keylog.txt'
+
+
 ## Bootstrap resolvers
 ##
 ## These are normal, non-encrypted DNS resolvers, that will be only used
@@ -241,10 +261,20 @@ dnscrypt_ephemeral_keys = true
 ## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
 ## lists are up to date, these resolvers will not even be used.
 
-bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53']
+bootstrap_resolvers = ['45.11.45.11:53']
 
 
-## Always use the bootstrap resolver before the system DNS settings.
+## When internal DNS resolution is required, for example to retrieve
+## the resolvers list:
+##
+## - queries will be sent to dnscrypt-proxy itself, if it is already
+##   running with active servers (*)
+## - or else, queries will be sent to fallback servers
+## - finally, if `ignore_system_dns` is `false`, queries will be sent
+##   to the system DNS
+##
+## (*) this is incompatible with systemd sockets.
+## `listen_addrs` must not be empty.
 
 ignore_system_dns = true
 
@@ -267,7 +297,7 @@ netprobe_timeout = -1
 ## On other operating systems, the connection will be initialized
 ## but nothing will be sent at all.
 
-netprobe_address = '91.239.100.100:53'
+netprobe_address = '45.11.45.11:53'
 
 
 ## Offline mode - Do not use any remote encrypted servers.
@@ -318,6 +348,7 @@ block_ipv6 = true
 
 
 ## Immediately respond to A and AAAA queries for host names without a domain name
+## This also prevents "dotless domain names" from being resolved upstream.
 
 block_unqualified = true
 
@@ -439,6 +470,9 @@ cache_neg_max_ttl = 600
 
 
 ## Certificate file and key - Note that the certificate has to be trusted.
+## Can be generated using the following commands:
+## openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out ECPARAM.pem
+## openssl req -x509 -nodes -newkey ec:ECPARAM.pem -subj "/C=XZ/L=own PC/O=localhost/CN=localhost/" -days 5000 -sha256 -keyout localhost.pem -out localhost.pem
 ## See the documentation (wiki) for more information.
 
 # cert_file = 'localhost.pem'
@@ -663,16 +697,16 @@ allowed_ips_file = 'allowed-ips.txt'
 ## If the `urls` property is missing, cache files and valid signatures
 ## must already be present. This doesn't prevent these cache files from
 ## expiring after `refresh_delay` hours.
-## Cache freshness is checked every 24 hours, so values for 'refresh_delay'
-## of less than 24 hours will have no effect.
-## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness.
+## `refreshed_delay` must be in the [24..168] interval.
+## The minimum delay of 24 hours (1 day) avoids unnecessary requests to servers.
+## The maximum delay of 168 hours (1 week) ensures cache freshness.
 
 [sources]
 
   ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
 
   [sources.public-resolvers]
-    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
     cache_file = 'public-resolvers.md'
     minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
     refresh_delay = 72
@@ -681,7 +715,7 @@ allowed_ips_file = 'allowed-ips.txt'
   ### Anonymized DNS relays
 
   [sources.relays]
-    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md']
     cache_file = 'relays.md'
     minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
     refresh_delay = 72
@@ -690,13 +724,13 @@ allowed_ips_file = 'allowed-ips.txt'
   ### ODoH (Oblivious DoH) servers and relays
 
   # [sources.odoh-servers]
-  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
+  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
   #   cache_file = 'odoh-servers.md'
   #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
   #   refresh_delay = 24
   #   prefix = ''
   # [sources.odoh-relays]
-  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
+  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
   #   cache_file = 'odoh-relays.md'
   #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
   #   refresh_delay = 24
@@ -714,10 +748,19 @@ allowed_ips_file = 'allowed-ips.txt'
   ### This is a subset of the `public-resolvers` list, so enabling both is useless
 
   # [sources.parental-control]
-  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md']
+  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md']
   #   cache_file = 'parental-control.md'
   #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
 
+  ### dnscry.pt servers - See https://www.dnscry.pt
+
+  #  [sources.dnscry-pt-resolvers]
+  #    urls = ["https://www.dnscry.pt/resolvers.md"]
+  #    minisign_key = "RWQM31Nwkqh01x88SvrBL8djp1NH56Rb4mKLHz16K7qsXgEomnDv6ziQ"
+  #    cache_file = "dnscry.pt-resolvers.md"
+  #    refresh_delay = 72
+  #    prefix = "dnscry.pt-"
+
 
 
 #########################################
@@ -795,34 +838,25 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 ## in different countries, operated by different entities, on distinct ISPs...)
 
  routes = [
-    { server_name='acsacsar-ams-ipv4', via=['anon-meganerd', 'anon-scaleway-ams'] },
-    { server_name='altername', via=['anon-cs-poland', 'anon-sth-se'] },
     { server_name='ams-dnscrypt-nl', via=['anon-meganerd', 'anon-scaleway-ams'] },
     { server_name='d0wn-tz-ns1', via=['anon-arapurayil-in-ipv4', 'anon-cs-rome'] },
-    { server_name='dns.watch', via=['anon-cs-de', 'anon-techsaviours.org'] },
+    { server_name='dct-nl', via=['anon-meganerd', 'anon-scaleway-ams'] },
+    { server_name='dct-ru', via=['anon-cs-czech', 'anon-techsaviours.org'] },
     { server_name='dnscrypt.be', via=['anon-cs-belgium', 'anon-serbica'] },
-    { server_name='dnscrypt.ca-1', via=['anon-cs-montreal', 'anon-inconnu'] },
-    { server_name='dnscrypt.ca-2', via=['anon-cs-montreal2', 'anon-inconnu'] },
-    { server_name='dnscrypt.eu-nl', via=['anon-meganerd', 'anon-scaleway-ams'] },
     { server_name='dnscrypt.pl', via=['anon-cs-poland', 'anon-techsaviours.org'] },
     { server_name='dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] },
-    { server_name='dnswarden-asia-uncensor-dcv4', via=['anon-saldnssg01-conoha-ipv4', 'anon-tiarap'] },
-    { server_name='dnswarden-eu-uncensor-dcv4', via=['anon-cs-de', 'anon-techsaviours.org'] },
-    { server_name='dnswarden-us-uncensor-dcv4', via=['anon-cs-tx', 'anon-plan9-ns2'] },
-    { server_name='meganerd', via=['anon-acsacsar-ams-ipv4', 'anon-scaleway-ams'] },
-    { server_name='moulticast-fr-ipv4', via=['anon-cs-fr', 'anon-kama'] },
-    { server_name='moulticast-sg-ipv4', via=['anon-saldnssg01-conoha-ipv4', 'anon-tiarap'] },
-    { server_name='moulticast-uk-ipv4', via=['anon-cs-london', 'anon-dnscrypt.uk-ipv4'] },
-    { server_name='plan9dns-fl', via=['anon-cs-fl', 'anon-inconnu'] },
-    { server_name='plan9dns-mx', via=['anon-cs-tx2', 'anon-inconnu'] },
+    { server_name='dnswarden-uncensor-dc-swiss', via=['anon-cs-fr', 'anon-kama'] },
+    { server_name='meganerd', via=['anon-scaleway-ams', 'anon-serbica'] },
+    { server_name='openinternet', via=['anon-cs-sea', 'anon-inconnu'] },
+    { server_name='plan9dns-fl', via=['anon-cs-tx', 'anon-inconnu'] },
+    { server_name='plan9dns-mx', via=['anon-cs-tx', 'anon-inconnu'] },
     { server_name='plan9dns-nj', via=['anon-cs-nyc1', 'anon-inconnu'] },
-    { server_name='pryv8boi', via=['anon-cs-de', 'anon-techsaviours.org'] },
-    { server_name='pwoss.org-dnscrypt', via=['anon-cs-de', 'anon-techsaviours.org'] },
-    { server_name='resolver4.dns.openinternet.io', via=['anon-cs-montreal', 'anon-inconnu'] },
+    { server_name='pryv8boi', via=['anon-cs-dus1', 'anon-techsaviours.org'] },
+    { server_name='sby-limotelu', via=['anon-cs-sydney', 'anon-tiarap'] },
     { server_name='scaleway-ams', via=['anon-meganerd', 'anon-serbica'] },
     { server_name='scaleway-fr', via=['anon-cs-fr', 'anon-dnscrypt.uk-ipv4'] },
-    { server_name='serbica', via=['anon-acsacsar-ams-ipv4', 'anon-scaleway-ams'] },
-    { server_name='techsaviours.org-dnscrypt', via=['anon-cs-de', 'anon-pwoss.org'] },
+    { server_name='serbica', via=['anon-cs-nl', 'anon-scaleway-ams'] },
+    { server_name='techsaviours.org-dnscrypt', via=['anon-cs-berlin', 'anon-dnswarden-swiss'] },
     { server_name='v.dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] }
 #    { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
 #    { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }

customize.sh

@@ -1,9 +1,9 @@
   ui_print " "
   ui_print "******************************"
   ui_print "*   dnscrypt-proxy-android   *"
-  ui_print "*           2.1.1-3          *"
+  ui_print "*            2.1.5           *"
   ui_print "******************************"
-  ui_print "*         quindecim          *"
+  ui_print "*            d3cim           *"
   ui_print "******************************"
   ui_print " "
 
@@ -58,6 +58,10 @@ ui_print "* Setting up the right permissions to the dnscrypt-proxy binary file."
 set_perm_recursive $MODPATH 0 0 0755 0755
 set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755
 
+# Set Private DNS mode off
+ui_print "* Disabling Android 9+ Private DNS mode."
+settings put global private_dns_mode off
+
 # Cleanup unneeded binary files
 ui_print "* Cleaning up the unnecessary files."
 rm -r $MODPATH/binary

module.prop

@@ -1,7 +1,7 @@
 id=dnscrypt-proxy-android
 name=DNSCrypt-Proxy 2
-version=2.1.1-3
-versionCode=21103
-author=quindecim
-description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). Using dnscrypt-proxy 2.1.1
-updateJson=https://raw.githubusercontent.com/quindecim/dnscrypt-proxy-android/master/update.json
+version=2.1.5
+versionCode=210500
+author=d3cim
+description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). Using dnscrypt-proxy 2.1.5
+updateJson=https://raw.githubusercontent.com/d3cim/dnscrypt-proxy-android/master/update.json

post-fs-data.sh

@@ -8,7 +8,14 @@ MODDIR=${0%/*}
 
 # This script will be executed in post-fs-data mode
 
-iptables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-iptables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-# ip6tables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination [::1]:5354
-# ip6tables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination [::1]:5354
+# Redirect DNS requests to localhost
+iptables -t nat -A OUTPUT -p tcp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+iptables -t nat -A OUTPUT -p udp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+# ip6tables -t nat -A OUTPUT -p tcp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination [::1]:5354
+# ip6tables -t nat -A OUTPUT -p udp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination [::1]:5354
+
+# Force disable IPv6 OS connections
+resetprop net.ipv6.conf.all.accept_redirects 0
+resetprop net.ipv6.conf.all.disable_ipv6 1
+resetprop net.ipv6.conf.default.accept_redirects 0
+resetprop net.ipv6.conf.default.disable_ipv6 1

update.json

@@ -1,6 +1,6 @@
 {
-    "version": "2.1.1-3",
-    "versionCode": 21103,
-    "zipUrl": "https://github.com/quindecim/dnscrypt-proxy-android/releases/download/2.1.1-3/dnscrypt-proxy-android-v2.1.1-3.zip",
-    "changelog": "https://raw.githubusercontent.com/quindecim/dnscrypt-proxy-android/master/CHANGELOG.md"
+    "version": "2.1.5",
+    "versionCode": 210500,
+    "zipUrl": "https://github.com/d3cim/dnscrypt-proxy-android/releases/download/2.1.5/dnscrypt-proxy-android-v2.1.5.zip",
+    "changelog": "https://raw.githubusercontent.com/d3cim/dnscrypt-proxy-android/2.1.5/CHANGELOG.md"
 }