Compare commits

..

No commits in common. "master" and "2.1.1-3" have entirely different histories.

17 changed files with 99 additions and 306 deletions

View File

@ -1,168 +1,7 @@
# Changelog # Changelog
## unreleased ## unreleased
### Changed -
- `dct-nl1` name resolver to `dct-nl`.
- `dct-ru1` name resolver to `dct-ru`.
- Optimized relays.
### Removed
- `dct-at1` resolver (ceased).
- `dnscrypt.ca-1` resolver (ceased).
- `dnscrypt.ca-2` resolver (ceased).
## 2.1.5
### Upstream
- dnscrypt-proxy can be compiled with Go 1.21.0+
- Responses to blocked queries now include extended error codes
- Reliability of connections using HTTP/3 has been improved
- New configuration directive: `tls_key_log_file`. When defined, this
is the path to a file where TLS secret keys will be written to, so
that DoH traffic can be locally inspected.
### Changed
- Optimized relays.
### Removed
- `altername` resolver (temporarily down).
- `dct-de1` resolver (ceased).
- `dns.watch` resolver (unresponsive).
- `starrydns` resolver (ceased).
## 2.1.4
### Upstream
- Fixes a regression from version 2.1.3: when cloaking was enabled,
blocked responses were returned for records that were not A/AAAA/PTR
even for names that were not in the cloaked list.
### Added
- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia).
## 2.1.3
### Upstream
- DNS-over-HTTP/3 (QUIC) should be more reliable. In particular,
version 2.1.2 required another (non-QUIC) resolver to be present for
bootstrapping, or the resolver's IP address to be present in the
stamp. This is not the case any more.
- dnscrypt-proxy is now compatible with Go 1.20+
- Commands (-check, -show-certs, -list, -list-all) now ignore log
files and directly output the result to the standard output.
- The `cert_ignore_timestamp` configuration switch is now documented.
It allows ignoring timestamps for DNSCrypt certificate verification,
until a first server is available. This should only be used on devices
that don't have any ways to set the clock before DNS service is up.
However, a safer alternative remains to use an NTP server with a fixed
IP address (such as time.google.com), configured in the captive portals
file.
- Cloaking: when a name is cloaked, unsupported record types now
return a blocked response rather than the actual records.
- systemd: report Ready earlier as dnscrypt-proxy can itself manage
retries for updates/refreshes.
### Added
- Script in `customize.sh` file for automatically disable Private DNS feature.
- `dct-nl1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Naaldwijk, Netherlands).
- `openinternet` resolver (DNSCrypt resolver colocated at Sonic.net in Santa Rosa, CA in the United States. No log, no filter, DNSSEC. Provided by https://openinternet.io).
### Changed
- Optimized relays.
### Removed
- `acsacsar-ams-ipv4` resolver (unresponsive).
- `dct-ru1` resolver (unresponsive).
- `dnscrypt.eu-nl` resolver (ceased).
- `dotya.ml` resolver (unresponsive).
- `resolver4.dns.openinternet.io` resolver (changed).
- `sgp-dn53` resolver (unresponsive).
### Fixed
- Show the correct changelog version in Magisk app.
## 2.1.2.4
### Added
- Automatic redirections in `post-fs-data.sh` file.
### Changed
- Use a more modern [DNS.SB](https://dns.sb/) as `bootstrap_resolvers`.
## 2.1.2.3
### Changed
- Use [DNS.SB](https://dns.sb/) as `bootstrap_resolvers`.
- Use [DNS.SB](https://dns.sb/) as `netprobe_address`.
### Removed
- Automatic redirections in `post-fs-data.sh` file.
## 2.1.2.2
### Fixed
- Forgotten scripts in `post-fs-data` file (it prevent using bootstrap resolvers correctly).
## 2.1.2.1
### Added
- `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria).
- `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany).
- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia).
- `dnswarden-uncensor-dc-swiss` resolver (Hosted in Switzerland. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
- `dotya.ml` resolver (Free, uncensored, DNSSEC-validated, non-logging DNSCrypt server hosted in Nuremberg, Germany on Contabo servers. Operated by dotya.ml, configs live [here](https://git.dotya.ml/dotya.ml/dnscrypt-server)).
- `sby-limotelu` resolver (non-censoring, non-logging, DNSSEC-capable Hosted in Surabaya, Indonesia (Dnscrypt) https://limotelu.org maintained by [poentodewo](https://github.com/poentodewo)).
- `sgp-dn53` resolver (non-censoring, non-logging, DNSSEC-capable Hosted in Singapore (Dnscrypt) https://limotelu.org maintained by [poentodewo](https://github.com/poentodewo)).
- `starrydns` resolver (DNSCrypt server in Singapore, no filter, no logs, DNSSEC support).
### Changed
- Optimized relays.
- Use [dns.watch](https://dns.watch/) `resolver1` and `resolver2` as `bootstrap_resolvers`.
- Use [dns.watch](https://dns.watch/) `resolver1` as `netprobe_address`.
### Removed
- `breddns` resolver (unresponsive).
- `dnswarden-uncensor-fr1-dc` resolver (changed).
- `dnswarden-uncensor-ind1-dc` resolver (changed).
- `dnswarden-uncensor-sg1-dc` resolver (changed).
- `dnswarden-uncensor-us1-dc` resolver (changed).
- `moulticast-fr-ipv4` resolver (unresponsive).
- `moulticast-sg-ipv4` resolver (unresponsive).
- `moulticast-uk-ipv4` resolver (unresponsive).
- `pwoss.org-dnscrypt` resolver (unresponsive).
## 2.1.2
### Upstream
- Support for DoH over HTTP/3 (DoH3, HTTP over QUIC) has been added.
Compatible servers will automatically use it. Note that QUIC uses UDP
(usually over port 443, like DNSCrypt) instead of TCP.
- In previous versions, memory usage kept growing due to channels not
being properly closed, causing goroutines to pile up. This was fixed,
resulting in an important reduction of memory usage. Thanks to
@lifenjoiner for investigating and fixing this!
- DNS64: `CNAME` records are now translated like other responses.
Thanks to @ignoramous for this!
- A relay whose name has been configured, but doesn't exist in the
list of available relays is now a hard error. Thanks to @lifenjoiner!
- Mutexes/locking: bug fixes and improvements, by @ignoramous
- Official packages now include linux/riscv64 builds.
- `dnscrypt-proxy -resolve` now reports if ECS (EDNS-clientsubnet) is
supported by the server.
- `dnscrypt-proxy -list` now includes ODoH (Oblivious DoH) servers.
- Local DoH: queries made using the `GET` method are now handled.
- The service can now be installed on OpenRC-based systems.
- `PTR` queries are now supported for cloaked domains. Contributed by
Ian Bashford, thanks!
### Added
- Scripts in `post-fs-data.sh` file for force disable IPv6 connections at OS level, preventing possible leaks.
- `breddns` resolver (Non-logging DNSCrypt server located in Luxembourg, operated by @tmclo).
- `dnswarden-uncensor-fr1-dc` resolver (Hosted in France. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
- `dnswarden-uncensor-ind1-dc` resolver (Hosted in India. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
- `dnswarden-uncensor-sg1-dc` resolver (Hosted in Singapore. For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
- `dnswarden-uncensor-us1-dc` resolver (Hosted in USA (Dallas). For more information look [here](https://github.com/bhanupratapys/dnswarden) or [here](https://dnswarden.com)).
### Changed
- Adjusted `versionCode` in `module.prop` file (more easy share beta and manage minor dnscrypt-proxy versions with two digits).
- Optimized relays.
### Removed
- `dnswarden-asia-uncensor-dcv4` resolver (changed).
- `dnswarden-eu-uncensor-dcv4` resolver (changed).
- `dnswarden-us-uncensor-dcv4` resolver (changed).
## 2.1.1-3 ## 2.1.1-3
### Added ### Added
@ -202,8 +41,8 @@ Ian Bashford, thanks!
### Added ### Added
- `uninstall.sh` file for `dnscrypt-proxy` folder removal after module uninstallation (Android 7 and below at the moment). - `uninstall.sh` file for `dnscrypt-proxy` folder removal after module uninstallation (Android 7 and below at the moment).
- `update.json` file for enable the new auto-update feature from `Magisk v24+`. - `update.json` file for enable the new auto-update feature from `Magisk v24+`.
- `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria). - `dct-at1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Vienna, Austria.).
- `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany). - `dct-de1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Düsseldorf, Germany.).
- `dns.digitalsize.net` resolver (A public, non-tracking, non-filtering DNS resolver with DNSSEC enabled and hosted in Germany (https://dns.digitalsize.net)). - `dns.digitalsize.net` resolver (A public, non-tracking, non-filtering DNS resolver with DNSSEC enabled and hosted in Germany (https://dns.digitalsize.net)).
- `dnswarden-asia-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Singapore. by Bhanu Pratap). - `dnswarden-asia-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Singapore. by Bhanu Pratap).
- `dnswarden-eu-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Germany. by Bhanu Pratap). - `dnswarden-eu-uncensor-dcv4` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Germany. by Bhanu Pratap).
@ -258,10 +97,10 @@ clarity. Please update your configuration file accordingly.
- UncensoredDNS (Unicast) in addition to UncensoredDNS (Anycast) as `bootstrap_resolvers`. - UncensoredDNS (Unicast) in addition to UncensoredDNS (Anycast) as `bootstrap_resolvers`.
- `ams-dnscrypt-nl` resolver (Resolver in Amsterdam. Dnscrypt protocol. Non-logging, non-filtering, DNSSEC). - `ams-dnscrypt-nl` resolver (Resolver in Amsterdam. Dnscrypt protocol. Non-logging, non-filtering, DNSSEC).
- `altername` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, EmerDNS | Location: Moscow, Russia). - `altername` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, EmerDNS | Location: Moscow, Russia).
- `dama.no-osl-s04` resolver (DNSCrypt server located in Oslo/Norway. Link-speed 100 Mbit/s. Non-censoring, non-logging, DNSSEC-capable). - `dama.no-osl-s04` resolver (DNSCrypt server located in Oslo/Norway. Link-speed 100 Mbit/s. Non-censoring, non-logging, DNSSEC-capable.).
- `dama.no-sa-a80` resolver (DNSCrypt Server located in Sandefjord/Norway. non-censoring, non-logging, DNSSEC-capable). - `dama.no-sa-a80` resolver (DNSCrypt Server located in Sandefjord/Norway. non-censoring, non-logging, DNSSEC-capable).
- `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Saint Petersburg, Russia). - `dct-ru1` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Saint Petersburg, Russia.).
- `dct-ru2` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia). - `dct-ru2` resolver (DNSCrypt | IPv4 only | Non-logging | Non-filtering | DNSSEC | Moscow, Russia.).
- `dns.watch` resolver (Free, uncensored, non-logging server in Germany. https://dns.watch). - `dns.watch` resolver (Free, uncensored, non-logging server in Germany. https://dns.watch).
- `gombadi-syd` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, Unbound | Location: Sydney, AU). - `gombadi-syd` resolver (Protocol: DNSCrypt IPv4 | Features: Non-logging, Non-filtering, DNSSEC, Unbound | Location: Sydney, AU).
- `kenshiro` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Amsterdam. by lucenera). - `kenshiro` resolver (dnscrypt-server. No logging, No filtering, support DNSSEC, located in Amsterdam. by lucenera).
@ -339,13 +178,13 @@ relays and parental-control.
- `allowed-ips.txt` and `blocked-ips.txt` files (as placeholder). - `allowed-ips.txt` and `blocked-ips.txt` files (as placeholder).
- Cleanup unneeded binary files after the installation. - Cleanup unneeded binary files after the installation.
- `acsacsar-ams-ipv4` resolver (Public non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver hosted on Scaleway by [acsacsar](https://nitter.net/acsacsar)). - `acsacsar-ams-ipv4` resolver (Public non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver hosted on Scaleway by [acsacsar](https://nitter.net/acsacsar)).
- `arvind-io` resolver (Public resolver by EnKrypt (https://arvind.io). Hosted in Bangalore, India. Non-logging, non-filtering, supports DNSSEC). - `arvind-io` resolver (Public resolver by EnKrypt (https://arvind.io). Hosted in Bangalore, India. Non-logging, non-filtering, supports DNSSEC.).
- `bcn-dnscrypt` resolver (Resolver in Barcelona, Spain. DNSCrypt protocol. Non-logging, non-filtering, DNSSEC). - `bcn-dnscrypt` resolver (Resolver in Barcelona, Spain. DNSCrypt protocol. Non-logging, non-filtering, DNSSEC.).
- `d0wn-tz-ns1` resolver (Server provided by Martin 'd0wn' Albus) Hosted by Aptus Solutions Ltd. in Tanzania. - `d0wn-tz-ns1` resolver (Server provided by Martin 'd0wn' Albus) Hosted by Aptus Solutions Ltd. in Tanzania.
- `dnscrypt.be` resolver (Resolver in Leuven, Belgium (UCLL Campus Proximus). Non-logging/DNSSEC/Uncensored. https://dnscrypt.be - `dnscrypt.be` resolver (Resolver in Leuven, Belgium (UCLL Campus Proximus). Non-logging/DNSSEC/Uncensored. https://dnscrypt.be
Maintained by Sigfried (https://sigfried.be) hosted by ISW Leuven (https://iswleuven.be)). Maintained by Sigfried (https://sigfried.be) hosted by ISW Leuven (https://iswleuven.be)).
- `dnscrypt.ca-1` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure). - `dnscrypt.ca-1` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure.).
- `dnscrypt.ca-2` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure). - `dnscrypt.ca-2` resolver (Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated. DNS service for your pleasure.).
- `dnscrypt.one` resolver (Non-logging, non-censoring, DNSSEC-capable DNSCrypt resolver hosted in Germany (Nuremberg), https://dnscrypt.one). - `dnscrypt.one` resolver (Non-logging, non-censoring, DNSSEC-capable DNSCrypt resolver hosted in Germany (Nuremberg), https://dnscrypt.one).
- `dnscrypt.pl` resolver (Free | No filtering | Zero logs | DNSSEC | Poland | https://dnscrypt.pl/). - `dnscrypt.pl` resolver (Free | No filtering | Zero logs | DNSSEC | Poland | https://dnscrypt.pl/).
- `ev-canada` resolver (Non-logging, uncensored DNS resolver provided by evilvibes.com Location: Vancouver, Canada). - `ev-canada` resolver (Non-logging, uncensored DNS resolver provided by evilvibes.com Location: Vancouver, Canada).
@ -408,15 +247,15 @@ forced to use TCP.
## 2.0.42-3 ## 2.0.42-3
### Added ### Added
- `DROP` properly IPv6 queries in `post-fs-data.sh` file (no more DNS leaks this time). - `DROP` properly `IPv6` queries in `post-fs-data.sh` file (no more DNS leaks this time).
## 2.0.42-2 ## 2.0.42-2
### Added ### Added
- 2nd attempt to `DROP` IPv6 queries in `post-fs-data.sh` file. - 2nd attempt to `DROP` `IPv6` queries in `post-fs-data.sh` file.
## 2.0.42-1 ## 2.0.42-1
### Added ### Added
- 1st attempt to `DROP` IPv6 queries in `post-fs-data.sh` file. - 1st attempt to `DROP` `IPv6` queries in `post-fs-data.sh` file.
- `whitelist.txt` file (as placeholder, once the blacklist goes public). - `whitelist.txt` file (as placeholder, once the blacklist goes public).
- `meganerd` resolver (Non-logging, non-filtering, supports DNSSEC by MegaNerd.nl). - `meganerd` resolver (Non-logging, non-filtering, supports DNSSEC by MegaNerd.nl).

View File

@ -632,7 +632,7 @@ state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found. the "copyright" line and a pointer to where the full notice is found.
dnscrypt-proxy-android dnscrypt-proxy-android
Copyright (C) 2020-2023, d3cim Copyright (C) 2020-2022, quindecim
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode: notice like this when it starts in an interactive mode:
dnscrypt-proxy-android Copyright (C) 2020-2023, d3cim dnscrypt-proxy-android Copyright (C) 2020-2022, quindecim
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details. under certain conditions; type `show c' for details.

View File

@ -1,7 +1,7 @@
# DNSCrypt Proxy 2 for Android # DNSCrypt Proxy 2 for Android
![GitHub release (latest by date)](https://img.shields.io/github/v/release/d3cim/dnscrypt-proxy-android?style=for-the-badge) ![GitHub release (latest by date)](https://img.shields.io/github/v/release/quindecim/dnscrypt-proxy-android?style=for-the-badge)
![GitHub all releases](https://img.shields.io/github/downloads/d3cim/dnscrypt-proxy-android/total?style=for-the-badge) ![GitHub all releases](https://img.shields.io/github/downloads/quindecim/dnscrypt-proxy-android/total?style=for-the-badge)
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) and [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md). A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) and [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md).
@ -22,7 +22,7 @@ All the binary files are downloaded from the [official release page](https://git
## Differences from the main project ## Differences from the main project
- `server_names` = `ams-dnscrypt-nl` [NLD], `d0wn-tz-ns1` [TZA], `dct-nl` [NLD], `dct-ru` [RUS], `dnscrypt.be` [BEL], `dnscrypt.pl` [POL], `dnscrypt.uk-ipv4` [GBR], `dnswarden-uncensor-dc-swiss` [CHE], `meganerd` [NLD], `openinternet` [USA], `plan9dns-fl` [USA], `plan9dns-mx` [MEX], `plan9dns-nj` [USA], `pryv8boi` [DEU], `sby-limotelu` [IDN], `scaleway-ams` [NLD], `scaleway-fr` [FRA], `serbica` [NLD], `techsaviours.org-dnscrypt` [DEU], `v.dnscrypt.uk-ipv4` [GBR] are the resolvers in use. - `server_names` = `acsacsar-ams-ipv4` [NLD], `altername` [RUS], `ams-dnscrypt-nl` [NLD], `d0wn-tz-ns1` [TZA], `dns.watch` [DEU], `dnscrypt.be` [BEL], `dnscrypt.ca-1` [CAN], `dnscrypt.ca-2` [CAN], `dnscrypt.eu-nl` [NLD], `dnscrypt.pl` [POL], `dnscrypt.uk-ipv4` [GBR], `dnswarden-asia-uncensor-dcv4` [SGP], `dnswarden-eu-uncensor-dcv4` [DEU], `dnswarden-us-uncensor-dcv4` [USA], `meganerd` [NLD], `moulticast-fr-ipv4` [FRA], `moulticast-sg-ipv4` [SGP], `moulticast-uk-ipv4` [GBR], `plan9dns-fl` [USA], `plan9dns-mx` [MEX], `plan9dns-nj` [USA], `pryv8boi` [DEU], `pwoss.org-dnscrypt` [DEU], `resolver4.dns.openinternet.io` [USA], `scaleway-ams` [NLD], `scaleway-fr` [FRA], `serbica` [NLD], `techsaviours.org-dnscrypt` [DEU], `v.dnscrypt.uk-ipv4` [GBR] are the resolvers in use.
- `doh_servers = false` (disable servers implementing the `DNS-over-HTTPS` protocol) - `doh_servers = false` (disable servers implementing the `DNS-over-HTTPS` protocol)
@ -38,13 +38,13 @@ All the binary files are downloaded from the [official release page](https://git
- `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query) - `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query)
- `bootstrap_resolvers = ['45.11.45.11:53']` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln)) - `bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53']` (use [UncensoredDNS (Anycast & Unicast)](https://blog.uncensoreddns.org/) instead [CloudFlare](https://archive.today/tS1Ln))
- `netprobe_address = '45.11.45.11:53'` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln)) - `netprobe_address = '91.239.100.100:53'` (use [UncensoredDNS (Anycast)](https://blog.uncensoreddns.org/) instead [CloudFlare](https://archive.today/tS1Ln))
- `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response) - `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response)
- `blocked-names.txt`, `blocked-ips.txt`, `allowed-names.txt` and `allowed-ips.txt` files enabled. (to know more specifics about this, please refer to the [Filters (optional)](https://github.com/d3cim/dnscrypt-proxy-android#filters-optional) section below) - `blocked-names.txt`, `blocked-ips.txt`, `allowed-names.txt` and `allowed-ips.txt` files enabled. (to know more specifics about this, please refer to the [Filters (optional)](https://github.com/quindecim/dnscrypt-proxy-android#filters-optional) section below)
- `anonymized_dns` feature enabled. (`routes` are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned) - `anonymized_dns` feature enabled. (`routes` are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)
@ -54,7 +54,7 @@ All the binary files are downloaded from the [official release page](https://git
## Installation ## Installation
**1.** Download the latest `dnscrypt-proxy-android-*.zip` file from the [Releases](https://github.com/d3cim/dnscrypt-proxy-android/releases/latest) page and flash it with [Magisk](https://github.com/topjohnwu/Magisk): **1.** Download the latest `dnscrypt-proxy-android-*.zip` file from the [Releases](https://github.com/quindecim/dnscrypt-proxy-android/releases/latest) page and flash it with [Magisk](https://github.com/topjohnwu/Magisk):
``` ```
Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip
@ -74,23 +74,22 @@ For a more detailed configuration you can refer to the [official documentation](
Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load. Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.
This [module](https://github.com/d3cim/dnscrypt-proxy-android) comes with the [filtering feature](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters) enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of `dnscrypt-proxy` service.\ This [module](https://github.com/quindecim/dnscrypt-proxy-android) comes with the [filtering feature](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters) enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of `dnscrypt-proxy` service.\
To know more about it you can consult the [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters), or in a simpler way through my [block repository](https://github.com/d3cim/block). To know more about it you can consult the [official documentation](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters), or in a simpler way through my [block repository](https://github.com/quindecim/block).
I'm also providing the `allowed-names.txt` and `blocked-names.txt` files regularly updated at [dnscrypt-proxy-filters | CHANNEL](https://t.me/dnscrypt_proxy_filters). The [sources](https://github.com/d3cim/block#sources) used for this merge are among the hardest on the web. I'm also providing the `allowed-names.txt` and `blocked-names.txt` files regularly updated at [dnscrypt-proxy-filters | CHANNEL](https://t.me/dnscrypt_proxy_filters). The [sources](https://github.com/quindecim/block#sources) used for this merge are among the hardest on the web.
You can contribute to this blocklist at anytime, opening a [New Issue](https://github.com/d3cim/dnscrypt-proxy-android/issues) here or simply reporting the issue at [dnscrypt-proxy-filters | CHAT](https://t.me/qd_invitations) on [Telegram](https://telegram.org/). You can contribute to this blocklist at anytime, opening a [New Issue](https://github.com/quindecim/dnscrypt-proxy-android/issues) here or simply reporting the issue at [dnscrypt-proxy-filters | CHAT](https://t.me/qd_invitations) on [Telegram](https://telegram.org/).
## Changelog ## Changelog
- See [CHANGELOG](https://github.com/d3cim/dnscrypt-proxy-android/blob/master/CHANGELOG.md). - See [CHANGELOG](https://github.com/quindecim/dnscrypt-proxy-android/blob/master/CHANGELOG.md).
## Version numbers ## Version numbers
dnscrypt-proxy-android tags follow the format `{dnscrypt-proxy_version}.{revision}` where dnscrypt-proxy-android version numbers consist of 4 parts: `MAJOR.MINOR.BUILD-PATCH`.
* `dnscrypt-proxy_version` is the version of dnscrypt-proxy used in `x.x.x` format, and `MAJOR`, `MINOR` and `BUILD` will be updated according to the main project, these values will always be in sync with it. `PATCH` is an optional value that will be set on my side when I release a build before the original project.
* `revision` is a number indicating the version of dnscrypt-proxy-android for the corresponding dnscrypt-proxy version.
## Donations ## Donations

BIN
binary/dnscrypt-proxy-arm Executable file → Normal file

Binary file not shown.

BIN
binary/dnscrypt-proxy-arm64 Executable file → Normal file

Binary file not shown.

BIN
binary/dnscrypt-proxy-i386 Executable file → Normal file

Binary file not shown.

BIN
binary/dnscrypt-proxy-x86_64 Executable file → Normal file

Binary file not shown.

View File

@ -1,6 +1,6 @@
ISC License ISC License
Copyright (c) 2018-2023, Frank Denis <j at pureftpd dot org> Copyright (c) 2018-2022, Frank Denis <j at pureftpd dot org>
Permission to use, copy, modify, and/or distribute this software for any Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above purpose with or without fee is hereby granted, provided that the above

View File

@ -3,10 +3,10 @@
# IP allowlist # # IP allowlist #
############################## ##############################
## Author : d3cim : https://github.com/d3cim ## Author : quindecim : https://github.com/quindecim
## https://git.nixnet.services/d3cim ## https://git.nixnet.services/quindecim
## ##
## License : GPLv3 : https://github.com/d3cim/block/blob/master/LICENSE.md ## License : GPLv3 : https://github.com/quindecim/block/blob/master/LICENSE.md
## ##
## ##
## DO NOT DELETE THIS FILE !! ## DO NOT DELETE THIS FILE !!
@ -14,4 +14,4 @@
## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it. ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
## ##
## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
## https://github.com/d3cim/block ## https://github.com/quindecim/block

View File

@ -3,10 +3,10 @@
# Allowlist # # Allowlist #
########################### ###########################
## Author : d3cim : https://github.com/d3cim ## Author : quindecim : https://github.com/quindecim
## https://git.nixnet.services/d3cim ## https://git.nixnet.services/quindecim
## ##
## License : GPLv3 : https://github.com/d3cim/block/blob/master/LICENSE.md ## License : GPLv3 : https://github.com/quindecim/block/blob/master/LICENSE.md
## ##
## ##
## DO NOT DELETE THIS FILE !! ## DO NOT DELETE THIS FILE !!
@ -14,4 +14,4 @@
## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it. ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
## ##
## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
## https://github.com/d3cim/block ## https://github.com/quindecim/block

View File

@ -3,12 +3,12 @@
# IP blocklist # # IP blocklist #
############################## ##############################
## Author : d3cim : https://github.com/d3cim ## Author : quindecim : https://github.com/quindecim
## https://git.nixnet.services/d3cim ## https://git.nixnet.services/quindecim
## ##
## Based on : DNSCrypt : Rebind Protection : https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebind-protection ## Based on : DNSCrypt : Rebind Protection : https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebind-protection
## ##
## License : GPLv3 : https://github.com/d3cim/block/blob/master/LICENSE.md ## License : GPLv3 : https://github.com/quindecim/block/blob/master/LICENSE.md
## ##
## ##
## DO NOT DELETE THIS FILE !! ## DO NOT DELETE THIS FILE !!
@ -16,7 +16,7 @@
## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it. ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
## ##
## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
## https://github.com/d3cim/block ## https://github.com/quindecim/block
# Blocklist from [https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebinding-protection] # Blocklist from [https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#dns-rebinding-protection]
# Localhost rebind protection # Localhost rebind protection

View File

@ -3,10 +3,10 @@
# Blocklist # # Blocklist #
########################### ###########################
## Author : d3cim : https://github.com/d3cim ## Author : quindecim : https://github.com/quindecim
## https://git.nixnet.services/d3cim ## https://git.nixnet.services/quindecim
## ##
## License : GPLv3 : https://github.com/d3cim/block/blob/master/LICENSE.md ## License : GPLv3 : https://github.com/quindecim/block/blob/master/LICENSE.md
## ##
## ##
## DO NOT DELETE THIS FILE !! ## DO NOT DELETE THIS FILE !!
@ -14,4 +14,4 @@
## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it. ## This file is required by dnscrypt-proxy to work properly, you can use it to filter your content on the web, otherwise forget about it.
## ##
## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters ## More info at: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters
## https://github.com/d3cim/block ## https://github.com/quindecim/block

View File

@ -29,7 +29,7 @@
## ##
## Remove the leading # first to enable this; lines starting with # are ignored. ## Remove the leading # first to enable this; lines starting with # are ignored.
server_names = ['ams-dnscrypt-nl', 'd0wn-tz-ns1', 'dct-nl', 'dct-ru', 'dnscrypt.be', 'dnscrypt.pl', 'dnscrypt.uk-ipv4', 'dnswarden-uncensor-dc-swiss', 'meganerd', 'openinternet', 'plan9dns-fl', 'plan9dns-mx', 'plan9dns-nj', 'pryv8boi', 'sby-limotelu', 'scaleway-ams', 'scaleway-fr', 'serbica', 'techsaviours.org-dnscrypt', 'v.dnscrypt.uk-ipv4'] server_names = ['acsacsar-ams-ipv4', 'altername', 'ams-dnscrypt-nl', 'd0wn-tz-ns1', 'dns.watch', 'dnscrypt.be', 'dnscrypt.ca-1', 'dnscrypt.ca-2', 'dnscrypt.eu-nl', 'dnscrypt.pl', 'dnscrypt.uk-ipv4', 'dnswarden-asia-uncensor-dcv4', 'dnswarden-eu-uncensor-dcv4', 'dnswarden-us-uncensor-dcv4', 'meganerd', 'moulticast-fr-ipv4', 'moulticast-sg-ipv4', 'moulticast-uk-ipv4', 'plan9dns-fl', 'plan9dns-mx', 'plan9dns-nj', 'pryv8boi', 'pwoss.org-dnscrypt', 'resolver4.dns.openinternet.io', 'scaleway-ams', 'scaleway-fr', 'serbica', 'techsaviours.org-dnscrypt', 'v.dnscrypt.uk-ipv4']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
@ -97,13 +97,6 @@ disabled_server_names = []
force_tcp = true force_tcp = true
## Enable *experimental* support for HTTP/3 (DoH3, HTTP over QUIC)
## Note that, like DNSCrypt but unlike other HTTP versions, this uses
## UDP and (usually) port 443 instead of TCP.
http3 = false
## SOCKS proxy ## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node ## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well. ## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
@ -125,7 +118,7 @@ http3 = false
timeout = 1000 timeout = 1000
## Keepalive for HTTP (HTTPS, HTTP/2, HTTP/3) queries, in seconds ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
keepalive = 30 keepalive = 30
@ -188,13 +181,6 @@ blocked_query_response = 'refused'
cert_refresh_delay = 240 cert_refresh_delay = 240
## Initially don't check DNSCrypt server certificates for expiration, and
## only start checking them after a first successful connection to a resolver.
## This can be useful on routers with no battery-backed clock.
# cert_ignore_timestamp = false
## DNSCrypt: Create a new, unique key for every single DNS query ## DNSCrypt: Create a new, unique key for every single DNS query
## This may improve privacy but can also have a significant impact on CPU usage ## This may improve privacy but can also have a significant impact on CPU usage
## Only enable if you don't have a lot of network load ## Only enable if you don't have a lot of network load
@ -207,30 +193,24 @@ dnscrypt_ephemeral_keys = true
# tls_disable_session_tickets = false # tls_disable_session_tickets = false
## DoH: Use TLS 1.2 and specific cipher suite instead of the server preference ## DoH: Use a specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
## 4865 = TLS_AES_128_GCM_SHA256
## 4867 = TLS_CHACHA20_POLY1305_SHA256
## ##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance. ## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems. ## This may also help on Intel CPUs running 32-bit operating systems.
## ##
## Keep tls_cipher_suite empty if you have issues fetching sources or ## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. ## connecting to some DoH servers. Google and Cloudflare are fine with it.
# tls_cipher_suite = [52392, 49199] # tls_cipher_suite = [52392, 49199]
## Log TLS key material to a file, for debugging purposes only.
## This file will contain the TLS master key, which can be used to decrypt
## all TLS traffic to/from DoH servers.
## Never ever enable except for debugging purposes with a tool such as mitmproxy.
# tls_key_log_file = '/tmp/keylog.txt'
## Bootstrap resolvers ## Bootstrap resolvers
## ##
## These are normal, non-encrypted DNS resolvers, that will be only used ## These are normal, non-encrypted DNS resolvers, that will be only used
@ -261,20 +241,10 @@ dnscrypt_ephemeral_keys = true
## not be sent there. If you're using DNSCrypt or Anonymized DNS and your ## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
## lists are up to date, these resolvers will not even be used. ## lists are up to date, these resolvers will not even be used.
bootstrap_resolvers = ['45.11.45.11:53'] bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53']
## When internal DNS resolution is required, for example to retrieve ## Always use the bootstrap resolver before the system DNS settings.
## the resolvers list:
##
## - queries will be sent to dnscrypt-proxy itself, if it is already
## running with active servers (*)
## - or else, queries will be sent to fallback servers
## - finally, if `ignore_system_dns` is `false`, queries will be sent
## to the system DNS
##
## (*) this is incompatible with systemd sockets.
## `listen_addrs` must not be empty.
ignore_system_dns = true ignore_system_dns = true
@ -297,7 +267,7 @@ netprobe_timeout = -1
## On other operating systems, the connection will be initialized ## On other operating systems, the connection will be initialized
## but nothing will be sent at all. ## but nothing will be sent at all.
netprobe_address = '45.11.45.11:53' netprobe_address = '91.239.100.100:53'
## Offline mode - Do not use any remote encrypted servers. ## Offline mode - Do not use any remote encrypted servers.
@ -348,7 +318,6 @@ block_ipv6 = true
## Immediately respond to A and AAAA queries for host names without a domain name ## Immediately respond to A and AAAA queries for host names without a domain name
## This also prevents "dotless domain names" from being resolved upstream.
block_unqualified = true block_unqualified = true
@ -470,9 +439,6 @@ cache_neg_max_ttl = 600
## Certificate file and key - Note that the certificate has to be trusted. ## Certificate file and key - Note that the certificate has to be trusted.
## Can be generated using the following commands:
## openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out ECPARAM.pem
## openssl req -x509 -nodes -newkey ec:ECPARAM.pem -subj "/C=XZ/L=own PC/O=localhost/CN=localhost/" -days 5000 -sha256 -keyout localhost.pem -out localhost.pem
## See the documentation (wiki) for more information. ## See the documentation (wiki) for more information.
# cert_file = 'localhost.pem' # cert_file = 'localhost.pem'
@ -697,16 +663,16 @@ allowed_ips_file = 'allowed-ips.txt'
## If the `urls` property is missing, cache files and valid signatures ## If the `urls` property is missing, cache files and valid signatures
## must already be present. This doesn't prevent these cache files from ## must already be present. This doesn't prevent these cache files from
## expiring after `refresh_delay` hours. ## expiring after `refresh_delay` hours.
## `refreshed_delay` must be in the [24..168] interval. ## Cache freshness is checked every 24 hours, so values for 'refresh_delay'
## The minimum delay of 24 hours (1 day) avoids unnecessary requests to servers. ## of less than 24 hours will have no effect.
## The maximum delay of 168 hours (1 week) ensures cache freshness. ## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness.
[sources] [sources]
### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.public-resolvers] [sources.public-resolvers]
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
cache_file = 'public-resolvers.md' cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72 refresh_delay = 72
@ -715,7 +681,7 @@ allowed_ips_file = 'allowed-ips.txt'
### Anonymized DNS relays ### Anonymized DNS relays
[sources.relays] [sources.relays]
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
cache_file = 'relays.md' cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72 refresh_delay = 72
@ -724,13 +690,13 @@ allowed_ips_file = 'allowed-ips.txt'
### ODoH (Oblivious DoH) servers and relays ### ODoH (Oblivious DoH) servers and relays
# [sources.odoh-servers] # [sources.odoh-servers]
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md'] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
# cache_file = 'odoh-servers.md' # cache_file = 'odoh-servers.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# refresh_delay = 24 # refresh_delay = 24
# prefix = '' # prefix = ''
# [sources.odoh-relays] # [sources.odoh-relays]
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md'] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
# cache_file = 'odoh-relays.md' # cache_file = 'odoh-relays.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# refresh_delay = 24 # refresh_delay = 24
@ -748,19 +714,10 @@ allowed_ips_file = 'allowed-ips.txt'
### This is a subset of the `public-resolvers` list, so enabling both is useless ### This is a subset of the `public-resolvers` list, so enabling both is useless
# [sources.parental-control] # [sources.parental-control]
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md'] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md']
# cache_file = 'parental-control.md' # cache_file = 'parental-control.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
### dnscry.pt servers - See https://www.dnscry.pt
# [sources.dnscry-pt-resolvers]
# urls = ["https://www.dnscry.pt/resolvers.md"]
# minisign_key = "RWQM31Nwkqh01x88SvrBL8djp1NH56Rb4mKLHz16K7qsXgEomnDv6ziQ"
# cache_file = "dnscry.pt-resolvers.md"
# refresh_delay = 72
# prefix = "dnscry.pt-"
######################################### #########################################
@ -838,25 +795,34 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
## in different countries, operated by different entities, on distinct ISPs...) ## in different countries, operated by different entities, on distinct ISPs...)
routes = [ routes = [
{ server_name='acsacsar-ams-ipv4', via=['anon-meganerd', 'anon-scaleway-ams'] },
{ server_name='altername', via=['anon-cs-poland', 'anon-sth-se'] },
{ server_name='ams-dnscrypt-nl', via=['anon-meganerd', 'anon-scaleway-ams'] }, { server_name='ams-dnscrypt-nl', via=['anon-meganerd', 'anon-scaleway-ams'] },
{ server_name='d0wn-tz-ns1', via=['anon-arapurayil-in-ipv4', 'anon-cs-rome'] }, { server_name='d0wn-tz-ns1', via=['anon-arapurayil-in-ipv4', 'anon-cs-rome'] },
{ server_name='dct-nl', via=['anon-meganerd', 'anon-scaleway-ams'] }, { server_name='dns.watch', via=['anon-cs-de', 'anon-techsaviours.org'] },
{ server_name='dct-ru', via=['anon-cs-czech', 'anon-techsaviours.org'] },
{ server_name='dnscrypt.be', via=['anon-cs-belgium', 'anon-serbica'] }, { server_name='dnscrypt.be', via=['anon-cs-belgium', 'anon-serbica'] },
{ server_name='dnscrypt.ca-1', via=['anon-cs-montreal', 'anon-inconnu'] },
{ server_name='dnscrypt.ca-2', via=['anon-cs-montreal2', 'anon-inconnu'] },
{ server_name='dnscrypt.eu-nl', via=['anon-meganerd', 'anon-scaleway-ams'] },
{ server_name='dnscrypt.pl', via=['anon-cs-poland', 'anon-techsaviours.org'] }, { server_name='dnscrypt.pl', via=['anon-cs-poland', 'anon-techsaviours.org'] },
{ server_name='dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] }, { server_name='dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] },
{ server_name='dnswarden-uncensor-dc-swiss', via=['anon-cs-fr', 'anon-kama'] }, { server_name='dnswarden-asia-uncensor-dcv4', via=['anon-saldnssg01-conoha-ipv4', 'anon-tiarap'] },
{ server_name='meganerd', via=['anon-scaleway-ams', 'anon-serbica'] }, { server_name='dnswarden-eu-uncensor-dcv4', via=['anon-cs-de', 'anon-techsaviours.org'] },
{ server_name='openinternet', via=['anon-cs-sea', 'anon-inconnu'] }, { server_name='dnswarden-us-uncensor-dcv4', via=['anon-cs-tx', 'anon-plan9-ns2'] },
{ server_name='plan9dns-fl', via=['anon-cs-tx', 'anon-inconnu'] }, { server_name='meganerd', via=['anon-acsacsar-ams-ipv4', 'anon-scaleway-ams'] },
{ server_name='plan9dns-mx', via=['anon-cs-tx', 'anon-inconnu'] }, { server_name='moulticast-fr-ipv4', via=['anon-cs-fr', 'anon-kama'] },
{ server_name='moulticast-sg-ipv4', via=['anon-saldnssg01-conoha-ipv4', 'anon-tiarap'] },
{ server_name='moulticast-uk-ipv4', via=['anon-cs-london', 'anon-dnscrypt.uk-ipv4'] },
{ server_name='plan9dns-fl', via=['anon-cs-fl', 'anon-inconnu'] },
{ server_name='plan9dns-mx', via=['anon-cs-tx2', 'anon-inconnu'] },
{ server_name='plan9dns-nj', via=['anon-cs-nyc1', 'anon-inconnu'] }, { server_name='plan9dns-nj', via=['anon-cs-nyc1', 'anon-inconnu'] },
{ server_name='pryv8boi', via=['anon-cs-dus1', 'anon-techsaviours.org'] }, { server_name='pryv8boi', via=['anon-cs-de', 'anon-techsaviours.org'] },
{ server_name='sby-limotelu', via=['anon-cs-sydney', 'anon-tiarap'] }, { server_name='pwoss.org-dnscrypt', via=['anon-cs-de', 'anon-techsaviours.org'] },
{ server_name='resolver4.dns.openinternet.io', via=['anon-cs-montreal', 'anon-inconnu'] },
{ server_name='scaleway-ams', via=['anon-meganerd', 'anon-serbica'] }, { server_name='scaleway-ams', via=['anon-meganerd', 'anon-serbica'] },
{ server_name='scaleway-fr', via=['anon-cs-fr', 'anon-dnscrypt.uk-ipv4'] }, { server_name='scaleway-fr', via=['anon-cs-fr', 'anon-dnscrypt.uk-ipv4'] },
{ server_name='serbica', via=['anon-cs-nl', 'anon-scaleway-ams'] }, { server_name='serbica', via=['anon-acsacsar-ams-ipv4', 'anon-scaleway-ams'] },
{ server_name='techsaviours.org-dnscrypt', via=['anon-cs-berlin', 'anon-dnswarden-swiss'] }, { server_name='techsaviours.org-dnscrypt', via=['anon-cs-de', 'anon-pwoss.org'] },
{ server_name='v.dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] } { server_name='v.dnscrypt.uk-ipv4', via=['anon-cs-london', 'anon-scaleway'] }
# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] }, # { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
# { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] } # { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }

View File

@ -1,9 +1,9 @@
ui_print " " ui_print " "
ui_print "******************************" ui_print "******************************"
ui_print "* dnscrypt-proxy-android *" ui_print "* dnscrypt-proxy-android *"
ui_print "* 2.1.5 *" ui_print "* 2.1.1-3 *"
ui_print "******************************" ui_print "******************************"
ui_print "* d3cim *" ui_print "* quindecim *"
ui_print "******************************" ui_print "******************************"
ui_print " " ui_print " "
@ -58,10 +58,6 @@ ui_print "* Setting up the right permissions to the dnscrypt-proxy binary file."
set_perm_recursive $MODPATH 0 0 0755 0755 set_perm_recursive $MODPATH 0 0 0755 0755
set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755 set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755
# Set Private DNS mode off
ui_print "* Disabling Android 9+ Private DNS mode."
settings put global private_dns_mode off
# Cleanup unneeded binary files # Cleanup unneeded binary files
ui_print "* Cleaning up the unnecessary files." ui_print "* Cleaning up the unnecessary files."
rm -r $MODPATH/binary rm -r $MODPATH/binary

View File

@ -1,7 +1,7 @@
id=dnscrypt-proxy-android id=dnscrypt-proxy-android
name=DNSCrypt-Proxy 2 name=DNSCrypt-Proxy 2
version=2.1.5 version=2.1.1-3
versionCode=210500 versionCode=21103
author=d3cim author=quindecim
description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). Using dnscrypt-proxy 2.1.5 description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). Using dnscrypt-proxy 2.1.1
updateJson=https://raw.githubusercontent.com/d3cim/dnscrypt-proxy-android/master/update.json updateJson=https://raw.githubusercontent.com/quindecim/dnscrypt-proxy-android/master/update.json

View File

@ -8,14 +8,7 @@ MODDIR=${0%/*}
# This script will be executed in post-fs-data mode # This script will be executed in post-fs-data mode
# Redirect DNS requests to localhost iptables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p tcp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 iptables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 # ip6tables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p tcp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination [::1]:5354 # ip6tables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p udp ! -d 45.11.45.11 --dport 53 -j DNAT --to-destination [::1]:5354
# Force disable IPv6 OS connections
resetprop net.ipv6.conf.all.accept_redirects 0
resetprop net.ipv6.conf.all.disable_ipv6 1
resetprop net.ipv6.conf.default.accept_redirects 0
resetprop net.ipv6.conf.default.disable_ipv6 1

View File

@ -1,6 +1,6 @@
{ {
"version": "2.1.5", "version": "2.1.1-3",
"versionCode": 210500, "versionCode": 21103,
"zipUrl": "https://github.com/d3cim/dnscrypt-proxy-android/releases/download/2.1.5/dnscrypt-proxy-android-v2.1.5.zip", "zipUrl": "https://github.com/quindecim/dnscrypt-proxy-android/releases/download/2.1.1-3/dnscrypt-proxy-android-v2.1.1-3.zip",
"changelog": "https://raw.githubusercontent.com/d3cim/dnscrypt-proxy-android/2.1.5/CHANGELOG.md" "changelog": "https://raw.githubusercontent.com/quindecim/dnscrypt-proxy-android/master/CHANGELOG.md"
} }