Hardened dnscrypt-proxy module for Android.
Go to file
quindecim 41633d2b2b [UPSTREAM] - Rename the python script name / Don't use Lumberjack for non-regular files
77a27a46a4
8dd4612ea7
2020-07-08 10:41:31 -04:00
META-INF/com/google/android Require Magisk v20.0+ 2020-05-23 04:45:56 -04:00
binary [UPSTREAM] - Update binary files to 2.0.44 2020-06-12 05:33:55 -04:00
config [UPSTREAM] - Rename the python script name / Don't use Lumberjack for non-regular files 2020-07-08 10:41:31 -04:00
.gitattributes initial release 2018-02-27 21:42:14 +07:00
.gitignore add gitignore 2018-02-27 22:08:08 +07:00
README.md Update 'README.md' 2020-07-06 18:53:06 -04:00
changelog.md Update to 2.0.44 2020-06-12 05:37:28 -04:00
customize.sh Update to 2.0.44 2020-06-12 05:37:28 -04:00
module.prop Update to 2.0.44 2020-06-12 05:37:28 -04:00
post-fs-data.sh DROP IPv6 queries properly 2020-05-15 13:53:48 -04:00
service.sh [FIXED] - dnscrypt-proxy doesn't detect the config file 2020-01-20 09:32:53 -05:00

README.md

DNSCrypt Proxy 2 for Android | privacy oriented

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.

Features

Pre-built binaries

Up-to-date, pre-built binaries are available for:

  • Android/arm
  • Android/arm64
  • Android/x86
  • Android/x86_64

Differences between default DNSCrypt Proxy project

- CONFIG. FILE: (dnscrypt-proxy.toml)
  • DNSSEC required
  • Enabled dnscrypt_ephemeral_keys feature (create a new, unique key for every single DNS query)
  • Enabled anonymized_dns feature (each resolver has 2 relays)
  • Enabled skip_incompatible option (ignore resolvers incompatible with Anonymized DNS instead of using them without a relay)
  • Enabled blacklist.txt and whitelist.txt file (as placeholder, use them as you wish)
  • Disabled DoH
  • Disabled IPv6
  • Disabled direct_cert_fallback option (prevent direct connections through the resolvers for failed certificate retrieved via relay
  • Setrefused response to blocked queries
  • Set DNS query max. response time from 5000 to 1500, in ms.
  • Use UncensoredDNS, Applied Privacy DNS and NixNet DNS as fallback resolvers instead CloudFlare
  • Use dnscrypt.eu-dk (DK), dnscrypt.eu-nl (NL), dnscrypt.uk-ipv4 (UK), meganerd (NL), publicarray-au (AUS), scaleway-ams (NL), scaleway-fr (FR), v.dnscrypt.uk-ipv4 (UK) and yofiji-se-ipv4 (SE)

Installation

  1. Download latest .zip file from dnscrypt-proxy-android | CHANNEL on Telegram and flash it with Magisk Manager.
  2. Reboot.
  3. Test your DNS: https://dnsleaktest.com/

Configuration (post-installing)

  • You can edit dnscrypt-proxy.toml as you wish located on /sdcard/dnscrypt-proxy/dnscrypt-proxy.toml [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml].
  • For more detailed configuration please refer to official documentation.
  • For more support on a good privacy oriented setup, join with us at dnscrypt-proxy-android | CHAT on Telegram.

AFWall+ users only

If you experience no connection issue after flashing the module I suggest you to insert these scripts: (in both, enter and shutdown boxes)

iptables -A "afwall" -d 127.0.0.1 -p tcp --dport 5354 -j ACCEPT
iptables -A "afwall" -d 127.0.0.1 -p udp --dport 5354 -j ACCEPT

The issue is related to the use of AFWall+ and only happens on some devices, it depends on how the DNS configuration is implemented in the device itself.

Changelog

Full changelog

Credit