Hardened dnscrypt-proxy module for Android.
Go to file
quindecim 667ba1460d [UPDATE] - Removed ev-to, changed name to ev-va in ev-canada and adjusted relays 2020-12-09 03:30:01 -05:00
META-INF/com/google/android [UPSTREAM] - Require Magisk v20.4+ 2020-11-06 05:31:38 -05:00
binary [UPSTREAM] - Update binary files to 2.0.44 2020-06-12 05:33:55 -04:00
config [UPDATE] - Removed ev-to, changed name to ev-va in ev-canada and adjusted relays 2020-12-09 03:30:01 -05:00
.gitattributes initial release 2018-02-27 21:42:14 +07:00
.gitignore add gitignore 2018-02-27 22:08:08 +07:00
CHANGELOG.md Update 'CHANGELOG.md' 2020-09-17 02:26:58 -04:00
LICENSE.md Update 'LICENSE.md' 2020-11-28 15:15:08 -05:00
README.md Update 'README.md' 2020-12-09 03:27:29 -05:00
customize.sh [UPDATE] - Removed set_perm spaces 2020-09-16 12:24:43 -04:00
module.prop [UPDATE] - Edit the versionCode number 2020-09-16 12:25:44 -04:00
post-fs-data.sh [UPDATE] - Stop to drop IPv6 queries 2020-11-06 05:39:34 -05:00
service.sh [FIXED] - dnscrypt-proxy doesn't detect the config file 2020-01-20 09:32:53 -05:00

README.md

DNSCrypt Proxy 2 for Android | privacy oriented

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.

Features

Pre-built binaries

Up-to-date, pre-built binaries are available for:

  • Android/arm
  • Android/arm64
  • Android/x86
  • Android/x86_64

Differences from the main dnscrypt-proxy project

  • server_names = acsacsar-ams-ipv4 [NLD], arvind-io [IND], bcn-dnscrypt [ESP], d0wn-tz-ns1 [TZA], dnscrypt.be [BEL], dnscrypt.ca-1 [CAN], dnscrypt.ca-2 [CAN], dnscrypt.eu-dk [DNK], dnscrypt.eu-nl [NLD], dnscrypt.one [DEU], dnscrypt.pl [POL], dnscrypt.uk-ipv4 [GBR], ev-canada [CAN], faelix-ch-ipv4 [CHE], faelix-uk-ipv4 [GBR], ffmuc.net [DEU], jp.tiar.app [JPN], meganerd [NLD], plan9-dns [USA], publicarray-au [AUS], sarpel-dns-istanbul [TUR], scaleway-ams [NLD], scaleway-fr [FRA], serbica [NLD], skyfighter-dns [NLD], v.dnscrypt.uk-ipv4 [GBR], ventricle.us [USA] are the resolvers in use.

  • doh_servers = false (disable servers implementing the DNS-over-HTTPS protocol)

  • require_dnssec = true (server must support DNSSEC security extension)

  • timeout = 1000 (set the max. response time of a single DNS query from 5000 to 1000 ms.)

  • blocked_query_response = 'refused' (set refused response to blocked queries)

  • dnscrypt_ephemeral_keys = true (create a new, unique key for every single DNS query)

  • fallback_resolvers = ['91.239.100.100:53'] (use UncensoredDNS instead CloudFlare)

  • netprobe_address = '91.239.100.100:53' (use UncensoredDNS instead CloudFlare)

  • block_ipv6 = true (immediately respond to IPv6-related queries with an empty response)

  • blocked_names_file, blocked_ips_file, allowed_names_file and allowed_ips_file options enabled. (you can use the related files, created in /sdcard/dnscrypt-proxy/, or /data/media/0/dnscrypt-proxy/ to filter the web content)

  • anonymized_dns feature enabled. (routes are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)

  • skip_incompatible = true (skip resolvers incompatible with anonymization instead of using them directly)

  • direct_cert_fallback = false (prevent direct connections through the resolvers for failed certificate retrieved via relay)

Installation

  1. Download latest .zip file from dnscrypt-proxy-android | CHANNEL on Telegram and flash it with Magisk Manager.
  2. Reboot.
  3. Test your DNS: https://dnsleaktest.com/

Configuration (post-installing)

  • You can edit dnscrypt-proxy.toml as you wish located on /sdcard/dnscrypt-proxy/dnscrypt-proxy.toml, or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml.
  • For more detailed configuration please refer to official documentation.
  • For more support on a good privacy oriented setup, join with us at dnscrypt-proxy-android | CHAT on Telegram.

AFWall+ users only

If you experience no connection issue after flashing the module I suggest you to insert these scripts: (in both, enter and shutdown boxes)

iptables -A "afwall" -d 127.0.0.1 -p tcp --dport 5354 -j ACCEPT
iptables -A "afwall" -d 127.0.0.1 -p udp --dport 5354 -j ACCEPT

The issue is related to the use of AFWall+ and only happens on some devices, it depends on how the DNS configuration is implemented in the device itself.

Changelog

Full changelog

Credits