Hardened dnscrypt-proxy module for Android.
Go to file
quindecim 89a9f49cf9 Add suport for TLS key logging
0c26d1637a
2023-05-26 23:17:11 +02:00
.github/ISSUE_TEMPLATE Fix formatting in bug_report.md file 2022-02-09 20:15:49 +01:00
META-INF/com/google/android [UPSTREAM] - Require Magisk v20.4+ 2020-11-06 05:31:38 -05:00
binary Update to `2.1.4` 2023-02-07 21:09:18 +01:00
config Add suport for TLS key logging 2023-05-26 23:17:11 +02:00
.gitattributes initial release 2018-02-27 21:42:14 +07:00
CHANGELOG.md Remove `starrydns` resolver 2023-05-17 00:11:24 +02:00
LICENSE.md 2023 2023-01-06 07:45:22 +01:00
README.md Remove `starrydns` resolver 2023-05-17 00:11:24 +02:00
customize.sh Update to `2.1.4` 2023-02-07 21:09:18 +01:00
module.prop Update to `2.1.4` 2023-02-07 21:09:18 +01:00
post-fs-data.sh Add back automatic redirections 2022-10-13 01:19:27 +02:00
service.sh [CONFIG] - Use the emulated path for the config. files 2021-04-09 16:51:29 +02:00
uninstall.sh [CONFIG] Loops the command until the boot is complete and add more path variants to removal 2022-01-30 12:58:37 +01:00
update.json Update to `2.1.4` 2023-02-07 21:09:18 +01:00

README.md

DNSCrypt Proxy 2 for Android

GitHub release (latest by date) GitHub all releases

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).

Features

Pre-built binaries

Up-to-date, pre-built binaries are available for:

  • Android/arm
  • Android/arm64
  • Android/x86
  • Android/x86_64

All the binary files are downloaded from the official release page.

Differences from the main project

  • server_names = altername [RUS], ams-dnscrypt-nl [NLD], d0wn-tz-ns1 [TZA], dct-at1 [AUS], dct-nl1 [NLD], dct-ru1 [RUS], dnscrypt.be [BEL], dnscrypt.ca-1 [CAN], dnscrypt.ca-2 [CAN], dnscrypt.pl [POL], dnscrypt.uk-ipv4 [GBR], dnswarden-uncensor-dc-swiss [CHE], meganerd [NLD], openinternet [USA], plan9dns-fl [USA], plan9dns-mx [MEX], plan9dns-nj [USA], pryv8boi [DEU], sby-limotelu [IDN], scaleway-ams [NLD], scaleway-fr [FRA], serbica [NLD], techsaviours.org-dnscrypt [DEU], v.dnscrypt.uk-ipv4 [GBR] are the resolvers in use.

  • doh_servers = false (disable servers implementing the DNS-over-HTTPS protocol)

  • require_dnssec = true (server must support DNSSEC security extension)

  • force_tcp = true (fix for mobile data intial connection random issues if routes have been set and skip_incompatible = true, see DNSCrypt/dnscrypt-proxy/discussions/2020)

  • timeout = 1000 (set the max. response time of a single DNS query from 5000 to 1000 ms.)

  • blocked_query_response = 'refused' (set refused response to blocked queries)

  • # log_level = 0 (set the log level of the dnscrypt-proxy.log file to very verbose, but keep it disabled by default)

  • dnscrypt_ephemeral_keys = true (create a new, unique key for every single DNS query)

  • bootstrap_resolvers = ['45.11.45.11:53'] (use DNS.SB instead CloudFlare)

  • netprobe_address = '45.11.45.11:53' (use DNS.SB instead CloudFlare)

  • block_ipv6 = true (immediately respond to IPv6-related queries with an empty response)

  • blocked-names.txt, blocked-ips.txt, allowed-names.txt and allowed-ips.txt files enabled. (to know more specifics about this, please refer to the Filters (optional) section below)

  • anonymized_dns feature enabled. (routes are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)

  • skip_incompatible = true (skip resolvers incompatible with anonymization instead of using them directly)

  • direct_cert_fallback = false (prevent direct connections through the resolvers for failed certificate retrieved via relay)

Installation

1. Download the latest dnscrypt-proxy-android-*.zip file from the Releases page and flash it with Magisk:

Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip

2. Reboot your device.

3. Test your DNS at https://dnsleaktest.com/

Configuration (optional)

You can edit the dnscrypt-proxy.toml file as you wish located on storage/emulated/0/dnscrypt-proxy path.

For a more detailed configuration you can refer to the official documentation or simply join our group on Telegram, at dnscrypt-proxy-android | CHAT.

Filters (optional)

Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.

This module comes with the filtering feature enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of dnscrypt-proxy service.
To know more about it you can consult the official documentation, or in a simpler way through my block repository.

I'm also providing the allowed-names.txt and blocked-names.txt files regularly updated at dnscrypt-proxy-filters | CHANNEL. The sources used for this merge are among the hardest on the web.

You can contribute to this blocklist at anytime, opening a New Issue here or simply reporting the issue at dnscrypt-proxy-filters | CHAT on Telegram.

Changelog

Version numbers

dnscrypt-proxy-android tags follow the format {dnscrypt-proxy_version}.{revision} where

  • dnscrypt-proxy_version is the version of dnscrypt-proxy used in x.x.x format, and
  • revision is a number indicating the version of dnscrypt-proxy-android for the corresponding dnscrypt-proxy version.

Donations

  • BTC address: 126Y2BJQyPq8CHAaFMCyVH5QcbSViQz89e
  • ETH address: 0x16b917Bb585D2411b9c9C81b03de72471f3f072F
  • XMR address: 41jXybL88etPg1nGuPsMZbFSzKzbXYat4Xak3QssPy7LNs4VBWXDxbhjSdtLJDA138cx7cTq8JhFoiTTVLhWrTNAUywgGFD

Credits