6.6 KiB
DNSCrypt Proxy 2 for Android
A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).
Features
- For all features please refer to the official page.
Pre-built binaries
Up-to-date, pre-built binaries are available for:
- Android/arm
- Android/arm64
- Android/x86
- Android/x86_64
All the binary files are downloaded from the official release page.
Differences from the main project
-
server_names
=acsacsar-ams-ipv4
[NLD],altername
[RUS],ams-dnscrypt-nl
[NLD],bcn-dnscrypt
[ESP],d0wn-tz-ns1
[TZA],dct-at1
[AUS],dct-de1
[DEU],dct-ru1
[RUS],dns.digitalsize.net
[DEU],dns.watch
[DEU],dnscrypt.be
[BEL],dnscrypt.ca-1
[CAN],dnscrypt.ca-2
[CAN],dnscrypt.eu-nl
[NLD],dnscrypt.pl
[POL],dnscrypt.uk-ipv4
[GBR],dnswarden-asia-uncensor-dcv4
[SGP],dnswarden-eu-uncensor-dcv4
[DEU],dnswarden-us-uncensor-dcv4
[USA],gombadi-syd
[AUS],meganerd
[NLD],moulticast-ca-ipv4
[CAN],moulticast-de-ipv4
[DEU],moulticast-fr-ipv4
[FRA],moulticast-sg-ipv4
[SGP],moulticast-uk-ipv4
[GBR],plan9-dns
[USA],plan9-ns2
[USA],pryv8boi
[DEU],pwoss.org-dnscrypt
[DEU],resolver4.dns.openinternet.io
[USA],scaleway-ams
[NLD],scaleway-fr
[FRA],serbica
[NLD],v.dnscrypt.uk-ipv4
[GBR] are the resolvers in use. -
doh_servers = false
(disable servers implementing theDNS-over-HTTPS
protocol) -
require_dnssec = true
(server must supportDNSSEC
security extension) -
force_tcp = true
(fix for mobile data intial connection random issues ifroutes
have been set andskip_incompatible = true
, see DNSCrypt/dnscrypt-proxy/discussions/2020) -
timeout = 1000
(set the max. response time of a single DNS query from5000
to1000
ms.) -
blocked_query_response = 'refused'
(setrefused
response to blocked queries) -
# log_level = 0
(set the log level of thednscrypt-proxy.log
file to very verbose, but keep it disabled by default) -
dnscrypt_ephemeral_keys = true
(create a new, unique key for every single DNS query) -
bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53']
(use UncensoredDNS (Anycast & Unicast) instead CloudFlare) -
netprobe_address = '91.239.100.100:53'
(use UncensoredDNS (Anycast) instead CloudFlare) -
block_ipv6 = true
(immediately respond to IPv6-related queries with an empty response) -
blocked-names.txt
,blocked-ips.txt
,allowed-names.txt
andallowed-ips.txt
files enabled. (to know more specifics about this, please refer to the Filters (optional) section below) -
anonymized_dns
feature enabled. (routes
are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned) -
skip_incompatible = true
(skip resolvers incompatible with anonymization instead of using them directly) -
direct_cert_fallback = false
(prevent direct connections through the resolvers for failed certificate retrieved via relay)
Installation
1. Download the latest dnscrypt-proxy-android-*.zip
file from the Releases page or from my dnscrypt-proxy-android | CHANNEL on Telegram and flash it with Magisk:
Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip
2. Reboot your device.
3. Test your DNS at https://dnsleaktest.com/
Configuration (optional)
You can edit the dnscrypt-proxy.toml
file as you wish located on storage/emulated/0/dnscrypt-proxy
path.
For a more detailed configuration you can refer to the official documentation or simply join our group on Telegram, at dnscrypt-proxy-android | CHAT.
Filters (optional)
Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.
The module comes with the filtering feature enabled by default, that's why you can see some files, needed for this operation, inside the /storage/emulated/0/dnscrypt-proxy
folder. The files are empty, out of the box they work as a placeholder, but they can be used to use dnscrypt-proxy as a blocking tool. To know more about it you can consult the official documentation, or in a simpler way through my repository.
I'm also providing the allowed-names.txt
and blocked-names.txt
files regularly updated at dnscrypt-proxy-filters | CHANNEL. The sources used for this merge are among the hardest on the web.
You can contribute to this blocklist at anytime, opening an Issue here or simply reporting the issue at dnscrypt-proxy-filters | CHAT on Telegram.
Changelog
Credits
- Frank Denis and his contributors for the upstream code.
- Affif Mukhlashin and his contributors for the very first module.
- John Wu and his contributors for Magisk.