Hardened dnscrypt-proxy module for Android.
Go to file
quindecim d9b00b75b5 [CONFIG] Loops the command until the boot is complete and add more path variants to removal 2022-01-30 12:58:37 +01:00
META-INF/com/google/android [UPSTREAM] - Require Magisk v20.4+ 2020-11-06 05:31:38 -05:00
binary [UPSTREAM] - Update binary files to 2.1.1 2021-09-28 12:52:55 +02:00
config [CONFIG] Add [dns.digitalsize.net] resolver 2022-01-26 23:05:58 +01:00
.gitattributes initial release 2018-02-27 21:42:14 +07:00
CHANGELOG.md [UPDATE] - Update to 2.1.1 2021-09-28 13:08:32 +02:00
LICENSE.md [UPDATE] - 2022 2022-01-01 11:48:16 +01:00
README.md [DOCS] Add [dns.digitalsize.net] resolver 2022-01-26 23:07:40 +01:00
customize.sh [UPDATE] - Update to 2.1.1 2021-09-28 13:08:32 +02:00
module.prop [CONFIG] Revert "Update test 2" 2022-01-29 19:29:03 +01:00
post-fs-data.sh [UPDATE] - Remove unused spaces 2021-04-09 23:54:53 +02:00
service.sh [CONFIG] - Use the emulated path for the config. files 2021-04-09 16:51:29 +02:00
uninstall.sh [CONFIG] Loops the command until the boot is complete and add more path variants to removal 2022-01-30 12:58:37 +01:00
update.json [CONFIG] Formatted according to Magisk Developer Guides 2022-01-30 01:12:19 +01:00

README.md

DNSCrypt Proxy 2 for Android

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).

Features

Pre-built binaries

Up-to-date, pre-built binaries are available for:

  • Android/arm
  • Android/arm64
  • Android/x86
  • Android/x86_64

All these binary files are downloaded from the OFFICIAL RELEASE PAGE.

Differences from the main project

  • server_names = acsacsar-ams-ipv4 [NLD], altername [RUS], ams-dnscrypt-nl [NLD], bcn-dnscrypt [ESP], d0wn-tz-ns1 [TZA], dct-at1 [AUS], dct-de1 [DEU], dct-ru1 [RUS], dct-ru2 [RUS], dns.digitalsize.net [DEU], dns.watch [DEU], dnscrypt.be [BEL], dnscrypt.ca-1 [CAN], dnscrypt.ca-2 [CAN], dnscrypt.eu-nl [NLD], dnscrypt.pl [POL], dnscrypt.uk-ipv4 [GBR], dnswarden-asia-uncensor-dcv4 [SGP], dnswarden-eu-uncensor-dcv4 [DEU], dnswarden-us-uncensor-dcv4 [USA], gombadi-syd [AUS], meganerd [NLD], moulticast-ca-ipv4 [CAN], moulticast-de-ipv4 [DEU], moulticast-fr-ipv4 [FRA], moulticast-sg-ipv4 [SGP], moulticast-uk-ipv4 [GBR], pf-dnscrypt [CHE], plan9-dns [USA], plan9-ns2 [USA], pryv8boi [DEU], pwoss.org-dnscrypt [DEU], resolver4.dns.openinternet.io [USA], scaleway-ams [NLD], scaleway-fr [FRA], serbica [NLD], v.dnscrypt.uk-ipv4 [GBR], zackptg5-us-il-ipv4 [USA] are the resolvers in use.

  • doh_servers = false (disable servers implementing the DNS-over-HTTPS protocol)

  • require_dnssec = true (server must support DNSSEC security extension)

  • timeout = 1000 (set the max. response time of a single DNS query from 5000 to 1000 ms.)

  • blocked_query_response = 'refused' (set refused response to blocked queries)

  • log_level = 0 (set the log level of the dnscrypt-proxy.log file to very verbose, but still keep it disabled by default)

  • dnscrypt_ephemeral_keys = true (create a new, unique key for every single DNS query)

  • bootstrap_resolvers = ['91.239.100.100:53', '89.233.43.71:53'] (use UncensoredDNS (Anycast & Unicast) instead CloudFlare)

  • netprobe_address = '91.239.100.100:53' (use UncensoredDNS (Anycast) instead CloudFlare)

  • block_ipv6 = true (immediately respond to IPv6-related queries with an empty response)

  • blocked_names_file, blocked_ips_file, allowed_names_file and allowed_ips_file options enabled. (you can now filter your web content, to know how, please refer to the official documentation or take a look at my block repository)

  • anonymized_dns feature enabled. (routes are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)

  • skip_incompatible = true (skip resolvers incompatible with anonymization instead of using them directly)

  • direct_cert_fallback = false (prevent direct connections through the resolvers for failed certificate retrieved via relay)

Installation

1. Download the latest dnscrypt-proxy-android-*.zip file from the Releases page or from my dnscrypt-proxy-android | CHANNEL on Telegram and flash it with Magisk:

Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip

2. Reboot your device.

3. Test your DNS at https://dnsleaktest.com/

Configuration (optional)

You can edit the dnscrypt-proxy.toml file as you wish located on storage/emulated/0/dnscrypt-proxy path.

For a more detailed configuration you can refer to the official documentation HERE or simply join our group on Telegram, at dnscrypt-proxy-android | CHAT.

Filters (optional)

Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.

The module is shipped by default with these features enabled, that's why you can find some files, needed for this operation, inside the /storage/emulated/0/dnscrypt-proxy path. To know more about it you can consult the official documentation HERE, or in a simpler way through my repository HERE.

I'm providing the allowed-names.txt and blocked-names.txt files regularly updated at dnscrypt-proxy-android | CHAT. The SOURCES used for this merge are among the hardest on the web.

Any kind of feedback about this is really appreciated.

Changelog

FULL CHANGELOG.

Contributors

  • @sapoetra.dee

Credits