Browse Source

initial release

master
bluemeda 4 years ago
commit
71c6356036
  1. 8
      .gitattributes
  2. 153
      META-INF/com/google/android/update-binary
  3. 1
      META-INF/com/google/android/updater-script
  4. 9
      README.md
  5. BIN
      binary/dnscrypt-proxy-arm
  6. BIN
      binary/dnscrypt-proxy-arm64
  7. 7
      common/post-fs-data.sh
  8. 21
      common/service.sh
  9. 3
      common/system.prop
  10. 131
      config.sh
  11. 18
      config/LICENSE
  12. 381
      config/dnscrypt-proxy.toml
  13. 37
      config/example-blacklist.txt
  14. 22
      config/example-cloaking-rules.txt
  15. 383
      config/example-dnscrypt-proxy.toml
  16. 12
      config/example-forwarding-rules.txt
  17. 7
      module.prop

8
.gitattributes vendored

@ -0,0 +1,8 @@
# Declare files that will always have LF line endings on checkout.
META-INF/** text eol=lf
*.prop text eol=lf
*.sh text eol=lf
*.md text eol=lf
# Denote all files that are truly binary and should not be modified.
system/** binary

153
META-INF/com/google/android/update-binary

@ -0,0 +1,153 @@
#!/sbin/sh
##########################################################################################
#
# Magisk Module Template Install Script
# by topjohnwu
#
##########################################################################################
# Detect whether in boot mode
ps | grep zygote | grep -v grep >/dev/null && BOOTMODE=true || BOOTMODE=false
$BOOTMODE || ps -A 2>/dev/null | grep zygote | grep -v grep >/dev/null && BOOTMODE=true
TMPDIR=/dev/tmp
INSTALLER=$TMPDIR/install
MAGISKBIN=/data/adb/magisk
# Default permissions
umask 022
# Initial cleanup
rm -rf $TMPDIR 2>/dev/null
mkdir -p $INSTALLER
# echo before loading util_functions
ui_print() { echo "$1"; }
require_new_magisk() {
ui_print "*******************************"
ui_print " Please install Magisk v15.0+! "
ui_print "*******************************"
exit 1
}
##########################################################################################
# Environment
##########################################################################################
OUTFD=$2
ZIP=$3
mount /data 2>/dev/null
# Utility functions must exist
[ -f $MAGISKBIN/util_functions.sh ] || require_new_magisk
# Load utility fuctions
. $MAGISKBIN/util_functions.sh
# We can't alter magisk image live, use alternative image if required
$BOOTMODE && IMG=/data/adb/magisk_merge.img
# Always mount under tmp
MOUNTPATH=$TMPDIR/magisk_img
# Preperation for flashable zips
get_outfd
# Mount partitions
mount_partitions
# Detect version and architecture
api_level_arch_detect
# You can get the Android API version from $API, the CPU architecture from $ARCH
# Useful if you are creating Android version / platform dependent mods
# Setup busybox and binaries
$BOOTMODE && boot_actions || recovery_actions
##########################################################################################
# Preparation
##########################################################################################
# Extract common files
unzip -o "$ZIP" module.prop config.sh 'common/*' -d $INSTALLER >&2
[ ! -f $INSTALLER/config.sh ] && abort "! Unable to extract zip file!"
# Load configurations
. $INSTALLER/config.sh
# Check the installed magisk version
MIN_VER=`grep_prop minMagisk $INSTALLER/module.prop`
[ ! -z $MAGISK_VER_CODE -a $MAGISK_VER_CODE -ge $MIN_VER ] || require_new_magisk
MODID=`grep_prop id $INSTALLER/module.prop`
MODPATH=$MOUNTPATH/$MODID
# Print mod name
print_modname
# Please leave this message in your flashable zip for credits :)
ui_print "******************************"
ui_print "Powered by Magisk (@topjohnwu)"
ui_print "******************************"
##########################################################################################
# Install
##########################################################################################
# Get the variable reqSizeM. Use your own method to determine reqSizeM if needed
request_zip_size_check "$ZIP"
# This function will mount $IMG to $MOUNTPATH, and resize the image based on $reqSizeM
mount_magisk_img
# Create mod paths
rm -rf $MODPATH 2>/dev/null
mkdir -p $MODPATH
# custom install begin
install_dnscrypt_proxy
# custom install end
# Remove placeholder
rm -f $MODPATH/system/placeholder 2>/dev/null
# Handle replace folders
for TARGET in $REPLACE; do
mktouch $MODPATH$TARGET/.replace
done
# Auto Mount
$AUTOMOUNT && touch $MODPATH/auto_mount
# prop files
$PROPFILE && cp -af $INSTALLER/common/system.prop $MODPATH/system.prop
# Module info
cp -af $INSTALLER/module.prop $MODPATH/module.prop
if $BOOTMODE; then
# Update info for Magisk Manager
mktouch /sbin/.core/img/$MODID/update
cp -af $INSTALLER/module.prop /sbin/.core/img/$MODID/module.prop
fi
# post-fs-data mode scripts
$POSTFSDATA && cp -af $INSTALLER/common/post-fs-data.sh $MODPATH/post-fs-data.sh
# service mode scripts
$LATESTARTSERVICE && cp -af $INSTALLER/common/service.sh $MODPATH/service.sh
ui_print "- Setting permissions"
set_permissions
##########################################################################################
# Finalizing
##########################################################################################
# Unmount magisk image and shrink if possible
unmount_magisk_img
$BOOTMODE || recovery_cleanup
rm -rf $TMPDIR
ui_print "- Done"
exit 0

1
META-INF/com/google/android/updater-script

@ -0,0 +1 @@
#MAGISK

9
README.md

@ -0,0 +1,9 @@
# Magisk Module Template
This `README.md` will be shown in Magisk Manager. Place any information / changelog / notes you like.
**Please update `README.md` if you want to submit your module to the online repo!**
Github has its own online markdown editor with a preview feature, you can use it to update your `README.md`! If you need more advanced syntax, check the [Markdown Cheat Sheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet).
For more information about modules and repos, please check the [official documentations](https://github.com/topjohnwu/Magisk/blob/master/docs/modules.md)

BIN
binary/dnscrypt-proxy-arm

Binary file not shown.

BIN
binary/dnscrypt-proxy-arm64

Binary file not shown.

7
common/post-fs-data.sh

@ -0,0 +1,7 @@
#!/system/bin/sh
# Please don't hardcode /magisk/modname/... ; instead, please use $MODDIR/...
# This will make your scripts compatible even if Magisk change its mount point in the future
MODDIR=${0%/*}
# This script will be executed in post-fs-data mode
# More info in the main Magisk thread

21
common/service.sh

@ -0,0 +1,21 @@
#!/system/bin/sh
# Please don't hardcode /magisk/modname/... ; instead, please use $MODDIR/...
# This will make your scripts compatible even if Magisk change its mount point in the future
MODDIR=${0%/*}
# This script will be executed in late_start service mode
# More info in the main Magisk thread
$MODDIR/system/xbin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
while true
do
ping -c 1 google.com
if [[ $? == 0 ]];
then
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables-t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
break;
else
sleep 5
fi
done

3
common/system.prop

@ -0,0 +1,3 @@
# This file will be read by resetprop
# Example: Change dpi
# ro.sf.lcd_density=320

131
config.sh

@ -0,0 +1,131 @@
##########################################################################################
#
# Magisk Module Template Config Script
# by topjohnwu
#
##########################################################################################
##########################################################################################
#
# Instructions:
#
# 1. Place your files into system folder (delete the placeholder file)
# 2. Fill in your module's info into module.prop
# 3. Configure the settings in this file (config.sh)
# 4. If you need boot scripts, add them into common/post-fs-data.sh or common/service.sh
# 5. Add your additional or modified system properties into common/system.prop
#
##########################################################################################
##########################################################################################
# Configs
##########################################################################################
# Set to true if you need to enable Magic Mount
# Most mods would like it to be enabled
AUTOMOUNT=true
# Set to true if you need to load system.prop
PROPFILE=false
# Set to true if you need post-fs-data script
POSTFSDATA=false
# Set to true if you need late_start service script
LATESTARTSERVICE=true
##########################################################################################
# Installation Message
##########################################################################################
# Set what you want to show when installing your mod
print_modname() {
ui_print "*******************************"
ui_print " Magisk Module Template "
ui_print "*******************************"
}
##########################################################################################
# Replace list
##########################################################################################
# List all directories you want to directly replace in the system
# Check the documentations for more info about how Magic Mount works, and why you need this
# This is an example
REPLACE="
/system/app/Youtube
/system/priv-app/SystemUI
/system/priv-app/Settings
/system/framework
"
# Construct your own list here, it will override the example above
# !DO NOT! remove this if you don't need to replace anything, leave it empty as it is now
REPLACE="
"
##########################################################################################
# Permissions
##########################################################################################
set_permissions() {
# Only some special files require specific permissions
# The default permissions should be good enough for most cases
# Here are some examples for the set_perm functions:
# set_perm_recursive <dirname> <owner> <group> <dirpermission> <filepermission> <contexts> (default: u:object_r:system_file:s0)
# set_perm_recursive $MODPATH/system/lib 0 0 0755 0644
# set_perm <filename> <owner> <group> <permission> <contexts> (default: u:object_r:system_file:s0)
# set_perm $MODPATH/system/bin/app_process32 0 2000 0755 u:object_r:zygote_exec:s0
# set_perm $MODPATH/system/bin/dex2oat 0 2000 0755 u:object_r:dex2oat_exec:s0
# set_perm $MODPATH/system/lib/libart.so 0 0 0644
# The following is default permissions, DO NOT remove
set_perm_recursive $MODPATH 0 0 0755 0644
set_perm $MODPATH/system/xbin/dnscrypt-proxy 0 0 0755
}
##########################################################################################
# Custom Functions
##########################################################################################
# This file (config.sh) will be sourced by the main flash script after util_functions.sh
# If you need custom logic, please add them here as functions, and call these functions in
# update-binary. Refrain from adding code directly into update-binary, as it will make it
# difficult for you to migrate your modules to newer template versions.
# Make update-binary as clean as possible, try to only do function calls in it.
install_dnscrypt_proxy(){
if [ "$ARCH" == "arm" ];then
BINARY_PATH=$INSTALLER/binary/dnscrypt-proxy-arm
elif [ "$ARCH" == "arm64" ];then
BINARY_PATH=$INSTALLER/binary/dnscrypt-proxy-arm64
fi
CONFIG_PATH=$INSTALLER/config
unzip -o "$ZIP" 'config/*' 'binary/*' -d $INSTALLER 2>/dev/null
ui_print "* Creating binary path"
mkdir -p $MODPATH/system/xbin 2>/dev/null
ui_print "* Creating config path"
mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null
if [ -f "$BINARY_PATH" ]; then
ui_print "Copying binary for $ARCH"
cp -af $BINARY_PATH $MODPATH/system/xbin/dnscrypt-proxy
else
abort "Binary file for $ARCH is missing!"
fi
if [ -d "$CONFIG_PATH" ]; then
ui_print "Copying config files"
cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy
else
abort "Config file is missing!"
fi
}

18
config/LICENSE

@ -0,0 +1,18 @@
/*
* ISC License
*
* Copyright (c) 2018
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

381
config/dnscrypt-proxy.toml

@ -0,0 +1,381 @@
##############################################
# #
# dnscrypt-proxy configuration #
# #
##############################################
## This is an example configuration file.
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
##
## Online documentation is available here: https://dnscrypt.info/doc
##################################
# Global settings #
##################################
## List of servers to use
## If this line is commented, all registered servers matching the require_* filters
## will be used
## The proxy will automatically pick the fastest, working servers from the list.
# server_names = ['scaleway-fr', 'google', 'yandex']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## To only use systemd activation sockets, use an empty set: []
listen_addresses = ['127.0.0.1:53', '[::1]:53']
## Maximum number of simultaneous client connections to accept
max_clients = 250
## Require servers (from static + remote sources) to satisfy specific properties
# Use servers reachable over IPv4
ipv4_servers = true
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = false
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = false
# Server must not log user queries (declarative)
require_nolog = true
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
## Always use TCP to connect to upstream servers
force_tcp = false
## How long a DNS query will wait for a response, in milliseconds
timeout = 2500
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2'
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
# log_level = 2
## log file for the application
# log_file = 'dnscrypt-proxy.log'
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
## Delay, in minutes, after which certificates are reloaded
cert_refresh_delay = 240
## Fallback resolver
## This is a normal, non-encrypted DNS resolver, that will be only used
## for one-shot queries when retrieving the initial resolvers list, and
## only if the system DNS configuration doesn't work.
## No user application queries will ever be leaked through this resolver,
## and it will not be used after IP addresses of resolvers URLs have been found.
## It will never be used if lists have already been cached, and if stamps
## don't include host names without IP addresses.
## It will not be used if the configured system DNS works.
## A resolver supporting DNSSEC is recommended. This may become mandatory.
fallback_resolver = '9.9.9.9:53'
## Never try to use the system DNS settings; unconditionally use the
## fallback resolver.
ignore_system_dns = false
#########################
# Filters #
#########################
## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers. In
## particular, enabling this on macOS is not recommended.
block_ipv6 = false
##################################################################################
# Route queries for specific domains to a dedicated set of servers #
##################################################################################
## Example map entries (one entry per line):
## example.com 9.9.9.9
## example.net 9.9.9.9,8.8.8.8
# forwarding_rules = 'forwarding-rules.txt'
###############################
# Cloaking rules #
###############################
## Cloaking returns a predefined address for a specific name.
## In addition to acting as a HOSTS file, it can also return the IP address
## of a different name. It will also do CNAME flattening.
##
## Example map entries (one entry per line)
## example.com 10.1.1.1
## www.google.com forcesafesearch.google.com
# cloaking_rules = 'cloaking-rules.txt'
###########################
# DNS cache #
###########################
## Enable a DNS cache to reduce latency and outgoing traffic
cache = true
## Cache size
cache_size = 256
## Minimum TTL for cached entries
cache_min_ttl = 600
## Maxmimum TTL for cached entries
cache_max_ttl = 86400
## TTL for negatively cached entries
cache_neg_ttl = 60
###############################
# Query logging #
###############################
## Log client queries to a file
[query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'query.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
# ignored_qtypes = ['DNSKEY', 'NS']
############################################
# Suspicious queries logging #
############################################
## Log queries for nonexistent zones
## These queries can reveal the presence of malware, broken/obsolete applications,
## and devices signaling their presence to 3rd parties.
[nx_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'nx.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
######################################################
# Pattern-based blocking (blacklists) #
######################################################
## Blacklists are made of one pattern per line. Example of valid patterns:
##
## example.com
## *sex*
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
##
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
## A script to build blacklists from public feeds can be found in the
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
[blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
###########################################################
# Pattern-based IP blocking (IP blacklists) #
###########################################################
## IP blacklists are made of one pattern per line. Example of valid patterns:
##
## 127.*
## fe80:abcd:*
## 192.168.1.4
[ip_blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'ip-blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'ip-blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
##########################################
# Time access restrictions #
##########################################
## One or more weekly schedules can be defined here.
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
##
## For example, the following rule in a blacklist file:
## *.youtube.* @time-to-sleep
## would block access to Youtube only during the days, and period of the days
## define by the 'time-to-sleep' schedule.
##
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
## {after= '9:00', before='18:00'} matches 9:00-18:00
[schedules]
# [schedules.'time-to-sleep']
# mon = [{after='21:00', before='7:00'}]
# tue = [{after='21:00', before='7:00'}]
# wed = [{after='21:00', before='7:00'}]
# thu = [{after='21:00', before='7:00'}]
# fri = [{after='23:00', before='7:00'}]
# sat = [{after='23:00', before='7:00'}]
# sun = [{after='21:00', before='7:00'}]
# [schedules.'work']
# mon = [{after='9:00', before='18:00'}]
# tue = [{after='9:00', before='18:00'}]
# wed = [{after='9:00', before='18:00'}]
# thu = [{after='9:00', before='18:00'}]
# fri = [{after='9:00', before='17:00'}]
#########################
# Servers #
#########################
## Remote lists of available servers
## Multiple sources can be used simultaneously, but every source
## requires a dedicated cache file.
##
## Refer to the documentation for URLs of public sources.
##
## A prefix can be prepended to server names in order to
## avoid collisions if different sources share the same for
## different servers. In that case, names listed in `server_names`
## must include the prefixes.
##
## A cache file can be specified without a URL in order to maintain lists
## locally.
[sources]
## An example of a remote source
[sources.'public-resolvers']
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
cache_file = '/system/etc/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
## Another example source, with resolvers censoring some websites not approriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless
# [sources.'parental-control']
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
# cache_file = 'parental-control.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
## Optional, local, static list of additional servers
## Mostly useful for testing your own servers.
[static]
[static.'google']
stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'

37
config/example-blacklist.txt

@ -0,0 +1,37 @@
###########################
# Blacklist #
###########################
## Rules for name-based query blocking, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
ad.*
ads.*
banner.*
banners.*
creatives.*
oas.*
oascentral.*
stats.*
tag.*
telemetry.*
tracker.*
*.local
eth0.me
*.workgroup
## Time-based rules
# *.youtube.* @time-to-sleep
# facebook.com @work

22
config/example-cloaking-rules.txt

@ -0,0 +1,22 @@
################################
# Cloaking rules #
################################
# The following example rules force "safe" (without adult content) search
# results from Google, Bing and Youtube.
#
# This has to be enabled with the `cloaking_rules` parameter in the main
# configuration file
www.google.com forcesafesearch.google.com
www.google.fr forcesafesearch.google.com
www.bing.com strict.bing.com
www.youtube.com restrictmoderate.youtube.com
m.youtube.com restrictmoderate.youtube.com
youtubei.googleapis.com restrictmoderate.youtube.com
youtube.googleapis.com restrictmoderate.youtube.com
www.youtube-nocookie.com restrictmoderate.youtube.com

383
config/example-dnscrypt-proxy.toml

@ -0,0 +1,383 @@
##############################################
# #
# dnscrypt-proxy configuration #
# #
##############################################
## This is an example configuration file.
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
##
## Online documentation is available here: https://dnscrypt.info/doc
##################################
# Global settings #
##################################
## List of servers to use
## If this line is commented, all registered servers matching the require_* filters
## will be used
## The proxy will automatically pick the fastest, working servers from the list.
## Remove the leading # first to enable this; lines starting with # are ignored.
# server_names = ['scaleway-fr', 'google', 'yandex']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## To only use systemd activation sockets, use an empty set: []
listen_addresses = ['127.0.0.1:53', '[::1]:53']
## Maximum number of simultaneous client connections to accept
max_clients = 250
## Require servers (from static + remote sources) to satisfy specific properties
# Use servers reachable over IPv4
ipv4_servers = true
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = false
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = false
# Server must not log user queries (declarative)
require_nolog = true
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
## Always use TCP to connect to upstream servers
force_tcp = false
## How long a DNS query will wait for a response, in milliseconds
timeout = 2500
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2'
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
# log_level = 2
## log file for the application
# log_file = 'dnscrypt-proxy.log'
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
## Delay, in minutes, after which certificates are reloaded
cert_refresh_delay = 240
## Fallback resolver
## This is a normal, non-encrypted DNS resolver, that will be only used
## for one-shot queries when retrieving the initial resolvers list, and
## only if the system DNS configuration doesn't work.
## No user application queries will ever be leaked through this resolver,
## and it will not be used after IP addresses of resolvers URLs have been found.
## It will never be used if lists have already been cached, and if stamps
## don't include host names without IP addresses.
## It will not be used if the configured system DNS works.
## A resolver supporting DNSSEC is recommended. This may become mandatory.
fallback_resolver = '9.9.9.9:53'
## Never try to use the system DNS settings; unconditionally use the
## fallback resolver.
ignore_system_dns = false
#########################
# Filters #
#########################
## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers. In
## particular, enabling this on macOS is not recommended.
block_ipv6 = false
##################################################################################
# Route queries for specific domains to a dedicated set of servers #
##################################################################################
## Example map entries (one entry per line):
## example.com 9.9.9.9
## example.net 9.9.9.9,8.8.8.8
# forwarding_rules = 'forwarding-rules.txt'
###############################
# Cloaking rules #
###############################
## Cloaking returns a predefined address for a specific name.
## In addition to acting as a HOSTS file, it can also return the IP address
## of a different name. It will also do CNAME flattening.
##
## Example map entries (one entry per line)
## example.com 10.1.1.1
## www.google.com forcesafesearch.google.com
# cloaking_rules = 'cloaking-rules.txt'
###########################
# DNS cache #
###########################
## Enable a DNS cache to reduce latency and outgoing traffic
cache = true
## Cache size
cache_size = 256
## Minimum TTL for cached entries
cache_min_ttl = 600
## Maximum TTL for cached entries
cache_max_ttl = 86400
## TTL for negatively cached entries
cache_neg_ttl = 60
###############################
# Query logging #
###############################
## Log client queries to a file
[query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'query.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
# ignored_qtypes = ['DNSKEY', 'NS']
############################################
# Suspicious queries logging #
############################################
## Log queries for nonexistent zones
## These queries can reveal the presence of malware, broken/obsolete applications,
## and devices signaling their presence to 3rd parties.
[nx_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'nx.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
######################################################
# Pattern-based blocking (blacklists) #
######################################################
## Blacklists are made of one pattern per line. Example of valid patterns:
##
## example.com
## *sex*
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
##
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
## A script to build blacklists from public feeds can be found in the
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
[blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
###########################################################
# Pattern-based IP blocking (IP blacklists) #
###########################################################
## IP blacklists are made of one pattern per line. Example of valid patterns:
##
## 127.*
## fe80:abcd:*
## 192.168.1.4
[ip_blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'ip-blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'ip-blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
##########################################
# Time access restrictions #
##########################################
## One or more weekly schedules can be defined here.
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
##
## For example, the following rule in a blacklist file:
## *.youtube.* @time-to-sleep
## would block access to Youtube only during the days, and period of the days
## define by the 'time-to-sleep' schedule.
##
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
## {after= '9:00', before='18:00'} matches 9:00-18:00
[schedules]
# [schedules.'time-to-sleep']
# mon = [{after='21:00', before='7:00'}]
# tue = [{after='21:00', before='7:00'}]
# wed = [{after='21:00', before='7:00'}]
# thu = [{after='21:00', before='7:00'}]
# fri = [{after='23:00', before='7:00'}]
# sat = [{after='23:00', before='7:00'}]
# sun = [{after='21:00', before='7:00'}]
# [schedules.'work']
# mon = [{after='9:00', before='18:00'}]
# tue = [{after='9:00', before='18:00'}]
# wed = [{after='9:00', before='18:00'}]
# thu = [{after='9:00', before='18:00'}]
# fri = [{after='9:00', before='17:00'}]
#########################
# Servers #
#########################
## Remote lists of available servers
## Multiple sources can be used simultaneously, but every source
## requires a dedicated cache file.
##
## Refer to the documentation for URLs of public sources.
##
## A prefix can be prepended to server names in order to
## avoid collisions if different sources share the same for
## different servers. In that case, names listed in `server_names`
## must include the prefixes.
##
## If the `url` property is missing, cache files and valid signatures
## must be already present; This doesn't prevent these cache files from
## expiring after `refresh_delay` hours.
[sources]
## An example of a remote source
[sources.'public-resolvers']
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
## Another example source, with resolvers censoring some websites not appropriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless
# [sources.'parental-control']
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
# cache_file = 'parental-control.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
## Optional, local, static list of additional servers
## Mostly useful for testing your own servers.
[static]
# [static.'google']
# stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'

12
config/example-forwarding-rules.txt

@ -0,0 +1,12 @@
##################################
# Forwarding rules #
##################################
## This is used to route specific domain names to specific servers.
## The general format is: <domain> <server address> [, <server address>...]
## Addresses can be IPv4 and IPv6, and include a non-standard port number.
## In order to enable this feature, the "forwarding_rules" property needs to
## be set to that file name in the main configuration file.
example.com 9.9.9.9,8.8.8.8

7
module.prop

@ -0,0 +1,7 @@
id=dnscrypt-proxy
name=DNSCrypt-Proxy 2
version=v1
versionCode=1
author=bluemeda
description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2.
minMagisk=1500
Loading…
Cancel
Save