DNSCrypt Proxy 2: A Flexible DNS Proxy Supporting Encrypted DNS Protocols

DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.

It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.

DNSCrypt Proxy is a flexible DNS proxy that supports modern encrypted DNS protocols, including DNSCrypt v2, DNS-over-HTTPS (DoH), Anonymized DNSCrypt, and Oblivious DoH (ODoH). This application enhances privacy and security by encrypting DNS queries, helping to prevent eavesdropping and manipulation by third parties.

By using DNSCrypt Proxy, users can safeguard their DNS traffic against potential threats while enjoying the benefits of anonymous browsing. The tool is designed for both home users and organizations looking to implement secure DNS practices.

Features

• DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
• Client IP addresses can be hidden using Tor, SOCKS proxies or Anonymized DNS relays
• DNS query monitoring, with separate log files for regular and suspicious queries
• Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
• Time-based filtering, with a flexible weekly schedule
• Transparent redirection of specific domains to specific resolvers
• DNS caching, to reduce latency and improve privacy
• Local IPv6 blocking to reduce latency on IPv4-only networks
• Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
• Cloaking: like a HOSTS file on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo, DuckDuckGo and Bing
• Automatic background updates of resolvers lists
• Can force outgoing connections to use TCP
• Compatible with DNSSEC
• Includes a local DoH server in order to support ECH (ESNI)

Supported Systems

• Android/arm
• Android/arm64
• Android/x86
• Android/x86_64
• Dragonfly BSD
• FreeBSD/arm
• FreeBSD/x86
• FreeBSD/x86_64
• Linux/arm
• Linux/arm64
• Linux/mips
• Linux/mipsle
• Linux/mips64
• Linux/mips64le
• Linux/x86
• Linux/x86_64
• macOS/arm64
• macOS/x86_64
• NetBSD/x86
• NetBSD/x86_64
• OpenBSD/x86
• OpenBSD/x86_64
• Windows
• Windows 64 bit

License

ISC License

Resources & Downloads

• Source-code and download
• Home

DNSCrypt version 2 - Official Project Home Page

New home of the DNSCrypt project, now implementing multiple protocols to improve DNS security. Download official DNSCrypt & DoH servers and clients here.

Official Project Home Page

GitHub - DNSCrypt/dnscrypt-proxy: dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. - DNSCrypt/dnscrypt-proxy

GitHubDNSCrypt