A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).
dnscrypt-proxy is a flexible DNS proxy designed to enhance privacy and security by supporting modern encrypted DNS protocols. It provides robust protection against DNS spoofing and eavesdropping, ensuring that your internet traffic remains secure and private.
Key Features:
Support for Encrypted DNS Protocols: Enables secure communication using DNSCrypt v2, DNS-over-HTTPS (DoH), Anonymized DNSCrypt, and Oblivious DoH (ODoH).
Enhanced Privacy Protection: Masks the content of DNS queries to prevent tracking and surveillance.
Customizable Configuration: Allows users to tailor settings according to specific needs, including upstream servers and encryption preferences.
Ease of Use: Designed for both novice and advanced users, with straightforward setup and management options.
Audience & Benefit:
Ideal for network administrators, cybersecurity professionals, and privacy-conscious individuals who seek to safeguard their DNS queries from potential threats. By integrating dnscrypt-proxy into your network infrastructure, you can ensure secure, encrypted DNS communication, thereby reducing exposure to malicious activities.
Installation is straightforward via winget, making it accessible for users across various environments.
Available as source code and pre-built binaries for most operating systems and architectures (see below).
Features
DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
Client IP addresses can be hidden using Tor, SOCKS proxies or Anonymized DNS relays
DNS query monitoring, with separate log files for regular and suspicious queries
Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
Time-based filtering, with a flexible weekly schedule
Transparent redirection of specific domains to specific resolvers
DNS caching, to reduce latency and improve privacy
Local IPv6 blocking to reduce latency on IPv4-only networks
Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
Cloaking: like a HOSTS file on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo, DuckDuckGo and Bing
Automatic background updates of resolvers lists
Can force outgoing connections to use TCP
Compatible with DNSSEC
Includes a local DoH server in order to support ECH (ESNI)
Pre-built binaries
Up-to-date, pre-built binaries are available for:
Android/arm
Android/arm64
Android/x86
Android/x86_64
Dragonfly BSD
FreeBSD/arm
FreeBSD/x86
FreeBSD/x86_64
Linux/arm
Linux/arm64
Linux/mips
Linux/mipsle
Linux/mips64
Linux/mips64le
Linux/x86
Linux/x86_64
macOS/arm64
macOS/x86_64
NetBSD/x86
NetBSD/x86_64
OpenBSD/x86
OpenBSD/x86_64
Windows
Windows 64 bit
How to use these files, as well as how to verify their signatures, are documented in the installation instructions.
Contributors
Code Contributors
This project exists thanks to all the people who contribute.
Financial Contributors
Become a financial contributor and help us sustain our community. [Contribute]
Individuals
Organizations
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]