dnscrypt-proxy DNSCrypt

Use this command to install dnscrypt-proxy:

winget install --id=DNSCrypt.dnscrypt-proxy -e

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).

dnscrypt-proxy is a flexible DNS proxy designed to enhance privacy and security by supporting modern encrypted DNS protocols. It provides robust protection against DNS spoofing and eavesdropping, ensuring that your internet traffic remains secure and private.

Key Features:

Support for Encrypted DNS Protocols: Enables secure communication using DNSCrypt v2, DNS-over-HTTPS (DoH), Anonymized DNSCrypt, and Oblivious DoH (ODoH).
Enhanced Privacy Protection: Masks the content of DNS queries to prevent tracking and surveillance.
Customizable Configuration: Allows users to tailor settings according to specific needs, including upstream servers and encryption preferences.
Ease of Use: Designed for both novice and advanced users, with straightforward setup and management options.

Audience & Benefit:

Ideal for network administrators, cybersecurity professionals, and privacy-conscious individuals who seek to safeguard their DNS queries from potential threats. By integrating dnscrypt-proxy into your network infrastructure, you can ensure secure, encrypted DNS communication, thereby reducing exposure to malicious activities.

Installation is straightforward via winget, making it accessible for users across various environments.

README

Overview

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).

dnscrypt-proxy documentation ← Start here
DNSCrypt project home page
Discussions
DNS-over-HTTPS and DNSCrypt resolvers
Server and client implementations
DNS stamps
FAQ

Download the latest release

Available as source code and pre-built binaries for most operating systems and architectures (see below).

Features

DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
Client IP addresses can be hidden using Tor, SOCKS proxies or Anonymized DNS relays
DNS query monitoring, with separate log files for regular and suspicious queries
Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
Time-based filtering, with a flexible weekly schedule
Transparent redirection of specific domains to specific resolvers
DNS caching, to reduce latency and improve privacy
Local IPv6 blocking to reduce latency on IPv4-only networks
Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
Cloaking: like a HOSTS file on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo, DuckDuckGo and Bing
Automatic background updates of resolvers lists
Can force outgoing connections to use TCP
Compatible with DNSSEC
Includes a local DoH server in order to support ECH (ESNI)