dnscrypt-proxy/README.md

# dnscrypt-proxy 2

A client implementation of the DNSCrypt protocol.

## Current status/features

| Features                                        | dnscrypt-proxy 1.x                                                           | dnscrypt-proxy 2.x                                      |
| ----------------------------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------- |
| Status                                          | Old PoC, barely maintained any more                                          | Very new, but quickly evolving                          |
| Code quality                                    | Big ugly mess                                                                | Readable, easy to work on                               |
| Reliability                                     | Poor, due to completely broken handling of edge cases                        | Excellent                                               |
| Security                                        | Written in C, bundles patched versions from old branches of system libraries | Written in standard and portable Go                     |
| Dependencies                                    | Specific versions of libsodium, libldns and libtool                          | None                                                    |
| Upstream connections using TCP                  | Catastrophic, requires client retries                                        | Implemented as anyone would expect, works well with TOR |
| XChaCha20 support                               | Only if compiled with recent versions of libsodium                           | Yes, always available                                   |
| Support of links with small MTU                 | Unreliable due to completely broken padding                                  | Reliable, properly implemented                          |
| Support for multiple servers                    | Nonexistent                                                                  | Yes, with automatic failover and load-balancing         |
| Custom additions                                | C API, requires libldns for sanity                                           | Simple Go structures using miekg/dns                    |
| AAAA blocking for IPv4-only networks            | Yes                                                                          | Yes                                                     |
| DNS caching                                     | Yes, with ugly hacks for DNSSEC support                                      | Yes, without ugly hacks                                 |
| EDNS support                                    | Broken with custom records                                                   | Yes                                                     |
| Asynchronous filters                            | Lol, no filters block everything                                             | Of course, thanks to Go                                 |
| Session-local storage for extensions            | Impossible                                                                   | Yes                                                     |
| Multicore support                               | Nonexistent                                                                  | Yes, thanks to Go                                       |
| Efficient padding of queries                    | Couldn't be any worse                                                        | Yes                                                     |
| Multiple local sockets                          | Impossible                                                                   | Of course. IPv4, IPv6, as many as you like              |
| Automatically picks the fastest servers         | Lol, it supports only one at a time, anyway                                  | Yes, out of the box                                     |
| Official, always up-to-date pre-built libraries | None                                                                         | Yes, for many platforms. See below.                     |

## Planned features

* New super simple (to copy&paste), extensible format for servers parameters: "stamps"
* Automatic updates
* Filtering with regexes
* Offline responses
* Local DNSSEC validation
* Flexible logging
* Windows support that doesn't suck
* DNS-over-HTTP2
* Some real documentation
+ README.md 2018-01-10 20:17:46 +01:00			`# dnscrypt-proxy 2`

			`A client implementation of the DNSCrypt protocol.`

			`## Current status/features`

tag: true 2018-01-10 22:31:44 +01:00			`\| Features \| dnscrypt-proxy 1.x \| dnscrypt-proxy 2.x \|`
			`\| ----------------------------------------------- \| ---------------------------------------------------------------------------- \| ------------------------------------------------------- \|`
			`\| Status \| Old PoC, barely maintained any more \| Very new, but quickly evolving \|`
			`\| Code quality \| Big ugly mess \| Readable, easy to work on \|`
			`\| Reliability \| Poor, due to completely broken handling of edge cases \| Excellent \|`
			`\| Security \| Written in C, bundles patched versions from old branches of system libraries \| Written in standard and portable Go \|`
			`\| Dependencies \| Specific versions of libsodium, libldns and libtool \| None \|`
			`\| Upstream connections using TCP \| Catastrophic, requires client retries \| Implemented as anyone would expect, works well with TOR \|`
			`\| XChaCha20 support \| Only if compiled with recent versions of libsodium \| Yes, always available \|`
			`\| Support of links with small MTU \| Unreliable due to completely broken padding \| Reliable, properly implemented \|`
			`\| Support for multiple servers \| Nonexistent \| Yes, with automatic failover and load-balancing \|`
			`\| Custom additions \| C API, requires libldns for sanity \| Simple Go structures using miekg/dns \|`
			`\| AAAA blocking for IPv4-only networks \| Yes \| Yes \|`
			`\| DNS caching \| Yes, with ugly hacks for DNSSEC support \| Yes, without ugly hacks \|`
			`\| EDNS support \| Broken with custom records \| Yes \|`
			`\| Asynchronous filters \| Lol, no filters block everything \| Of course, thanks to Go \|`
			`\| Session-local storage for extensions \| Impossible \| Yes \|`
			`\| Multicore support \| Nonexistent \| Yes, thanks to Go \|`
			`\| Efficient padding of queries \| Couldn't be any worse \| Yes \|`
			`\| Multiple local sockets \| Impossible \| Of course. IPv4, IPv6, as many as you like \|`
			`\| Automatically picks the fastest servers \| Lol, it supports only one at a time, anyway \| Yes, out of the box \|`
			`\| Official, always up-to-date pre-built libraries \| None \| Yes, for many platforms. See below. \|`
+ README.md 2018-01-10 20:17:46 +01:00
			`## Planned features`

			`* New super simple (to copy&paste), extensible format for servers parameters: "stamps"`
			`* Automatic updates`
			`* Filtering with regexes`
			`* Offline responses`
			`* Local DNSSEC validation`
			`* Flexible logging`
			`* Windows support that doesn't suck`
			`* DNS-over-HTTP2`
			`* Some real documentation`