miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Un cache-proxy DNS con supporto a DoH, DNSCrypt e Anonymized DNSCrypt https://dnscrypt.info/
117 Commits 7 Branches 89 Tags 61 MiB
Go 90.2%
Shell 5.5%
Python 3.2%
Batchfile 0.9%
Dockerfile 0.2%
Go to file
Frank Denis 9f8bce28a4 Fix forwarding of subdomains 2018-01-17 16:16:22 +01:00
dnscrypt-proxy Fix forwarding of subdomains 2018-01-17 16:16:22 +01:00
utils/generate-domains-blacklists Import the generate-domains-blacklists tool 2018-01-17 15:28:07 +01:00
vendor Support installation as a service 2018-01-17 11:28:43 +01:00
.gitignore Switch from glide to dep. Check in vendor/ 2018-01-11 13:39:18 -08:00
.travis.yml Simplify the forwarding syntax 2018-01-17 16:06:30 +01:00
Gopkg.lock Support installation as a service 2018-01-17 11:28:43 +01:00
Gopkg.toml Support installation as a service 2018-01-17 11:28:43 +01:00
LICENSE ISC license 2018-01-13 00:22:21 +01:00
README.md Clarify that these are not the same 2018-01-17 12:41:31 +01:00
logo.png crop 2018-01-10 23:58:54 +01:00

README.md

Build Status

dnscrypt-proxy 2

A modern client implementation of the DNSCrypt protocol.

dnscrypt-proxy 2.0.0alpha9 is available for download!

Current status/features

Features dnscrypt-proxy 1.x dnscrypt-proxy 2.x
Status Old PoC, barely maintained any more Very new, but quickly evolving
Code quality Big ugly mess Readable, easy to work on
Reliability Poor, due to completely broken handling of edge cases Excellent
Security Written in C, bundles patched versions from old branches of system libraries Written in standard and portable Go
Dependencies Specific versions of dnscrypt-proxy, libldns and libtool None
Upstream connections using TCP Catastrophic, requires client retries Implemented as anyone would expect, works well with TOR
XChaCha20 support Only if compiled with recent versions of libsodium Yes, always available
Support of links with small MTU Unreliable due to completely broken padding Reliable, properly implemented
Support for multiple servers Nonexistent Yes, with automatic failover and load-balancing
Custom additions C API, requires libldns for sanity Simple Go structures using miekg/dns
AAAA blocking for IPv4-only networks Yes Yes
DNS caching Yes, with ugly hacks for DNSSEC support Yes, without ugly hacks
EDNS support Broken with custom records Yes
Asynchronous filters Lol, no, filters block everything Of course, thanks to Go
Session-local storage for extensions Impossible Yes
Multicore support Nonexistent Yes, thanks to Go
Efficient padding of queries Couldn't be any worse Yes
Multiple local sockets Impossible Of course. IPv4, IPv6, as many as you like
Automatically picks the fastest servers Lol, it supports only one at a time, anyway Yes, out of the box
Official, always up-to-date pre-built libraries None Yes, for many platforms. See below.
Automatically downloads and verifies servers lists No. Requires custom scripts, cron jobs and dependencies (minisign) Yes, built-in, including signature verification
Advanced expressions in blacklists (ads*.example[0-9]*.com) No Yes
Forwarding with load balancing No Yes
Built-in system installer Only on Windows Install/uninstall/start/stop/restart as a service on Windows, Linux/(systemd,Upstart,SysV), and macOS/launchd

Planned features

  • New super simple (to copy&paste), extensible format for servers parameters: "stamps"
  • Offline responses
  • Local DNSSEC validation
  • Flexible logging
  • Windows support that doesn't suck
  • DNS-over-HTTPS (DoH), the successor to DNS-over-TLS
  • Support for the V1 plugin API
  • Some real documentation

Pre-built binaries

Up-to-date, pre-built binaries are available for:

  • Dragonfly BSD
  • FreeBSD/x86
  • FreeBSD/x86_64
  • Linux/arm
  • Linux/arm64
  • Linux/mips
  • Linux/mips64
  • Linux/mips64le
  • Linux/x86
  • Linux/x86_64
  • MacOS X
  • NetBSD/x86
  • NetBSD/x86_64
  • OpenBSD/x86
  • OpenBSD/x86_64
  • Windows
  • Windows 64 bit