dnscrypt-proxy 2

A client implementation of the DNSCrypt protocol.

Current status/features

Features	dnscrypt-proxy 1.x	dnscrypt-proxy 2.x
Status	Old PoC, barely maintained any more	Very new, but quickly evolving
Code quality	Big ugly mess	Readable, easy to work on
Reliability	Poor, due to completely broken handling of edge cases	Excellent
Security	Written in C, using patched system libraries	Written in standard and portable Go
Dependencies	Specific versions of libsodium, libldns and libtool	None
Upstream connections using TCP	Catastrophic, requires client retries	Implemented as anyone would expect
Support of links with small MSS	Unreliable due to completely broken padding	Reliable, carefully implemented
Support for multiple servers	Nonexistent	Yes, with automatic failover and load-balancing
Custom additions	C API, requiers libldns for sanity	Clean Go structures using miekg/dns
AAAA blocking	Yes	Yes
DNS caching	Yes, with ugly hacks for DNSSEC support	Yes, without ugly hacks
EDNS support	Broken with custom records	Yes
Asynchronous filters	Lol, no they block everything	Of course, thanks to Go
Session-local storage for extensions	Impossible	Yes
Multicore support	Nonexistent	Yes, thanks to Go
Efficient padding of queries	Couldn't be any worse	Yes
Multiple local sockets	Impossible	Of course
Automatically picks the fastest servers	Lol, it supports only one at a time, anyway	Yes, out of the box

Planned features

• New super simple (to copy&paste), extensible format for servers parameters: "stamps"
• Automatic updates
• Filtering with regexes
• Offline responses
• Local DNSSEC validation
• Flexible logging
• Windows support that doesn't suck
• DNS-over-HTTP2
• Some real documentation