Skip to content

DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)

License

Notifications You must be signed in to change notification settings

dyne/dnscrypt-proxy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

7bb60e8 · Mar 28, 2024
Jan 7, 2018
May 20, 2017
May 7, 2017
May 6, 2017
Jan 21, 2018
Jul 26, 2019
Jan 21, 2017
Jan 21, 2017
Jan 28, 2017
Jul 12, 2015
Dec 31, 2016
Jan 7, 2018
Jun 16, 2017
Aug 20, 2019
May 6, 2017
Dec 6, 2011
Dec 23, 2016
May 26, 2017
Dec 23, 2016
Mar 28, 2024
Aug 5, 2015
Dec 28, 2016
Dec 31, 2016
Aug 20, 2019
Jan 7, 2018
Jan 20, 2017
Aug 17, 2015
Mar 26, 2024
Jan 7, 2018
Jan 7, 2018
Aug 4, 2015
Aug 4, 2015
Jul 18, 2015
Jan 20, 2017

Repository files navigation

image

Status of the project

The DNScrypt v2 C++ implementation was taken offline by its creator and maintainer Frank Denis on the 6th December 2017, after announcing in November 2017 that the project needs a new maintainer.

The dnscrypt.org webpage lists a good number of end-user resources built from a new implementation written in Go.

At Dyne.org we rely on the v2 of the DNScrypt protocol and this older but still working C++ implementation of dnscrypt-proxy for our Dowse.eu project and we keep maintaining the C++ implementation of dnscrypt-proxy.

What is DNSCrypt

DNSCrypt is a protocol for securing communications between a client and a DNS resolver, using high-speed high-security elliptic-curve cryptography.

While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.

dnscrypt-proxy is a client-implementation of the protocol. It requires a DNS server made available by the DNSCrypt project.

Plugins

Aside from implementing the DNSCrypt v2 protocol, the C++ dnscrypt-proxy can be extended with plug-ins, and gives a lot of control on the local DNS traffic:

  • Provide nifty real-time traffic visualization using the Dowse plugin.
  • Review the DNS traffic originating from your network in real time, and detect compromised hosts and applications phoning home.
  • Locally block ads, trackers, malware, spam, and any website whose domain names or IP addresses match a set of rules you define.
  • Prevent queries for local zones from being leaked.
  • Reduce latency by caching resposes and avoiding requesting IPv6 addresses on IPv4-only networks.
  • Force traffic to use TCP, to route it through TCP-only tunnels or Tor.