Some features I wrote, but I think it's not enough to feed back upstream.
THere is:
-
Add domain with a prefix of symbol (!) to forwarding-rules,it instructs the query domain will be forwarded to dns when the query name not match the config domain。We call it 'NonPattern-forwarding'
There is Some Tips:
- the feature are a lower priority,it instructs if the origin forwarding-rules match,the feature will be useless
- If there are several 'NonPattern-forwarding',the query domain will be forwarded only itn't match all config domain.And the selected dns is random every time.
the forwarding-rules file like that:
baidu.com 114.114.114.114 456.com 114.114.114.114 !123.com 114.114.114.114 !456.com 8.8.8.8 !789.com 1.1.1.1the forwarding result:
queryname: baidu.com result: forward-114.114.114.114 (because it match origin rule) queryname: 123.com result: noforward (because it not macth 'NonPattern-forwarding') queryname: 111.com reuslt: forward-random of ['114.114.114.114','8.8.8.8','1.1.1.1'] (because it match 'NonPattern-forwarding') queryname: 789.com result: noforward (because it not macth 'NonPattern-forwarding') queryname: 456.com result: forward-114.114.114.114 (because it macth origin rule ,and origin rule is priority)
A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).
- dnscrypt-proxy documentation ← Start here
- DNSCrypt project home page
- Discussions
- DNS-over-HTTPS and DNSCrypt resolvers
- Server and client implementations
- DNS stamps
- FAQ
Available as source code and pre-built binaries for most operating systems and architectures (see below).
- DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
- Client IP addresses can be hidden using Tor, SOCKS proxies or Anonymized DNS relays
- DNS query monitoring, with separate log files for regular and suspicious queries
- Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
- Time-based filtering, with a flexible weekly schedule
- Transparent redirection of specific domains to specific resolvers
- DNS caching, to reduce latency and improve privacy
- Local IPv6 blocking to reduce latency on IPv4-only networks
- Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
- Cloaking: like a
HOSTSfile on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo, DuckDuckGo and Bing - Automatic background updates of resolvers lists
- Can force outgoing connections to use TCP
- Compatible with DNSSEC
- Includes a local DoH server in order to support ECH (ESNI)
Up-to-date, pre-built binaries are available for:
- Android/arm
- Android/arm64
- Android/x86
- Android/x86_64
- Dragonfly BSD
- FreeBSD/arm
- FreeBSD/x86
- FreeBSD/x86_64
- Linux/arm
- Linux/arm64
- Linux/mips
- Linux/mipsle
- Linux/mips64
- Linux/mips64le
- Linux/x86
- Linux/x86_64
- macOS/arm64
- macOS/x86_64
- NetBSD/x86
- NetBSD/x86_64
- OpenBSD/x86
- OpenBSD/x86_64
- Windows
- Windows 64 bit
How to use these files, as well as how to verify their signatures, are documented in the installation instructions.
This project exists thanks to all the people who contribute.
Become a financial contributor and help us sustain our community. [Contribute]
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]
