A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).

• For all features please refer to the official page.

Up-to-date, pre-built binaries are available for:

• Android/arm
• Android/arm64
• Android/x86
• Android/x86_64

All the binary files are downloaded from the official release page.

• server_names = ams-dnscrypt-nl [NLD], d0wn-tz-ns1 [TZA], dct-nl [NLD], dct-ru [RUS], dnscrypt.be [BEL], dnscrypt.pl [POL], dnscrypt.uk-ipv4 [GBR], dnswarden-uncensor-dc-swiss [CHE], meganerd [NLD], openinternet [USA], plan9dns-fl [USA], plan9dns-mx [MEX], plan9dns-nj [USA], pryv8boi [DEU], sby-limotelu [IDN], scaleway-ams [NLD], scaleway-fr [FRA], serbica [NLD], techsaviours.org-dnscrypt [DEU], v.dnscrypt.uk-ipv4 [GBR] are the resolvers in use.

• doh_servers = false (disable servers implementing the DNS-over-HTTPS protocol)

• require_dnssec = true (server must support DNSSEC security extension)

• force_tcp = true (fix for mobile data intial connection random issues if routes have been set and skip_incompatible = true, see DNSCrypt/dnscrypt-proxy/discussions/2020)

• timeout = 1000 (set the max. response time of a single DNS query from 5000 to 1000 ms.)

• blocked_query_response = 'refused' (set refused response to blocked queries)

• # log_level = 0 (set the log level of the dnscrypt-proxy.log file to very verbose, but keep it disabled by default)

• dnscrypt_ephemeral_keys = true (create a new, unique key for every single DNS query)

• bootstrap_resolvers = ['45.11.45.11:53'] (use DNS.SB instead CloudFlare)

• netprobe_address = '45.11.45.11:53' (use DNS.SB instead CloudFlare)

• block_ipv6 = true (immediately respond to IPv6-related queries with an empty response)

• blocked-names.txt, blocked-ips.txt, allowed-names.txt and allowed-ips.txt files enabled. (to know more specifics about this, please refer to the Filters (optional) section below)

• anonymized_dns feature enabled. (routes are indirect ways to reach DNSCrypt servers, each resolver has 2 relays assigned)

• skip_incompatible = true (skip resolvers incompatible with anonymization instead of using them directly)

• direct_cert_fallback = false (prevent direct connections through the resolvers for failed certificate retrieved via relay)

1. Download the latest dnscrypt-proxy-android-*.zip file from the Releases page and flash it with Magisk:

Magisk > Modules > Install from storage > dnscrypt-proxy-android-*.zip

2. Reboot your device.

3. Test your DNS at https://dnsleaktest.com/

You can edit the dnscrypt-proxy.toml file as you wish located on storage/emulated/0/dnscrypt-proxy path.

For a more detailed configuration you can refer to the official documentation or simply join our group on Telegram, at dnscrypt-proxy-android | CHAT.

Filters are a powerful set of built-in features, that let you control exactly what domain names and IP addresses your device are allowed to connect to. This can be used to block ads, trackers, malware, or anything you don't want your device to load.

This module comes with the filtering feature enabled by default, that's why you can see files designed for this operation inside the internal folder. Out of the box these files are empty and are used only to ensure the correct start of dnscrypt-proxy service.
To know more about it you can consult the official documentation, or in a simpler way through my block repository.

I'm also providing the allowed-names.txt and blocked-names.txt files regularly updated at dnscrypt-proxy-filters | CHANNEL. The sources used for this merge are among the hardest on the web.

You can contribute to this blocklist at anytime, opening a New Issue here or simply reporting the issue at dnscrypt-proxy-filters | CHAT on Telegram.

• See CHANGELOG.

dnscrypt-proxy-android tags follow the format {dnscrypt-proxy_version}.{revision} where

• dnscrypt-proxy_version is the version of dnscrypt-proxy used in x.x.x format, and
• revision is a number indicating the version of dnscrypt-proxy-android for the corresponding dnscrypt-proxy version.

• BTC address: 126Y2BJQyPq8CHAaFMCyVH5QcbSViQz89e
• ETH address: 0x16b917Bb585D2411b9c9C81b03de72471f3f072F
• XMR address: 41jXybL88etPg1nGuPsMZbFSzKzbXYat4Xak3QssPy7LNs4VBWXDxbhjSdtLJDA138cx7cTq8JhFoiTTVLhWrTNAUywgGFD

• Frank Denis and his contributors for the upstream code.
• Affif Mukhlashin and his contributors for the very first module.
• John Wu and his contributors for Magisk.