A tool for securing communications between a client and a DNS resolver
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder,
encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server,
by default Cisco who run this on their resolvers. (It used to be OpenDNS.)
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to
DNSCurve, but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point
of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
- Links to server:dns / dnscrypt-proxy
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:X0F:branches:network/dnscrypt-proxy2 && cd $_ - Create Badge
Refresh
Refresh
Source Files (show unmerged sources)
| Filename | Size | Changed |
|---|---|---|
| README.openSUSE | 0000004178 4.08 KB | |
| dnscrypt-proxy-2.1.5.tar.gz | 0004065395 3.88 MB | |
| dnscrypt-proxy-resolvconf.service | 0000000856 856 Bytes | |
| dnscrypt-proxy.changes | 0000020838 20.3 KB | |
| dnscrypt-proxy.service | 0000000879 879 Bytes | |
| dnscrypt-proxy.socket | 0000000647 647 Bytes | |
| dnscrypt-proxy.socket.conf | 0000000220 220 Bytes | |
| dnscrypt-proxy.spec | 0000006773 6.61 KB | |
| dnscrypt-user.conf | 0000000174 174 Bytes | |
| example-dnscrypt-proxy.toml.sed | 0000003143 3.07 KB |
Latest Revision
Sergey Kondakov (X0F)
committed
(revision 6)
- Added optional resolvconf support via systemd unit.
- Minimum golang version now at 1.15
- Include 'notice' and 'patents' files of vendored packages.
- Paths and hints in configuration file adjusted and added.
- Update to version 2.0.45
* Configuration changes (to be required in versions 2.1.x):
- [blacklist] has been renamed to [blocked_names]
- [ip_blacklist] has been renamed to [blocked_ips]
- [whitelist] has been renamed to [allowed_names]
- generate-domains-blacklist.py has been renamed to
generate-domains-blocklist.py, and the configuration files
have been renamed as well.
* dnscrypt-proxy -resolve has been completely revamped, and now
requires the configuration file to be accessible. It will send
a query to an IP address of the dnscrypt-proxy server by default.
Sending queries to arbitrary servers is also supported with the
new -resolve name,address syntax.
* Relay lists can be set to * for automatic relay selection.
When a wildcard is used, either for the list of servers or relays,
the proxy ensures that relays and servers are on distinct networks.
* Lying resolvers are detected and reported.
* New return code: NOT_READY for queries received before the proxy
has been initialized.
* Server lists can't be older than a week any more, even if directory
permissions are incorrect and cache files cannot be written.
* New feature: allowed_ips, to configure a set of IP addresses to never
block no matter what DNS name resolves to them.
* Hard-coded IP addresses can be immediately returned for test queries
Comments 0