Home

The net/dnscrypt-proxy port

dnscrypt-proxy-2.1.7 – flexible DNS proxy with support for encrypted DNS protocols (cvsweb github mirror)

Description

dnscrypt-proxy is a flexible DNS proxy, with support for modern
encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized
DNSCrypt and ODoH (Oblivious DoH), and features:

- DNS traffic encryption and authentication. Supports DNS-over-HTTPS
  (DoH) using TLS 1.3 and QUIC, DNSCrypt, Anonymized DNS and ODoH
- Client IP addresses can be hidden using Tor, SOCKS proxies or
  Anonymized DNS relays
- DNS query monitoring, with separate log files for regular and
  suspicious queries
- Filtering: block ads, malware, and other unwanted content.
  Compatible with all DNS services
- Time-based filtering, with a flexible weekly schedule
- Transparent redirection of specific domains to specific resolvers
- DNS caching, to reduce latency and improve privacy
- Local IPv6 blocking to reduce latency on IPv4-only networks
- Load balancing: pick a set of resolvers, dnscrypt-proxy will
  automatically measure and keep track of their speed, and balance
  the traffic across the fastest available ones.
- Cloaking: like a HOSTS file on steroids, that can return preconfigured
  addresses for specific names, or resolve and return the IP address
  of other names. This can be used for local development as well
  as to enforce safe search results on Google, Yahoo, DuckDuckGo
  and Bing
- Automatic background updates of resolvers lists
- Can force outgoing connections to use TCP
- Compatible with DNSSEC
- Includes a local DoH server in order to support ECH (ESNI)
WWW: https://dnscrypt.info/

Readme

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

dnscrypt-proxy listens for DNS queries on a local address and forwards
them to a DNSCrypt resolver over an encrypted channel.

To use this package, several things are required.

Customizing dnscrypt-proxy.toml
===============================

Ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs.

Resolvers
---------
Uncomment 'server_names' to have a smaller set of public resolvers to be used
for load balancing. If this line is commented, all registered servers matching
the require_* filters will be used for load balancing. Refer to
${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md for a list of all public
resolvers.

Load balancing strategy
-----------------------
Note the load balancing strategy, controlled by 'lb_strategy'. It can be
set to one of the following values:
  - 'first' (always pick the fastest server in the list)
  - 'p2' (randomly choose between the top two fastest servers)
  - 'ph' (randomly choose between the top fastest half of all servers)
  - 'random' (just pick any random server from the list)

'p2' is the default option. For more information, see
https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options

Logging
-------
Logging is disabled by default.

To log to ${LOCALSTATEDIR}/log/messages:
log_level = 2
use_syslog = true

To log to a custom file:
log_level = 2
log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log'

Daemon
======

Start the daemon:

# rcctl enable dnscrypt_proxy
# rcctl start dnscrypt_proxy

resolv.conf
===========

Managed by resolvd(8). One way is to disable it and force
${SYSCONFDIR}/resolv.conf to perform queries from dnscrypt-proxy:

nameserver 127.0.0.1
lookup file bind

For more information, see https://dnscrypt.info/

Maintainer

Nam Nguyen

Only for arches

aarch64 amd64 arm i386 riscv64

Categories

lang/go net

Build dependencies

Files

Search