A flexible DNS proxy with support for modern encrypted DNS protocols, including DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt, and ODoH (Oblivious DoH).
This is a fork of d3cim’s original Magisk module - https://github.com/d3cim/dnscrypt-proxy-android.
Up-to-date, pre-built binaries for:
- arm
- arm64
- x86
- x86_64
All binary files are downloaded directly from the official release page.
- Download the latest
dnscrypt-proxy-android-revived-*.zipfrom the Releases page. - Flash it via:
Magisk > Modules > Install from storage > dnscrypt-proxy-android-revived-*.zip
- Reboot your device.
- Test your DNS at DNS Leak Test or DNSCheck.
This module comes with my own configuration out of the box and uses Anonymized DNS. Feel free to customize it as you want.
Changes:
server_names = ['quad9-dnscrypt-ip4-filter-pri', 'scaleway-fr', 'scaleway-ams']- You don't need many servers here, use a few you like instead.listen_addresses = ['127.0.0.1:5354']- Avoid conflicts while tethering.doh_servers = false- Since I'm using DNSCrypt v2 instead of DoH.require_dnssec = true- Always have this enabled. It verifies the authenticity of your DNS queries, but your server has to support it too.require_nofilter = false- Why wouldn't you want a filter?log_file = 'dnscrypt-proxy.log'log_file_latest = truednscrypt_ephemeral_keys = trueblock_ipv6 = true- Prevents IPv6 leaks if you're using IPv4 only.blocked_names_file = 'blocked-names.txt'log_file = 'blocked-names.log'blocked_ips_file = 'blocked-ips.txt'log_file = 'blocked-ips.log'allowed_names_file = 'allowed-names.txt'log_file = 'allowed-names.log'allowed_ips_file = 'allowed-ips.txt'log_file = 'allowed-ips.log'server_name='*',via=['anon-cs-ch', 'anon-scaleway-ams', 'anon-scaleway']- Anonymized DNS.'*'inserver_name=is a wildcard.skip_incompatible = truedirect_cert_fallback = false
Do not change
listen_addresses,bootstrap_resolversandnetprobe_address, as that would break functionality.
IPv6 is blocked by default (
block_ipv6 = true) to prevent DNS leaks. Only change this if you know what you're doing.
You can customize dnscrypt-proxy by editing thednscrypt-proxy.toml file located in:
storage/emulated/0/dnscrypt-proxy
For more detailed configuration options, see the official documentation.
Filters are a powerful set of built-in features that let you control exactly which domain names and IP addresses your applications can connect to, and when.
You can use them to block ads, trackers, malware, or anything you don’t want your applications to load—or your devices to “phone home” to.
For more information, see the official documentation.
- This module comes with
allowed-ips,allowed-names,blocked-ips, andblocked-namesenabled by default, hence the files inside the dnscrypt-proxy folder. They are required for thednscrypt-proxyservice to work. - The filter files are empty by default except for
blocked-ips.txt, which includes DNS rebinding protection. Some useful information:
Note: Some applications like Plex require rebinding protection to be disabled for local clients to be detected correctly. Instead of disabling it globally, you can allow the relevant domain(s). In the case of Plex, add
plex.directtoallowed-names.txt. Captive portal domains which resolve to private addresses can also be allowed in the same way.
- In this configuration, each filter also generates a corresponding
.logfile. You can disable logging indnscrypt-proxy.toml.
- For a full list of changes, see CHANGELOG.md.
This module's version corresponds to the official dnscrypt-proxy's versioning.
This project would not have existed without the amazing work of:
- Frank Denis and all dnscrypt-proxy contributors for the original project.
- John Wu and all Magisk contributors for Magisk.
- d3cim and the dnscrypt-proxy-android contributors for the module this project is based on.
- Affif Mukhlashin and his contributors for the original Magisk module.