📡 🚓 DNS Proxy daemon to tunnel DNS requests via SOCKS proxies
Clone or download
Pull request Compare This branch is 10 commits ahead of jtripper:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


DNS SOCKS Proxy (dns-proxy)

This is a downstream fork of jtripper/dns-tcp-socks-proxy and tries to keep this project maintained and the package on AUR up-to-date.

This simple DNS Socks Proxy allows to tunnel DNS requests via a SOCKS proxy (e.g. a local TOR proxy daemon).

It will choose a random DNS server for each request from the file resolv.conf when it contains more than one DNS server.

Example resolv.conf:

# Cloudflare Public DNS

# Google Public DNS

# IPv6 currently unsupported :(
# nameserver 2001:4860:4860::8888
# nameserver 2001:4860:4860::8844


The daemon must be run as root in order to bind to port 53.

Usage: ./dns-proxy [options]

With no parameters, the configuration file is read from 'dns-proxy.conf'.

* -n          -- No configuration file (socks:, listener:
* -h          -- Print this message and exit.
* config_file -- Read from specified configuration file.


 dns-proxy -n;
 dns-proxy /path/to/dns-proxy.conf;


The configuration file format may contain any of the below lines, whereas the defaults are incrementally overridden with the values given in the custom dns-proxy.conf file (which is given via the dns-proxy <path/to/dns-proxy.conf> usage).

Lines that start with # are ignored and not interpreted, so you can use them to comment out settings.

#                    -- comment
socks_addr           -- socks listener address
socks_port           -- socks listener port
listen_addr          -- address for the dns proxy to listen on
listen_port          -- port for the dns proxy to listen on (most cases 53)
set_user             -- username to drop to after binding
set_group            -- group to drop to after binding
resolv_conf          -- location of resolv.conf file to read from
rewrite_resolve_conf -- toggles whether or not to rewrite resolv.conf
log_file             -- location to log to (should be /dev/null unless debugging).

The dns-proxy.conf defaults:

# example comment
socks_addr          =
socks_port          = 9050
listen_addr         =
listen_port         = 53
set_user            = nobody
set_group           = nobody
resolv_conf         = resolv.conf
rewrite_resolv_conf = false
log_file            = /dev/null


On Arch linux, the dns proxy can be installed from the AUR at: https://aur.archlinux.org/packages/dns-proxy-git.

git clone https://aur.archlinux.org/packages/dns-proxy-git;

cd dns-proxy-git;

cd ./package/arch-linux;
makepkg -s;
sudo pacman -U dns-proxy-*.pkg.tar.xz;

# edit /etc/dns-proxy/dns-proxy.conf as necessary
sudo systemctl start dns-proxy

# enable autostart on bootup
sudo systemctl enable dns-proxy

On other distributions:

git clone https://github.com/cookiengineer/dns-proxy.git;

cd dns-proxy;


# edit dns-proxy.conf as necessary

After running the daemon, the system should be configured to use the proxy automatically if the rewrite_resolv_conf flag was set to true.


The DNS TCP Socks Proxy is licensed under GPL2.


  • jtRIPper 2012 (creator)
  • @ehrhardt (bugfix contributor)
  • @lilydjwg (bugfix contributor)
  • Brock Noland (bugfix contributor)
  • @thuovila (bugfix contributor)
  • @cookiengineer 2018+ (maintainer)