Skip to content
DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
Branch: master
Clone or download
jaromil Merge pull request #6 from jedisct1/v4inv6-fix
Fix the IPv4-in-IPv6-in-AAAA vulnerability
Latest commit f61ca76 Nov 22, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
contrib generate-domains-blacklist : allow url entries to fail (#750) Jan 7, 2018
dist-build Android: use PLATFORM 16 by default, don't bother with compat for API 21 May 20, 2017
man 1.9.5 May 6, 2017
test Use a random resolver in the tests Jan 21, 2017
.gitignore Ignore *.exe Jan 21, 2017 Remove cd.. leftover Jan 21, 2017
.travis.yml Travis is too slow :( Jan 28, 2017
AUTHORS Correct URL for libevent Jul 12, 2015
COPYING 2017 Dec 31, 2016
ChangeLog Update ChangeLog Jan 7, 2018
DNSCRYPT-V2-PROTOCOL.txt + unbound Jun 16, 2017 Mingw64 (#718) Jan 7, 2018
NEWS 1.9.5 May 6, 2017
README Initial public release. Dec 6, 2011
README-PLUGINS.markdown Doc update Dec 23, 2016
README-WINDOWS.markdown Fix WINDOWS instructions May 26, 2017
README-iOS.markdown Doc update Dec 23, 2016
README.markdown Typo fix Feb 22, 2018
THANKS Improve Android package Aug 5, 2015
apparmor.profile.dnscrypt-proxy /etc/dnscrypt-proxy.conf is probably required in the apparmor profile Dec 28, 2016 Actually run pkg-config and autoreconf Dec 31, 2016 Mingw64 (#718) Jan 7, 2018
dnscrypt-proxy.conf Explain that PID will require an additional process Jan 7, 2018 Install examples in @DocDir@, create systemd files from templates Jan 20, 2017
dnscrypt-proxy.socket Remove dependency from dnscrypt-proxy.socket Aug 17, 2015
dnscrypt-resolvers.csv d0wn-dk-ns1 is down Jan 7, 2018
dnscrypt-resolvers.csv.minisig sign Jan 7, 2018
dnscrypt-resolvers.csv.sig sign Jan 7, 2018
dnscrypt-small.png Add a logo Aug 4, 2015
dnscrypt.png Add high resolution version of the dnscrypt logo Aug 4, 2015 + Jul 18, 2015 Generate org.dnscrypt.osx.DNSCryptProxy.plist from a template Jan 20, 2017



Build Status

Status of the project

This project was taken offline by its creator and maintainer Frank Denis on the 6th December 2017, after announcing in November 2017 that the project needs a new maintainer.

The old webpage now points to a new domain, endorsing the usage of competing protocol "DNS-over-TLS" and competing software in particular the "getdns" library and an immature implementation that could substitute dnscrypt-proxy, called "stubby".

The new website also links a critical analysis of DNSCrypt vs DNS-over-TLS protocols by a company marketing their own open-source Android web browser and offering a new DNS resolver implemented in Go.

While this sounds all very new and exciting to us, at we already rely on DNSCrypt-proxy for our project and are intentioned to maintain this software unless a viable and mature alternative arises, supporting our application of it in Dowse.

We intend to maintain the DNSCrypt-proxy codebase without the intention of adding any new features, just patch bugs. We are also available to archive older versions and setup the website and the wiki, if we are given these archives. Frank Denis: if you are reading this please contact us on It won't take long and we are happy to keep your project alive, many thanks for all the fish so far!

Anyone running a DNSCrypt server, interested in the future of this software, willing to share more insights or wanting to help with development and documentation: be welcome to join our dnscrypt mailinglist where we are setting up a campfire for all of us to make a sustainable plan and take collectively informed decisions.

What is DNSCrypt

DNSCrypt is a protocol for securing communications between a client and a DNS resolver, using high-speed high-security elliptic-curve cryptography.

While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.

dnscrypt-proxy is a client-implementation of the protocol. It requires a DNS server available via the DNSCrypt wrapper to function. A number of public DNSCrypt servers are already available.


Aside from implementing the protocol, dnscrypt-proxy can be extended with plug-ins, and gives a lot of control on the local DNS traffic:

  • Review the DNS traffic originating from your network in real time, and detect compromised hosts and applications phoning home.
  • Locally block ads, trackers, malware, spam, and any website whose domain names or IP addresses match a set of rules you define.
  • Prevent queries for local zones from being leaked.
  • Reduce latency by caching resposes and avoiding requesting IPv6 addresses on IPv4-only networks.
  • Force traffic to use TCP, to route it through TCP-only tunnels or Tor.
You can’t perform that action at this time.