(Discontinued) This project is suspended but pull requests are still accepted. I hope I'll be able to work on it at a later time. - RandomDNS makes DNS secure. It's based on DNSCrypt but we've added a bunch of new cool features.
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.



RandomDNS aims to improve the security, privacy and anonymity of DNSCrypt. It can randomize the server choice at runtime and can rotate it frequently.

What is DNSCrypt?

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.

More informations at https://dnscrypt.org/

Features of RandomDNS

  • Randomize the provider at runtime
  • Use (-E)phemeral keys option
  • Securely run DNSCrypt proxy by verifying its hash, copying it in /tmp dir with restricted permissions and launching it as "nobody" user (if reverse proxy is enabled)
  • Watch the proxy process and relaunch it if it dies
  • Can run multiple instances of DNSCrypt and load balance the traffic (EdgeDNS)
  • Have in-memory caching of DNS requests along with Consistent Hashing (EdgeDNS)
  • Can filter the server list by protocols, country and much more
  • Rotate the server with a defined time (default: 10 minutes)
  • Support DNSSEC (EdgeDNS)

How to use it

  1. Update Brew: brew update && brew upgrade
  2. Install DNSCrypt + Node + NPM: brew install dnscrypt-proxy node npm
  3. Download and run RandomDNS: npm install -g randomdns && sudo DEBUG=* randomdns
  4. Set your DNS settings to


      ___               __           ___  _  ______
     / _ \___ ____  ___/ /__  __ _  / _ \/ |/ / __/
    / , _/ _ `/ _ \/ _  / _ \/  ' \/ // /    /\ \  

     Usage: run [options] [file]


       -h, --help                              output usage information
       -V, --version                           output the version number
       -L, --listenOn [string]                 Listen on a specific interface/port [default:]
       -R, --rotationTime [int]                Define the time to wait before rotating the server (in seconds) [default: 600 seconds]
       -P, --reverseProxy [bool]               Enable EdgeDNS reverse proxy [default: false]
       --reverseProxyChildStartPort [int]      Where childrens (dnscrypt-proxy processes) should start incrementing the port? (will work only if reverseProxy is enabled) [default: 51000]
       -T, --threads [int]                     Number of childs to spawn, set to 1 to disable load balacing (will work only if reverseProxy is enabled) [default: 4]
       -F, --filters [string]                  Use filters [default: IPv6=false;]
       --filters-help                          Get full list of available filters.
       -b, --binaryDNSCryptFile [string]       Use custom DNSCrypt binary, will not work until --binaryDNSCryptFileSignature is changed.
       --binaryDNSCryptFileSignature [string]  SHA512 hash of the DNSCrypt binary.
       -b, --binaryEdgeDNSFile [string]        Use custom EdgeDNS binary, will not work until --binaryEdgeDNSFileSignature is changed.
       --binaryEdgeDNSFileSignature [string]   SHA512 hash of the EdgeDNS binary.
       -r, --resolverListFile [string]         Use custom DNSCrypt resolver list file, will not work until --resolverListFileSignature is changed.
       --resolverListFileSignature [string]    SHA512 hash of the DNSCrypt resolver list file.