anti-pollution DNS server
Switch branches/tags
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.docker Update DNCCrypt argument `--show-provider-publickey` Sep 18, 2018
Dockerfile Update base image smartentry/alpine:3.8-0.4.1 Jul 21, 2018
LICENSE LICENSE: fix location Dec 7, 2016 Update Jul 21, 2018

Neat DNS

an anti-pollution DNS server

Including the following software:

  • bind
  • dnscrypt-wrapper
  • collectd


docker run -itd \
	--name=neatdns \
	-p 53:53/tcp \
	-p 53:53/udp \
	-p 443:443/tcp \
	-p 443:443/udp \
	-v $DNSCRYPT_KEY_PATH:/srv/dnscrypt-wrapper \
	-e \
	--cap-add=NET_ADMIN \

P.S. you should install docker first.

Available environment variables:

Name Implication Default Value
GLOBAL_DNS1 preferred DNS server to resolve non-China website
GLOBAL_DNS2 alternate DNS server to resolve non-China website
CHINA_DNS1 preferred DNS server to resolve China website
CHINA_DNS2 alternate DNS server to resolve China website
DNSCRYPT_ON auto-start DNSCrypt daemon true
DNSCRYPT_PROVIDER DNSCrypt provider name
COLLECTD_ON auto-start collectd false
COLLECTD_HOSTNAME hostname defined in collectd.conf neatdns
INFLUXDB_HOST remote influxDB host influxdb
INFLUXDB_PORT remote influxDB port 25826
FAIL2BAN_ON auto-start fail2ban true

DNSCrypt Client Usage

Please get your own DNSCrypt fingerprint first:

$ cat $DNSCRYPT_KEY_PATH/fingerprint
Provider public key fingerprint : 4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191

ATTENTION: It would show a different fingerprint, please replace the fingerprint below with your own one.

Then, run dnscrypt-proxy on the client side, for example:

dnscrypt-proxy --local-address= --resolver-address=$DNS_SERVER:443 --provider-key=4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191

NOTE: You need to replace $DNS_SERVER with your server IP address.