GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jedisct1 → Encrypted Dns Server

jedisct1 / Encrypted Dns Server

Licence: mit
An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.

Programming Languages

rust
11053 projects

Labels

proxyserverprivacydnsdnscrypt

Projects that are alternatives of or similar to Encrypted Dns Server

Doh Server
Fast, mature, secure DoH server proxy written in Rust (doh-proxy).
Stars: ✭ 327 (-17.84%)
Mutual labels:  proxy, server, dns, dnscrypt
Dnscrypt Menu
Manage DNSCrypt from the macOS menu bar (BitBar plugin)
Stars: ✭ 59 (-85.18%)
Mutual labels:  dns, privacy, dnscrypt
Dnsproxy
Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
Stars: ✭ 683 (+71.61%)
Mutual labels:  proxy, dns, dnscrypt
dns-resolver-infra
Privacy DNS infrastructure
Stars: ✭ 39 (-90.2%)
Mutual labels:  dns, privacy, dnscrypt
Webrtc Leak Prevent
Prevent WebRTC leaks in Chromium browsers.
Stars: ✭ 182 (-54.27%)
Mutual labels:  proxy, privacy
Dnsproxy
防 DNS 缓存污染,兼顾查询质量与速度
Stars: ✭ 177 (-55.53%)
Mutual labels:  proxy, dns
Ptorx
📩🛡 Email privacy. Anonymously send and receive with alias forwarding.
Stars: ✭ 187 (-53.02%)
Mutual labels:  proxy, privacy
Twist
A light script for you to setup shadowsocks-libev server with high-speed connections and newest powerful features
Stars: ✭ 229 (-42.46%)
Mutual labels:  proxy, server
Vpngate With Proxy
vpn gate client for linux, be able to connect to open vpn server through proxy
Stars: ✭ 150 (-62.31%)
Mutual labels:  proxy, dns
Tor Socks Proxy
🐳 Tiny Docker(🤏 10MB) image as 🧅 Tor SOCKS5 proxy 🛡
Stars: ✭ 218 (-45.23%)
Mutual labels:  proxy, privacy
Chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (-42.21%)
Mutual labels:  proxy, dns
Macos Openvpn Server
macOS OpenVPN Server and Client Configuration (OpenVPN, Tunnelblick, PF)
Stars: ✭ 172 (-56.78%)
Mutual labels:  proxy, privacy
Psiphon
A multi-functional version of a popular network circumvention tool
Stars: ✭ 169 (-57.54%)
Mutual labels:  proxy, server
Quarry
Python library that implements the Minecraft network protocol and data types
Stars: ✭ 182 (-54.27%)
Mutual labels:  proxy, server
Gophertunnel
Toolbox for Minecraft software written in Go
Stars: ✭ 156 (-60.8%)
Mutual labels:  proxy, server
Proxybroker
Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS 🎭
Stars: ✭ 2,767 (+595.23%)
Mutual labels:  proxy, privacy
powerdns
PowerDNS dnsdist, recursor, authoritative, and admin interface. Supports DNSCrypt, DoH, and DoT.
Stars: ✭ 35 (-91.21%)
Mutual labels:  dns, dnscrypt
encrypted-dns-server
An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.
Stars: ✭ 566 (+42.21%)
Mutual labels:  dns, dnscrypt
whisperer
Simple Go program that makes HTTP request constantly in order to generate random HTTP/DNS traffic noise
Stars: ✭ 31 (-92.21%)
Mutual labels:  dns, privacy
Quicssh
SSH over QUIC
Stars: ✭ 116 (-70.85%)
Mutual labels:  proxy, server
View All Similar Projects ➔

Encrypted DNS Server

Github CI status Gitter chat

An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.

Dashboard

Protocols

The proxy supports the following protocols:

All of these can be served simultaneously, on the same port (usually port 443). The proxy automatically detects what protocol is being used by each client.

Installation

Option 1: precompiled binary for Linux

Precompiled tarballs and Debian packages for Linux/x86_64 can be downloaded here.

Nothing else has to be installed. The server doesn't require any external dependencies.

In the Debian package, the example configuration file can be found in /usr/share/doc/encrypted-dns/.

Option 2: compilation from source code

The proxy requires rust >= 1.0.39 or rust-nightly.

Rust can installed with:

curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
source $HOME/.cargo/env

Once rust is installed, the proxy can be compiled and installed as follows:

cargo install encrypted-dns
strip ~/.cargo/bin/encrypted-dns

The executable file will be copied to ~/.cargo/bin/encrypted-dns by default.

Options 3: Docker

dnscrypt-server-docker is the most popular way to deploy an encrypted DNS server.

This Docker image that includes a caching DNS resolver, the encrypted DNS proxy, and scripts to automatically configure everything.

Setup

The proxy requires a recursive DNS resolver, such as Knot, PowerDNS or Unbound.

That resolver can run locally and only respond to 127.0.0.1. External resolvers such as Quad9 or Cloudflare DNS can also be used, but this may be less reliable due to rate limits.

In order to support DoH in addition to DNSCrypt, a DoH proxy must be running as well. rust-doh is the recommended DoH proxy server. DoH support is optional, as it is currently way more complicated to setup than DNSCrypt due to certificate management.

Make a copy of the example-encrypted-dns.toml configuration file named encrypted-dns.toml.

Then, review the encrypted-dns.toml file. This is where all the parameters can be configured, including the IP addresses to listen to.

You should probably at least change the listen_addresses and provider_name settings.

Start the proxy. It will automatically create a new provider key pair if there isn't any.

The DNS stamps are printed. They can be used directly with dnscrypt-proxy.

There is nothing else to do. Certificates are automatically generated and rotated.

Migrating from dnscrypt-wrapper

If you are currently running an encrypted DNS server using dnscrypt-wrapper, moving to the new proxy is simple:

  • Double check that the provider name in encrypted-dns.toml matches the one you previously configured. If you forgot it, it can be recovered from its DNS stamp.
  • Run encrypted-dns --import-from-dnscrypt-wrapper secret.key, with secret.key being the file with the dnscrypt-wrapper provider secret key.

Done. Your server is now running the new proxy.

Built-in DNS cache

The proxy includes a key cache, as well as a DNS cache to significantly reduce the load on upstream servers.

In addition, if a server is slow or unresponsive, expired cached queries will be returned, ensuring that popular domain names always keep being served.

State file

The proxy creates and updates a file named encrypted-dns.state by default. That file contains the provider secret key, as well as certificates and encryption keys.

Do not delete the file, unless you want to change parameters (such as the provider name), and keep it secret, or the keys will be lost.

Putting it in a directory that is only readable by the super-user is not a bad idea.

Filtering

Domains can be filtered directly by the proxy, see the [filtering] section of the configuration file.

Access control

Access control can be enabled in the [access_control] section and configured with the query_meta configuration value of dnscrypt-proxy.

Prometheus metrics

Prometheus metrics can optionally be enabled in order to monitor performance, cache efficiency, and more.

Anonymized DNSCrypt

Enabling Anonymized DNSCrypt allows the server to be used as an encrypted DNS relay.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].