dnscrypt-proxy acts as a DNS proxy between a regular client, like a DNS cache or an operating system stub resolver, and a DNSCrypt-aware resolver, like OpenDNS. The DNSCrypt protocol focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network (which is often the weakest link in the chain) against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
|Tags||network security DNS Proxy|
|Operating Systems||OpenBSD DragonFly BSD NetBSD FreeBSD Linux Mac OS X iOS Android Bitrig|
Release Notes: This version fixes a denial of service vulnerability introduced in dnscrypt 0.11. Support for running the proxy as a Windows service has been greatly improved, with automatic creation of registry keys. The provider and resolver information no longer has to be manually specified. This release introduces a new configuration file with a list of compatible resolvers, as well as a new option (-R) to automatically pick a configuration based on the resolver name.
Release Notes: This release ships with the Sodium library, which brings significant performance improvements over previous versions. A new command-line switch, --loglevel, has been added to adjust the log verbosity.
Release Notes: This is a major release with numerous bugfixes, compatibility improvements, and new features. dnscrypt-proxy can now be extended using dynamically loaded plugins that can inspect and alter DNS packets. Upgrading is recommended, especially on Windows and Android.
Release Notes: The Android build script has been fixed, memory leaks when fetching certificates have been fixed, a bad use-after-free condition has been fixed, and uninitialized variables have been initialized. Updating is highly recommended, especially on Windows. The plugin API has been documented, and a new configuration flag, --enable-relaxed-plugins-permissions, allows loading plugin files which are not owned by root or by the current user.
Release Notes: dnscrypt-proxy can now use plugins to alter/inspect queries and responses before and after they are relayed. The default max payload size has been trimmed to 1,252 bytes for compatibility with some scary network setups. The --local-port and --resolver-port options are gone for good. They had been deprecated for a while.