DNScrypt-proxy 2

dnscrypt.info Desktop [BSD, Linux, Solaris, Windows, MacOS & Android]

Awesome Privacy ➔ Networking ➔ DNS Clients ➔ DNScrypt-proxy 2

A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2, DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.

Homepage: dnscrypt.info
GitHub: github.com/DNSCrypt/dnscrypt-proxy
Web info: web-check.xyz/check/dnscrypt.info

Open Source

DNScrypt-proxy 2 Source Code

Author

DNSCrypt

Description

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

#anonymized#anonymized-dns#dns#dns-over-https#dnscrypt#dnscrypt-proxy#dnscrypt-proxy2#doh#oblivious-dns-over-https#oblivious-doh#odoh#proxy

Homepage

https://dnscrypt.info

License

ISC

Created

08 Jan 18

Last Updated

16 Jun 26

Latest version

2.1.16

Primary Language

Size

31,680 KB

Stars

13,398

Forks

1,112

Watchers

13,398

Language Usage

Star History

Top Contributors

@jedisct1 (2174)
@lifenjoiner (54)
@welwood08 (50)
@maage (37)
@dependabot[bot] (37)
@alisonatwork (20)
@ianbashford (11)
@MegaManSec (11)
@vbauerster (7)
@fholzer (5)
@d3cim (5)
@dependabot-preview[bot] (5)
@PeterDaveHello (5)
@IceCodeNew (5)
@a1346054 (4)
@hugepants (4)
@c4rlo (3)
@chris-wood (3)
@jrnewell (3)
@publicarray (3)
@mibere (3)
@amitbl (3)
@lukateras (2)
@cobratbq (2)
@EncryptTown (2)
@gdm85 (2)
@ignoramous (2)
@miracle091 (2)
@bdossantos (2)
@syphyr (2)
@hklcf (2)
@keatonLiu (2)
@Zirkelite (2)
@u1735067 (2)
@62f1346c-4576-42b3-afcb-23ef1820da34 (2)
@javabean (2)
@ericlagergren (2)
@Expertcoderz (2)
@simonfxr (2)
@matbech (2)
@Huhni (2)
@kev-null (2)
@corsmith (1)
@cloudclaim (1)
@honwen (1)
@brainscar (1)
@bleeee (1)
@agvol (1)
@wzyboy (1)
@ValdikSS (1)
@holykol (1)
@thadguidry (1)
@sfionov (1)
@ryboe (1)
@cuibuwei (1)
@dwimmer (1)
@iiic (1)
@jfoboss (1)
@joonas-fi (1)
@kimw (1)
@losuler (1)
@milgradesec (1)
@mr-bo-jangles (1)
@sapphired18 (1)
@petercooperjr (1)
@s-s (1)
@kazzarin (1)
@29f (1)
@sergeevabc (1)
@SaveTheRbtz (1)
@gitmask-anonymous (1)
@B00ze64 (1)
@bigdargon (1)
@Bitti09 (1)
@CNMan (1)
@ChrisLane (1)
@Stalick (1)
@DRSDavidSoft (1)
@dvzrv (1)
@RotoDhoulmagus (1)
@Dragonfir3 (1)
@HaraldNordgren (1)
@jauderho (1)
@monkeywithacupcake (1)
@johnspurlock (1)
@KOLANICH (1)
@komapa (1)
@Kedstar99 (1)
@fantuz (1)
@mpas97 (1)
@enxoco (1)
@pablomh (1)
@edmonds (1)

Recent Commits

Frank Denis (16 Jun 26)
Import circl
Frank Denis (16 Jun 26)
Implement pqdnscrypt
Frank Denis (09 Jun 26)
Resolve against the origin rather than the document URL
Frank Denis (06 Jun 26)
Format
Frank Denis (06 Jun 26)
Fix cycles detection in cloaking rules Detect actual cycles in the name-target graph instead of rejecting every target that matches any cloak rule. Fixes #3238
Frank Denis (05 Jun 26)
Nits
Frank Denis (05 Jun 26)
Validate DNS response questions Quickly reject received DNS responses whose question name, type, or class does not match the original query. Apply the check to the central response path, manual DNS exchanges, forwarding, and DoH/ODoH server probes. Suggested by Kun-Ta Chu, thanks!
Frank Denis (04 Jun 26)
Fix TCP fallback for truncated forwarded queries miekg/dns v2 can return both a partial response with the TC bit set and an unpack error for truncated UDP replies. Treat that case as a valid TCP fallback trigger instead of dropping the forwarded query, and use a fresh timeout context for the TCP retry.
Frank Denis (28 May 26)
Simplify
Frank Denis (26 May 26)
Update GitHub workflows to use Zizmor
Frank Denis (24 May 26)
Add a Makefile
Frank Denis (24 May 26)
Bump
Frank Denis (23 May 26)
Add odoh test
Frank Denis (23 May 26)
odoh: harden 401 refresh path against panics, races, and bad state
Frank Denis (23 May 26)
odoh: coalesce key refreshes on 401 and remove blocking sleep A hostile or misbehaving ODoH relay can return HTTP 401 for every query. The proxy reacted by forcing a key refresh (which fails through the same relay) and then sleeping the calling goroutine for ten seconds. Under load every request goroutine ended up parked in that sleep, and the proxy stopped answering anyone, not just the clients of the bad server.
Frank Denis (23 May 26)
Reponse plugins reject reponses without a question
Frank Denis (23 May 26)
Drop responses that fail plugin processing Return nil from the resolver callback when ApplyResponsePlugins errors, and stop suppressing unpack errors for truncated packets.
Frank Denis (23 May 26)
Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy * 'master' of github.com:DNSCrypt/dnscrypt-proxy: Fix TOCTOU race in refreshServer (#3224)
Frank Denis (23 May 26)
Merge IPCrypt algorithm normalization * fix/double-tolower: Normalize IP encryption algorithm once Fix double strings.ToLower in ipcrypt.go
Frank Denis (23 May 26)
Normalize IP encryption algorithm once
HKLCF (23 May 26)
Fix TOCTOU race in refreshServer (#3224) Combine the check-and-append into a single locked section to prevent duplicate server entries when refreshServer is called concurrently from refresh() and processODoHQuery(). Closes #3207 Co-authored-by: hklcf <[email protected]>
Frank Denis (23 May 26)
Fix data race on internalResolverReady field Use atomic.Bool instead of a plain bool to synchronize access from the cert-refresh worker goroutines and the resolver path. Originally submitted by hklcf in #3223. Closes #3205
hklcf (23 May 26)
Fix double strings.ToLower in ipcrypt.go Use already-normalized config.Algorithm value in the switch statement instead of calling strings.ToLower a second time. Closes #3215
Frank Denis (21 May 26)
xtransport: improve HTTP connection reuse Decouple the HTTP idle-pool lifetime from the keepalive config knob so connections stay warm for 90 seconds regardless, Also raise MaxIdleConns from 1 to 16 so multi-resolver setups don't re-handshake on every server rotation. Also drain the HTTP/3 transport's idle connections during rebuild, like we did with HTTP/2.
Frank Denis (21 May 26)
-resolve: report incomplete DNSSEC support
Frank Denis (18 May 26)
Update deps
Frank Denis (18 May 26)
Update comment
lifenjoiner (18 May 26)
Don't cache dashboard HTML pages (#3183) Fix #3181
Frank Denis (05 May 26)
Web UI: ditch JSON-P. Use fetch() for everything, it's 2026.
Frank Denis (03 May 26)
Update dependencies and actions

DNScrypt-proxy 2 Security

5.8/10

Repo Security Summary

Updated 25 May 26

Code-Review 0/10
CII-Best-Practices 0/10
Maintained 10/10
Packaging N/A
Dangerous-Workflow 10/10
Token-Permissions 0/10
Security-Policy 0/10
License 10/10
Fuzzing 10/10
Branch-Protection N/A
SAST 7/10
Signed-Releases 8/10
Binary-Artifacts 10/10
Pinned-Dependencies 0/10

DNScrypt-proxy 2 Website

Website

DNSCrypt version 2 - Official Project Home Page | DNSCrypt

New home of the DNSCrypt project, now implementing multiple protocols to improve DNS security. Download official DNSCrypt & DoH servers and clients here.

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

IP Address 37.59.238.213
Hostname recital.c9x.org
Location Roubaix, Hauts-de-France, France, EU
ISP OVH SAS
ASN AS16276

Associated Countries

Safety Score

Website marked as safe

100%

Blacklist Check

dnscrypt.info was found on 0 blacklists

AntiSocial Blacklist
Artists Against 419
Badbitcoin
Bambenek Consulting
CERT Polska
CoinBlockerLists
CRDF
CryptoScamDB
EtherAddressLookup
EtherScamDB
Fake Website Buster
MetaMask EthPhishing
NABP Not Recommended Sites
OpenPhish
PetScams
PhishFeed
PhishFort
Phishing.Database
PhishStats
PhishTank
Phishunt
RPiList Not Serious
Scam.Directory
SecureReload Phishing List
Spam404
StopGunScams
Suspicious Hosting IP
ThreatFox
ThreatLog
TweetFeed
URLhaus
ViriBack C2 Tracker

Website Preview

View full report at web-check.xyz

DNScrypt-proxy 2 Reviews

More DNS Clients

DNS Cloak

(iOS)
apps.apple.com/us/app/dnscloak-secure-dns-client/id1452162351

Simple all that allows for the use for dnscrypt-proxy 2 on an iPhone.

Open Source s-s/dnscloak

View DNS Cloak Report
Nebulo

(Android)
nebulo.app

Non-root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo.)

Open Source Ch4t4r/Nebulo

View Nebulo Report
RethinkDNS & Firewall

(Android)
rethinkdns.com/app

Free and open source DNS changer with support for DNS-over-HTTPS, DNS-over-Tor, and DNSCrypt v3 with Anonymized Relays. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using RethinkDNS + Firewall.)

Open Source celzero/rethink-app

View RethinkDNS & Firewall Report
Stubby

(Desktop [Linux, Mac, OpenWrt & Windows])
dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby

Acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), see example configuration.

Open Source getdnsapi/stubby

View Stubby Report
Unbound

(Desktop [Linux, Mac, OpenWrt & Windows])
nlnetlabs.nl/projects/unbound

Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)

Open Source NLnetLabs/unbound

View Unbound Report

About the Data: DNScrypt-proxy 2

API

You can access DNScrypt-proxy 2's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/dnscrypt-proxy-2

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share DNScrypt-proxy 2

Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share DNScrypt-proxy 2 and Awesome Privacy with your network!

View DNS Clients (6)

Unbound