1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00

update dnscrypt

This commit is contained in:
kev 2022-02-17 16:09:23 +08:00
parent 6eb55fbf39
commit 017cd00a78
27 changed files with 922 additions and 498 deletions

View File

@ -293,7 +293,6 @@ A collection of delicious docker recipes.
- [x] dnscrypt
- [x] dnscrypt-proxy
- [x] dnscrypt-server
- [x] ~dnscrypt-wrapper~
- [x] dnsmasq
- [x] dnsmasq-arm
- [x] pdnsd

View File

@ -1,54 +1,12 @@
dnscrypt
========
## About
[DNSCrypt][1] is a protocol that encrypts, authenticates and optionally anonymizes
communications between a DNS client and a DNS resolver. It prevents DNS
spoofing. It uses cryptographic signatures to verify that responses originate
from the chosen DNS resolver and haven’t been tampered with.
- `dnscrypt-wrapper` - A server-side dnscrypt proxy.
- `dnscrypt-proxy` - A protocol for securing communications between a client and a DNS resolver.
- dnscrypt-proxy
- dnscrypt-server
## Config
wrapper:
image: vimagick/dnscrypt-wrapper
ports:
- "443:443/udp"
- "443:443/tcp"
environment:
- LISTEN_ADDR=0.0.0.0:443
- RESOLVER_ADDR=8.8.8.8:53
- PROVIDER_NAME=2.dnscrypt-cert.easypi.info
restart: always
proxy:
image: vimagick/dnscrypt-proxy
ports:
- "53:53/udp"
- "53:53/tcp"
environment:
- LISTEN_ADDR=0.0.0.0:443
- RESOLVER_ADDR=1.2.3.4:443
- PROVIDER_NAME=2.dnscrypt-cert.easypi.info
- PROVIDER_KEY=4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
restart: always
> `RESOLVER_ADDR` is server public ip address.
## Server
$ cd dnscrypt
$ fig up -d wrapper
$ docker exec -it dnscrypt_wrapper_1 cat README.txt
Public key fingerprint: 4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
## Client
$ cd dnscrypt
$ fig up -d proxy
$ dig @127.0.0.1 www.google.com
$ dig @127.0.0.1 www.youtube.com +tcp
## Note
You'd better to use `vimagick/dnscrypt-proxy` as backend of `dnsmasq` or `pdnsd` for better performance.
Please read [this](https://github.com/Cofyc/dnscrypt-wrapper) to re-generate keys!
[1]: https://dnscrypt.info/

View File

@ -2,44 +2,24 @@
# Dockerfile for dnscrypt-proxy
#
FROM debian:jessie
MAINTAINER kev <noreply@easypi.pro>
FROM alpine:3
MAINTAINER EasyPi Software Foundation
ENV LIBSODIUM_VERSION 1.0.15
ENV DNSCRYPT_VERSION 1.9.5
ENV LISTEN_ADDR 0.0.0.0:53
ENV RESOLVER_ADDR 208.67.220.220:443
ENV PROVIDER_NAME 2.dnscrypt-cert.opendns.com
ENV PROVIDER_KEY B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
ARG DNSCRYPT_PROXY_VERSION=2.1.1
ARG DNSCRYPT_PROXY_FILE=dnscrypt-proxy-linux_x86_64-${DNSCRYPT_PROXY_VERSION}.tar.gz
ARG DNSCRYPT_PROXY_URL=https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/${DNSCRYPT_PROXY_VERSION}/${DNSCRYPT_PROXY_FILE}
WORKDIR /etc/dnscrypt-proxy
RUN set -xe \
&& apt-get update \
&& apt-get install -y ca-certificates \
build-essential \
curl \
&& mkdir libsodium \
&& cd libsodium \
&& curl -sSL https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VERSION.tar.gz | tar xz --strip 1 \
&& ./configure --prefix=/usr --enable-minimal \
&& make install \
&& ldconfig \
&& cd .. \
&& rm -rf libsodium \
&& mkdir dnscrypt-proxy \
&& cd dnscrypt-proxy \
&& curl -sSL https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-$DNSCRYPT_VERSION.tar.gz | tar xz --strip 1 \
&& ./configure --prefix=/usr --with-plugins \
&& make install \
&& cd .. \
&& rm -rf dnscrypt-proxy \
&& apt-get purge --auto-remove -y ca-certificates \
build-essential \
curl \
&& rm -rf /usr/lib/apt/lists/*
&& apk add --no-cache curl tar \
&& curl -sSL ${DNSCRYPT_PROXY_URL} | tar xz --strip 1 \
&& mv dnscrypt-proxy /usr/local/bin/ \
&& sed '/^listen_addresses/s/127.0.0.1:53/0.0.0.0:53/' example-dnscrypt-proxy.toml > dnscrypt-proxy.toml
VOLUME /etc/dnscrypt-proxy
EXPOSE 53/tcp 53/udp
CMD dnscrypt-proxy --local-address=$LISTEN_ADDR \
--provider-name=$PROVIDER_NAME \
--provider-key=$PROVIDER_KEY \
--resolver-address=$RESOLVER_ADDR
ENTRYPOINT ["dnscrypt-proxy"]
CMD ["-config", "dnscrypt-proxy.toml"]

View File

@ -1 +1,18 @@
https://github.com/vimagick/dockerfiles/tree/master/dnscrypt
dnscrypt-proxy
==============
[dnscrypt-proxy][1] is a flexible DNS proxy, with support for modern encrypted
DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH
(Oblivious DoH).
## up and running
```bash
$ mkdir -p data
$ wget -O data/dnscrypt-proxy.toml https://github.com/DNSCrypt/dnscrypt-proxy/raw/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
$ vim data/dnscrypt-proxy.toml
$ docker-compose up -d
$ dig @127.0.0.1 www.youtube.com
```
[1]: https://github.com/DNSCrypt/dnscrypt-proxy

View File

@ -1,45 +0,0 @@
#
# Dockerfile for dnscrypt-proxy-arm
#
FROM armhf/debian:jessie
MAINTAINER EasyPi Software Foundation
ENV LIBSODIUM_VERSION 1.0.15
ENV DNSCRYPT_VERSION 1.9.5
ENV LISTEN_ADDR 0.0.0.0:53
ENV RESOLVER_ADDR 208.67.220.220:443
ENV PROVIDER_NAME 2.dnscrypt-cert.opendns.com
ENV PROVIDER_KEY B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
RUN set -xe \
&& apt-get update \
&& apt-get install -y ca-certificates \
build-essential \
curl \
&& mkdir libsodium \
&& cd libsodium \
&& curl -sSL https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VERSION.tar.gz | tar xz --strip 1 \
&& ./configure --prefix=/usr --enable-minimal \
&& make install \
&& ldconfig \
&& cd .. \
&& rm -rf libsodium \
&& mkdir dnscrypt-proxy \
&& cd dnscrypt-proxy \
&& curl -sSL https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-$DNSCRYPT_VERSION.tar.gz | tar xz --strip 1 \
&& ./configure --prefix=/usr --with-plugins \
&& make install \
&& cd .. \
&& rm -rf dnscrypt-proxy \
&& apt-get purge --auto-remove -y ca-certificates \
build-essential \
curl \
&& rm -rf /usr/lib/apt/lists/*
EXPOSE 53/tcp 53/udp
CMD dnscrypt-proxy --local-address=$LISTEN_ADDR \
--provider-name=$PROVIDER_NAME \
--provider-key=$PROVIDER_KEY \
--resolver-address=$RESOLVER_ADDR

View File

@ -1,7 +0,0 @@
dnscrypt-proxy:
image: easypi/dnscrypt-proxy-arm
container_name: dnscrypt-proxy
ports:
- "2053:53/tcp"
- "2053:53/udp"
restart: unless-stopped

View File

@ -0,0 +1,857 @@
##############################################
# #
# dnscrypt-proxy configuration #
# #
##############################################
## This is an example configuration file.
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
##
## Online documentation is available here: https://dnscrypt.info/doc
##################################
# Global settings #
##################################
## List of servers to use
##
## Servers from the "public-resolvers" source (see down below) can
## be viewed here: https://dnscrypt.info/public-servers
##
## The proxy will automatically pick working servers from this list.
## Note that the require_* filters do NOT apply when using this setting.
##
## By default, this list is empty and all registered servers matching the
## require_* filters will be used instead.
##
## Remove the leading # first to enable this; lines starting with # are ignored.
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Example with both IPv4 and IPv6:
## listen_addresses = ['127.0.0.1:53', '[::1]:53']
##
## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']`
## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']`
listen_addresses = ['0.0.0.0:53']
## Maximum number of simultaneous client connections to accept
max_clients = 250
## Switch to a different system user after listening sockets have been created.
## Note (1): this feature is currently unsupported on Windows.
## Note (2): this feature is not compatible with systemd socket activation.
## Note (3): when using -pidfile, the PID file directory must be writable by the new user
# user_name = 'nobody'
## Require servers (from remote sources) to satisfy specific properties
# Use servers reachable over IPv4
ipv4_servers = true
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = false
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
# Use servers implementing the Oblivious DoH protocol
odoh_servers = false
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = false
# Server must not log user queries (declarative)
require_nolog = true
# Server must not enforce its own blocklist (for parental control, ads blocking...)
require_nofilter = true
# Server names to avoid even if they match all criteria
disabled_server_names = []
## Always use TCP to connect to upstream servers.
## This can be useful if you need to route everything through Tor.
## Otherwise, leave this to `false`, as it doesn't improve security
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
## only increase latency.
force_tcp = false
## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
# proxy = 'socks5://127.0.0.1:9050'
## HTTP/HTTPS proxy
## Only for DoH servers
# http_proxy = 'http://127.0.0.1:8888'
## How long a DNS query will wait for a response, in milliseconds.
## If you have a network with *a lot* of latency, you may need to
## increase this. Startup may be slower if you do so.
## Don't increase it too much. 10000 is the highest reasonable value.
timeout = 5000
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
keepalive = 30
## Add EDNS-client-subnet information to outgoing queries
##
## Multiple networks can be listed; they will be randomly chosen.
## These networks don't have to match your actual networks.
# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
## Response for blocked queries. Options are `refused`, `hinfo` (default) or
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
## Using the `hinfo` option means that some responses will be lies.
## Unfortunately, the `hinfo` option appears to be required for Android 8+
# blocked_query_response = 'refused'
## Load-balancing strategy: 'p2' (default), 'ph', 'p<n>', 'first' or 'random'
## Randomly choose 1 of the fastest 2, half, n, 1 or all live servers by latency.
## The response quality still depends on the server itself.
# lb_strategy = 'p2'
## Set to `true` to constantly try to estimate the latency of all the resolvers
## and adjust the load-balancing parameters accordingly, or to `false` to disable.
## Default is `true` that makes 'p2' `lb_strategy` work well.
# lb_estimator = true
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
# log_level = 2
## Log file for the application, as an alternative to sending logs to
## the standard system logging service (syslog/Windows event log).
##
## This file is different from other log files, and will not be
## automatically rotated by the application.
# log_file = 'dnscrypt-proxy.log'
## When using a log file, only keep logs from the most recent launch.
# log_file_latest = true
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
## Delay, in minutes, after which certificates are reloaded
cert_refresh_delay = 240
## DNSCrypt: Create a new, unique key for every single DNS query
## This may improve privacy but can also have a significant impact on CPU usage
## Only enable if you don't have a lot of network load
# dnscrypt_ephemeral_keys = false
## DoH: Disable TLS session tickets - increases privacy but also latency
# tls_disable_session_tickets = false
## DoH: Use a specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
## 4865 = TLS_AES_128_GCM_SHA256
## 4867 = TLS_CHACHA20_POLY1305_SHA256
##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems.
##
## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it.
# tls_cipher_suite = [52392, 49199]
## Bootstrap resolvers
##
## These are normal, non-encrypted DNS resolvers, that will be only used
## for one-shot queries when retrieving the initial resolvers list and if
## the system DNS configuration doesn't work.
##
## No user queries will ever be leaked through these resolvers, and they will
## not be used after IP addresses of DoH resolvers have been found (if you are
## using DoH).
##
## They will never be used if lists have already been cached, and if the stamps
## of the configured servers already include IP addresses (which is the case for
## most of DoH servers, and for all DNSCrypt servers and relays).
##
## They will not be used if the configured system DNS works, or after the
## proxy already has at least one usable secure resolver.
##
## Resolvers supporting DNSSEC are recommended, and, if you are using
## DoH, bootstrap resolvers should ideally be operated by a different entity
## than the DoH servers you will be using, especially if you have IPv6 enabled.
##
## People in China may want to use 114.114.114.114:53 here.
## Other popular options include 8.8.8.8, 9.9.9.9 and 1.1.1.1.
##
## If more than one resolver is specified, they will be tried in sequence.
##
## TL;DR: put valid standard resolver addresses here. Your actual queries will
## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
## lists are up to date, these resolvers will not even be used.
bootstrap_resolvers = ['9.9.9.9:53', '8.8.8.8:53']
## Always use the bootstrap resolver before the system DNS settings.
ignore_system_dns = true
## Maximum time (in seconds) to wait for network connectivity before
## initializing the proxy.
## Useful if the proxy is automatically started at boot, and network
## connectivity is not guaranteed to be immediately available.
## Use 0 to not test for connectivity at all (not recommended),
## and -1 to wait as much as possible.
netprobe_timeout = 60
## Address and port to try initializing a connection to, just to check
## if the network is up. It can be any address and any port, even if
## there is nothing answering these on the other side. Just don't use
## a local address, as the goal is to check for Internet connectivity.
## On Windows, a datagram with a single, nul byte will be sent, only
## when the system starts.
## On other operating systems, the connection will be initialized
## but nothing will be sent at all.
netprobe_address = '9.9.9.9:53'
## Offline mode - Do not use any remote encrypted servers.
## The proxy will remain fully functional to respond to queries that
## plugins can handle directly (forwarding, cloaking, ...)
# offline_mode = false
## Additional data to attach to outgoing queries.
## These strings will be added as TXT records to queries.
## Do not use, except on servers explicitly asking for extra data
## to be present.
## encrypted-dns-server can be configured to use this for access control
## in the [access_control] section
# query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken']
## Automatic log files rotation
# Maximum log files size in MB - Set to 0 for unlimited.
log_files_max_size = 10
# How long to keep backup files, in days
log_files_max_age = 7
# Maximum log files backups to keep (or 0 to keep all backups)
log_files_max_backups = 1
#########################
# Filters #
#########################
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
## configure dnscrypt-proxy to do any kind of filtering (including the filters
## below and blocklists).
## You can still choose resolvers that do DNSSEC validation.
## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers.
block_ipv6 = false
## Immediately respond to A and AAAA queries for host names without a domain name
block_unqualified = true
## Immediately respond to queries for local zones instead of leaking them to
## upstream resolvers (always causing errors or timeouts).
block_undelegated = true
## TTL for synthetic responses sent when a request has been blocked (due to
## IPv6 or blocklists).
reject_ttl = 10
##################################################################################
# Route queries for specific domains to a dedicated set of servers #
##################################################################################
## See the `example-forwarding-rules.txt` file for an example
# forwarding_rules = 'forwarding-rules.txt'
###############################
# Cloaking rules #
###############################
## Cloaking returns a predefined address for a specific name.
## In addition to acting as a HOSTS file, it can also return the IP address
## of a different name. It will also do CNAME flattening.
##
## See the `example-cloaking-rules.txt` file for an example
# cloaking_rules = 'cloaking-rules.txt'
## TTL used when serving entries in cloaking-rules.txt
# cloak_ttl = 600
###########################
# DNS cache #
###########################
## Enable a DNS cache to reduce latency and outgoing traffic
cache = true
## Cache size
cache_size = 4096
## Minimum TTL for cached entries
cache_min_ttl = 2400
## Maximum TTL for cached entries
cache_max_ttl = 86400
## Minimum TTL for negatively cached entries
cache_neg_min_ttl = 60
## Maximum TTL for negatively cached entries
cache_neg_max_ttl = 600
########################################
# Captive portal handling #
########################################
[captive_portals]
## A file that contains a set of names used by operating systems to
## check for connectivity and captive portals, along with hard-coded
## IP addresses to return.
# map_file = 'example-captive-portals.txt'
##################################
# Local DoH server #
##################################
[local_doh]
## dnscrypt-proxy can act as a local DoH server. By doing so, web browsers
## requiring a direct connection to a DoH server in order to enable some
## features will enable these, without bypassing your DNS proxy.
## Addresses that the local DoH server should listen to
# listen_addresses = ['127.0.0.1:3000']
## Path of the DoH URL. This is not a file, but the part after the hostname
## in the URL. By convention, `/dns-query` is frequently chosen.
## For each `listen_address` the complete URL to access the server will be:
## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`)
# path = '/dns-query'
## Certificate file and key - Note that the certificate has to be trusted.
## See the documentation (wiki) for more information.
# cert_file = 'localhost.pem'
# cert_key_file = 'localhost.pem'
###############################
# Query logging #
###############################
## Log client queries to a file
[query_log]
## Path to the query log file (absolute, or relative to the same directory as the config file)
## Can be set to /dev/stdout in order to log to the standard output.
# file = 'query.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
# ignored_qtypes = ['DNSKEY', 'NS']
############################################
# Suspicious queries logging #
############################################
## Log queries for nonexistent zones
## These queries can reveal the presence of malware, broken/obsolete applications,
## and devices signaling their presence to 3rd parties.
[nx_log]
## Path to the query log file (absolute, or relative to the same directory as the config file)
# file = 'nx.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
######################################################
# Pattern-based blocking (blocklists) #
######################################################
## Blocklists are made of one pattern per line. Example of valid patterns:
##
## example.com
## =example.com
## *sex*
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
##
## Example blocklist files can be found at https://download.dnscrypt.info/blocklists/
## A script to build blocklists from public feeds can be found in the
## `utils/generate-domains-blocklists` directory of the dnscrypt-proxy source code.
[blocked_names]
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
# blocked_names_file = 'blocked-names.txt'
## Optional path to a file logging blocked queries
# log_file = 'blocked-names.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
###########################################################
# Pattern-based IP blocking (IP blocklists) #
###########################################################
## IP blocklists are made of one pattern per line. Example of valid patterns:
##
## 127.*
## fe80:abcd:*
## 192.168.1.4
[blocked_ips]
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
# blocked_ips_file = 'blocked-ips.txt'
## Optional path to a file logging blocked queries
# log_file = 'blocked-ips.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
######################################################
# Pattern-based allow lists (blocklists bypass) #
######################################################
## Allowlists support the same patterns as blocklists
## If a name matches an allowlist entry, the corresponding session
## will bypass names and IP filters.
##
## Time-based rules are also supported to make some websites only accessible at specific times of the day.
[allowed_names]
## Path to the file of allow list rules (absolute, or relative to the same directory as the config file)
# allowed_names_file = 'allowed-names.txt'
## Optional path to a file logging allowed queries
# log_file = 'allowed-names.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
#########################################################
# Pattern-based allowed IPs lists (blocklists bypass) #
#########################################################
## Allowed IP lists support the same patterns as IP blocklists
## If an IP response matches an allow ip entry, the corresponding session
## will bypass IP filters.
##
## Time-based rules are also supported to make some websites only accessible at specific times of the day.
[allowed_ips]
## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file)
# allowed_ips_file = 'allowed-ips.txt'
## Optional path to a file logging allowed queries
# log_file = 'allowed-ips.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
##########################################
# Time access restrictions #
##########################################
## One or more weekly schedules can be defined here.
## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
##
## For example, the following rule in a blocklist file:
## *.youtube.* @time-to-sleep
## would block access to YouTube during the times defined by the 'time-to-sleep' schedule.
##
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
## {after= '9:00', before='18:00'} matches 9:00-18:00
[schedules]
# [schedules.'time-to-sleep']
# mon = [{after='21:00', before='7:00'}]
# tue = [{after='21:00', before='7:00'}]
# wed = [{after='21:00', before='7:00'}]
# thu = [{after='21:00', before='7:00'}]
# fri = [{after='23:00', before='7:00'}]
# sat = [{after='23:00', before='7:00'}]
# sun = [{after='21:00', before='7:00'}]
# [schedules.'work']
# mon = [{after='9:00', before='18:00'}]
# tue = [{after='9:00', before='18:00'}]
# wed = [{after='9:00', before='18:00'}]
# thu = [{after='9:00', before='18:00'}]
# fri = [{after='9:00', before='17:00'}]
#########################
# Servers #
#########################
## Remote lists of available servers
## Multiple sources can be used simultaneously, but every source
## requires a dedicated cache file.
##
## Refer to the documentation for URLs of public sources.
##
## A prefix can be prepended to server names in order to
## avoid collisions if different sources share the same for
## different servers. In that case, names listed in `server_names`
## must include the prefixes.
##
## If the `urls` property is missing, cache files and valid signatures
## must already be present. This doesn't prevent these cache files from
## expiring after `refresh_delay` hours.
## Cache freshness is checked every 24 hours, so values for 'refresh_delay'
## of less than 24 hours will have no effect.
## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness.
[sources]
## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
## Anonymized DNS relays
[sources.'relays']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md']
cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
## ODoH (Oblivious DoH) servers and relays
# [sources.'odoh-servers']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://download.dnscrypt.net/resolvers-list/v3/odoh-servers.md']
# cache_file = 'odoh-servers.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# refresh_delay = 24
# prefix = ''
# [sources.'odoh-relays']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/odoh-relays.md']
# cache_file = 'odoh-relays.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# refresh_delay = 24
# prefix = ''
## Quad9
# [sources.quad9-resolvers]
# urls = ['https://www.quad9.net/quad9-resolvers.md']
# minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
# cache_file = 'quad9-resolvers.md'
# prefix = 'quad9-'
## Another example source, with resolvers censoring some websites not appropriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless
# [sources.'parental-control']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://download.dnscrypt.net/resolvers-list/v3/parental-control.md']
# cache_file = 'parental-control.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
#########################################
# Servers with known bugs #
#########################################
[broken_implementations]
# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
# truncate reponses larger than questions as expected by the DNSCrypt protocol.
# This prevents large responses from being received over UDP and over relays.
#
# Older versions of the `dnsdist` server software had a bug with queries larger
# than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
# some server may still run an outdated version.
#
# The list below enables workarounds to make non-relayed usage more reliable
# until the servers are fixed.
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
#################################################################
# Certificate-based client authentication for DoH #
#################################################################
# Use a X509 certificate to authenticate yourself when connecting to DoH servers.
# This is only useful if you are operating your own, private DoH server(s).
# 'creds' maps servers to certificates, and supports multiple entries.
# If you are not using the standard root CA, an optional "root_ca"
# property set to the path to a root CRT file can be added to a server entry.
[doh_client_x509_auth]
#
# creds = [
# { server_name='*', client_cert='client.crt', client_key='client.key' }
# ]
################################
# Anonymized DNS #
################################
[anonymized_dns]
## Routes are indirect ways to reach DNSCrypt servers.
##
## A route maps a server name ("server_name") to one or more relays that will be
## used to connect to that server.
##
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp) or a server name.
##
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
## and "example-server-2" via the relay whose relay DNS stamp is
## "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
##
## !!! THESE ARE JUST EXAMPLES !!!
##
## Review the list of available relays from the "relays.md" file, and, for each
## server you want to use, define the relays you want connections to go through.
##
## Carefully choose relays and servers so that they are run by different entities.
##
## "server_name" can also be set to "*" to define a default route, for all servers:
## { server_name='*', via=['anon-example-1', 'anon-example-2'] }
##
## If a route is ["*"], the proxy automatically picks a relay on a distinct network.
## { server_name='*', via=['*'] } is also an option, but is likely to be suboptimal.
##
## Manual selection is always recommended over automatic selection, so that you can
## select (relay,server) pairs that work well and fit your own criteria (close by or
## in different countries, operated by different entities, on distinct ISPs...)
# routes = [
# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
# { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ]
# Skip resolvers incompatible with anonymization instead of using them directly
skip_incompatible = false
# If public server certificates for a non-conformant server cannot be
# retrieved via a relay, try getting them directly. Actual queries
# will then always go through relays.
# direct_cert_fallback = false
###############################
# DNS64 #
###############################
## DNS64 is a mechanism for synthesizing AAAA records from A records.
## It is used with an IPv6/IPv4 translator to enable client-server
## communication between an IPv6-only client and an IPv4-only server,
## without requiring any changes to either the IPv6 or the IPv4 node,
## for the class of applications that work through NATs.
##
## There are two options to synthesize such records:
## Option 1: Using a set of static IPv6 prefixes;
## Option 2: By discovering the IPv6 prefix from DNS64-enabled resolver.
##
## If both options are configured - only static prefixes are used.
## (Ref. RFC6147, RFC6052, RFC7050)
##
## Do not enable unless you know what DNS64 is and why you need it, or else
## you won't be able to connect to anything at all.
[dns64]
## (Option 1) Static prefix(es) as Pref64::/n CIDRs.
# prefix = ['64:ff9b::/96']
## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs.
## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only.
## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96).
## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only.
# resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53']
########################################
# Static entries #
########################################
## Optional, local, static list of additional servers
## Mostly useful for testing your own servers.
[static]
# [static.'myserver']
# stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'

View File

@ -1,9 +0,0 @@
Package: dnscrypt-proxy
Version: 1.6.1-1
Maintainer: noreply@easypi.info
Depends:
Homepage: https://dnscrypt.org/
Architecture: armhf
Priority: optional
Section: net
Description: A tool for securing communications between a client and a DNS resolver

View File

@ -1,5 +0,0 @@
#!/bin/bash
ldconfig
systemctl start dnscrypt-proxy
systemctl enable dnscrypt-proxy

View File

@ -1,3 +0,0 @@
#!/bin/bash
ldconfig

View File

@ -1,4 +0,0 @@
#!/bin/bash
systemctl disable dnscrypt-proxy
systemctl stop dnscrypt-proxy

View File

@ -1,15 +0,0 @@
[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
After=network.target
Before=nss-lookup.target
[Service]
Type=simple
NonBlocking=true
ExecStart=/usr/sbin/dnscrypt-proxy \
-a 0.0.0.0:53 \
-R cisco
[Install]
WantedBy=multi-user.target

View File

@ -1 +0,0 @@
libsodium.so.18.1.0

View File

@ -1 +0,0 @@
libsodium.so.18.1.0

View File

@ -1,66 +0,0 @@
Name,Full name,Description,Location,Coordinates,URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record
4armed,4ARMED,DNSCrypt Server provided by www.4armed.com,France,,https://www.4armed.com,1,yes,yes,no,51.254.115.48:443,2.dnscrypt-cert.dnscrypt.4armed.io,FD3E:5887:63EA:17A9:1AF8:4325:DE82:1507:6ED0:01AB:2F9E:55DE:689B:F491:4D8E:526E,
cisco,Cisco OpenDNS,Remove your DNS blind spot,Anycast,,https://www.opendns.com,1,no,no,no,208.67.220.220:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,
cisco-familyshield,Cisco OpenDNS with FamilyShield,Blocks web sites not suitable for children,Anycast,,https://www.opendns.com/home-internet-security/parental-controls/,1,no,no,no,208.67.220.123:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,
cisco-ipv6,Cisco OpenDNS over IPv6,Cisco OpenDNS IPv6 sandbox,Anycast,,https://www.opendns.com/about/innovations/ipv6/,1,no,no,no,[2620:0:ccc::2]:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,
cisco-port53,Cisco OpenDNS backward compatibility port 53,Remove your DNS blind spot,Anycast,,https://www.opendns.com,1,no,no,no,208.67.220.220:53,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,
cloudns-can,CloudNS Canberra,CloudNS is an Australian based security focused DNS provider,"Canberra, AU",,https://cloudns.com.au,1,yes,yes,yes,113.20.6.2:443,2.dnscrypt-cert.cloudns.com.au,1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4,
cloudns-syd,CloudNS Sydney,CloudNS is an Australian based security focused DNS provider,"Sydney, AU",,https://cloudns.com.au,1,yes,yes,yes,113.20.8.17:443,2.dnscrypt-cert-2.cloudns.com.au,67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330,
cs-cfi,cryptostorm.is cryptofree France DNSCrypt server (port 443),provided by cryptostorm.is,"Paris, France",,https://cryptostorm.is,1,no,yes,yes,212.83.175.31:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-cfii,cryptostorm.is secondary cryptofree France DNSCrypt server (port 443),provided by cryptostorm.is,"Paris, France",,https://cryptostorm.is,1,no,yes,yes,195.154.61.33:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-ch,cryptostorm.is Switzerland DNSCrypt server (port 443),provided by cryptostorm.is,"Baar, Switzerland",,https://cryptostorm.is,1,no,yes,yes,185.60.147.77:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-de,cryptostorm.is Germany DNSCrypt server (port 443),provided by cryptostorm.is,"Frankfurt, Germany",,https://cryptostorm.is,1,no,yes,yes,46.165.222.246:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-fr,cryptostorm.is France DNSCrypt server (port 443),provided by cryptostorm.is,"Paris, France",,https://cryptostorm.is,1,no,yes,yes,212.129.46.86:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-fr2,cryptostorm.is secondary France DNSCrypt server (port 443),provided by cryptostorm.is,"Paris, France",,https://cryptostorm.is,1,no,yes,yes,212.129.46.32:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-pt,cryptostorm.is Portugal DNSCrypt server (port 443),provided by cryptostorm.is,"Lisbon, Portugal",,https://cryptostorm.is,1,no,yes,yes,109.71.42.228:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-uk,cryptostorm.is England DNSCrypt server (port 443),provided by cryptostorm.is,"London, England",,https://cryptostorm.is,1,no,yes,yes,31.24.34.50:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-uswest,"cryptostorm.is Seattle, WA (US) DNSCrypt server (port 443)",provided by cryptostorm.is,"Seattle, WA",,https://cryptostorm.is,1,no,yes,yes,76.164.234.11:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
cs-uswest2,"cryptostorm.is Las Vegas, NV (US) DNSCrypt server (port 443)",provided by cryptostorm.is,"Las Vegas, NV",,https://cryptostorm.is,1,no,yes,yes,104.238.194.235:443,2.dnscrypt-cert.cryptostorm.is,3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A,
d0wn-bg-ns1,OpenNIC Resolver Bulgaria 01 - d0wn,Server provided by Martin 'd0wn' Albus,Bulgaria,,https://dns.d0wn.biz,1,no,yes,yes,217.12.203.133:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-cr-ns1,OpenNIC Resolver Costa Rica 01 - d0wn,Server provided by Martin 'd0wn' Albus,Costa Rica,,https://dns.d0wn.biz,1,no,yes,yes,190.10.8.128:54,2.dnscrypt-cert.cr.d0wn.biz,6A9F:AB11:B806:2349:A082:6687:6F57:E99E:7818:BB5F:30F8:1C5C:95E1:2057:B1A8:16FB,pubkey.cr.dnscrypt.d0wn.biz
d0wn-de-ns2,OpenNIC Resolver Germany 02 - d0wn,Server provided by Martin 'd0wn' Albus,Germany,,https://dns.d0wn.biz,1,no,yes,yes,213.202.215.23:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-fr-ns2,OpenNIC Resolver France 02 - d0wn,Server provided by Martin 'd0wn' Albus,France,,https://dns.d0wn.biz,1,no,yes,yes,37.187.0.40:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-gr-ns1,OpenNIC Resolver Greece 01 - d0wn,Server provided by Martin 'd0wn' Albus & www.aws.gr,Greece,,https://dns.d0wn.biz,1,no,yes,yes,85.25.105.193:54,2.dnscrypt-cert.gr.d0wn.biz,D056:D3A4:9568:5AFE:4B0D:C688:7A75:41B2:7217:F0C9:75A5:A6C0:142D:363B:F992:9867,pubkey.gr.dnscrypt.d0wn.biz
d0wn-nl-ns1,OpenNIC Resolver Netherlands 01 - d0wn,Server provided by Martin 'd0wn' Albus,Netherlands,,https://dns.d0wn.biz,1,no,yes,yes,95.85.9.86:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-nl-ns2,OpenNIC Resolver Netherlands 02 - d0wn,Server provided by Martin 'd0wn' Albus,Netherlands,,https://dns.d0wn.biz,1,no,yes,yes,185.83.217.248:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-pl-ns1,OpenNIC Resolver Poland 01 - d0wn,Server provided by Martin 'd0wn' Albus,Poland,,https://dns.d0wn.biz,1,no,yes,yes,37.233.98.173:54,2.dnscrypt-cert.pl.d0wn.biz,8ECD:8F3E:C003:4622:E66D:96F4:CDCA:84D0:5DA6:11ED:192D:9BE7:B7C7:6F6B:FFA7:75D9,pubkey.pl.dnscrypt.d0wn.biz
d0wn-random-ns1,DNSCrypt Randomizer 01 - d0wn,Server provided by Martin 'd0wn' Albus,Moldova,,https://dns.d0wn.biz,1,no,yes,yes,178.17.170.133:54,2.dnscrypt-cert.random.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.random2.dnscrypt.d0wn.biz
d0wn-ru-ns1,OpenNIC Resolver Russia 01 - d0wn,Server provided by Martin 'd0wn' Albus,Russia,,https://dns.d0wn.biz,1,no,yes,yes,91.214.71.181:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
d0wn-ua-ns1,OpenNIC Resolver Ukraine 01 - d0wn,Server provided by Martin 'd0wn' Albus,Ukraine,,https://dns.d0wn.biz,1,no,yes,yes,217.12.210.54:54,2.dnscrypt-cert.d0wn.biz,9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62,pubkey.dnscrypt.d0wn.biz
dnscrypt.eu-dk,DNSCrypt.eu Denmark,"Free, non-logged, uncensored. Hosted by Netgroup.",Denmark,,https://dnscrypt.eu,1,yes,yes,no,77.66.84.233:443,2.dnscrypt-cert.resolver2.dnscrypt.eu,3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955,pubkey.resolver2.dnscrypt.eu
dnscrypt.eu-dk-ipv6,DNSCrypt.eu Denmark over IPv6,"Free, non-logged, uncensored. Hosted by Netgroup.",Denmark,,https://dnscrypt.eu,1,yes,yes,no,[2001:1448:243::dc2]:443,2.dnscrypt-cert.resolver2.dnscrypt.eu,3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955,pubkey.resolver2.dnscrypt.eu
dnscrypt.eu-nl,DNSCrypt.eu Holland,"Free, non-logged, uncensored. Hosted by RamNode.",Netherlands,,https://dnscrypt.eu,1,yes,yes,no,176.56.237.171:443,2.dnscrypt-cert.resolver1.dnscrypt.eu,67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66,pubkey.resolver1.dnscrypt.eu
dnscrypt.eu-nl-ipv6,DNSCrypt.eu Holland over IPv6,"Free, non-logged, uncensored. Hosted by RamNode.",Netherlands,,https://dnscrypt.eu,1,yes,yes,no,[2a00:d880:3:1::a6c1:2e89]:443,2.dnscrypt-cert.resolver1.dnscrypt.eu,67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66,pubkey.resolver1.dnscrypt.eu
dnscrypt.org-fr,DNSCrypt.org France,DNSSEC/Namecoin/Non-logged/Uncensored - ARM server donated by Scaleway.com,"Paris, France",,,1,yes,yes,yes,212.47.228.136,2.dnscrypt-cert.fr.dnscrypt.org,E801:B84E:A606:BFB0:BAC0:CE43:445B:B15E:BA64:B02F:A3C4:AA31:AE10:636A:0790:324D,pubkey.fr.dnscrypt.org
fvz-rec-at-vie-01,"opennic-fvz-rec-at-vie-01 in Vienna, Austria","Fusl's public OpenNIC Tier2 DNS Resolver in Vienna, Austria - Sponsored by dediserve (https://dediserve.com/)","Vienna, Austria",,http://meo.ws/dnsrec.php,1,no,yes,yes,79.133.43.124,2.dnscrypt-cert.fvz-rec-at-vie-01.dnsrec.meo.ws,8D64:21DA:85D0:11B2:5056:319C:A81B:C6BB:EABC:0790:3CED:1469:EA4B:91A7:9568:C6BC,
fvz-rec-ca-mtr-01,"opennic-fvz-rec-ca-mtr-01 in Montreal, Canada","Fusl's public OpenNIC Tier2 DNS Resolver in Montreal, Canada - Sponsored by Zappie Host (https://zappiehost.com/)","Montreal, Canada",,http://meo.ws/dnsrec.php,1,no,yes,yes,192.99.240.129,2.dnscrypt-cert.fvz-rec-ca-mtr-01.dnsrec.meo.ws,71D3:851D:9FBA:4A03:1526:2D29:CAAF:56B8:60D8:4439:1AED:5C6A:CAB4:9397:D31C:757E,
fvz-rec-ca-mtr-01-ipv6,"opennic-fvz-rec-ca-mtr-01 in Montreal, Canada (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Montreal, Canada (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/)","Montreal, Canada",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2607:5300:60:6715::151:1]:443,2.dnscrypt-cert.fvz-rec-ca-mtr-01.dnsrec.meo.ws,71D3:851D:9FBA:4A03:1526:2D29:CAAF:56B8:60D8:4439:1AED:5C6A:CAB4:9397:D31C:757E,
fvz-rec-ca-tor-01,"opennic-fvz-rec-ca-tor-01 in Toronto, Canada","Fusl's public OpenNIC Tier2 DNS Resolver in Toronto, Canada - Sponsored by Luna Node (https://lunanode.com/)","Toronto, Canada",,http://meo.ws/dnsrec.php,1,no,yes,yes,172.81.176.146,2.dnscrypt-cert.fvz-rec-ca-tor-01.dnsrec.meo.ws,0F75:DB7D:7BF0:B078:8DF6:8472:7B1A:5069:A6EC:BDDF:FD0D:0E85:5C45:B500:D532:994F,
fvz-rec-ca-tor-01-ipv6,"opennic-fvz-rec-ca-tor-01 in Toronto, Canada (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Toronto, Canada (IPv6) - Sponsored by Luna Node (https://lunanode.com/)","Toronto, Canada",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2602:ffb6:2:0:f816:3eff:fe23:ae28]:443,2.dnscrypt-cert.fvz-rec-ca-tor-01.dnsrec.meo.ws,0F75:DB7D:7BF0:B078:8DF6:8472:7B1A:5069:A6EC:BDDF:FD0D:0E85:5C45:B500:D532:994F,
fvz-rec-de-fra-01,"opennic-fvz-rec-de-fra-01 in Frankfurt, Germany","Fusl's public OpenNIC Tier2 DNS Resolver in Frankfurt, Germany - Sponsored by a very kind person","Frankfurt, Germany",,http://meo.ws/dnsrec.php,1,no,yes,yes,185.97.7.7,2.dnscrypt-cert.fvz-rec-de-fra-01.dnsrec.meo.ws,9FCC:EB74:6856:238D:AC57:428B:DE4F:D9C6:E736:5370:E9F9:5415:3BD3:6EBE:A8C2:FAFE,
fvz-rec-fr-sxb-01,"opennic-fvz-rec-fr-sxb-01 in Strasbourg, France","Fusl's public OpenNIC Tier2 DNS Resolver in Strasbourg, France - Sponsored by GalaxyHostPlus (https://galaxyhostplus.com/)","Strasbourg, France",,http://meo.ws/dnsrec.php,1,no,yes,yes,51.254.68.187:27015,2.dnscrypt-cert.fvz-rec-fr-sxb-01.dnsrec.meo.ws,53E7:3A2C:7EB2:C574:0C2B:8826:56EF:13CF:FA3F:1B3F:A902:7773:E0F1:A9D2:0CD7:E037,
fvz-rec-gb-brs-01,"opennic-fvz-rec-gb-brs-01 in Bristol, United Kingdom","Fusl's public OpenNIC Tier2 DNS Resolver in Bristol, United Kingdom - Sponsored by a very kind person","Bristol, United Kingdom",,http://meo.ws/dnsrec.php,1,no,yes,yes,185.115.125.185,2.dnscrypt-cert.fvz-rec-gb-brs-01.dnsrec.meo.ws,FE7B:2A4C:ECBA:E837:B978:D831:BD9D:D51D:9382:7F52:2D46:3A2D:2EEB:3753:0099:E117,
fvz-rec-gb-lon-01,"opennic-fvz-rec-gb-lon-01 in London, United Kingdom","Fusl's public OpenNIC Tier2 DNS Resolver in London, United Kingdom - Sponsored by Konsole (https://konsole.co.uk/)","London, United Kingdom",,http://meo.ws/dnsrec.php,1,no,yes,yes,93.170.96.119,2.dnscrypt-cert.fvz-rec-gb-lon-01.dnsrec.meo.ws,DDD8:847B:B3E8:DDE2:AB59:DB53:5381:8024:2032:E3FD:C5A2:C48A:C527:B77F:15CC:D28C,
fvz-rec-gb-lon-03,"opennic-fvz-rec-gb-lon-03 in London, United Kingdom","Fusl's public OpenNIC Tier2 DNS Resolver in London, United Kingdom - Sponsored by dediserve (https://dediserve.com/)","London, United Kingdom",,http://meo.ws/dnsrec.php,1,no,yes,yes,95.154.236.104,2.dnscrypt-cert.fvz-rec-gb-lon-03.dnsrec.meo.ws,972C:778B:8F32:21DB:E10B:B13B:6AFF:FED5:EE85:C526:844A:6662:6E05:FD44:5571:0597,
fvz-rec-hk-ztw-01,"opennic-fvz-rec-hk-ztw-01 in Tsuen Wan, Hong Kong","Fusl's public OpenNIC Tier2 DNS Resolver in Tsuen Wan, Hong Kong - Sponsored by dediserve (https://dediserve.com/)","Tsuen Wan, Hong Kong",,http://meo.ws/dnsrec.php,1,no,yes,yes,103.53.199.71,2.dnscrypt-cert.fvz-rec-hk-ztw-01.dnsrec.meo.ws,FD3A:5CE0:FD44:D174:681F:F008:7958:9EC8:8D4B:B2D9:32A2:2746:FEAD:77F7:3992:33FA,
fvz-rec-ie-du-01,"opennic-fvz-rec-ie-du-01 in Dublin, Ireland","Fusl's public OpenNIC Tier2 DNS Resolver in Dublin, Ireland - Sponsored by dediserve (https://dediserve.com/)","Dublin, Ireland",,http://meo.ws/dnsrec.php,1,no,yes,yes,217.78.6.191,2.dnscrypt-cert.fvz-rec-ie-du-01.dnsrec.meo.ws,DCAF:BA31:C7A9:5F68:FE40:3C69:FE1A:CFF5:CD4C:400D:7DE7:7DEA:1AF4:8F8D:7669:8DFB,
fvz-rec-nl-ams-01,"opennic-fvz-rec-nl-ams-01 in Amsterdam, Netherlands","Fusl's public OpenNIC Tier2 DNS Resolver in Amsterdam, Netherlands - Sponsored by dediserve (https://dediserve.com/)","Amsterdam, Netherlands",,http://meo.ws/dnsrec.php,1,no,yes,yes,93.158.205.94,2.dnscrypt-cert.fvz-rec-nl-ams-01.dnsrec.meo.ws,7B81:4CB7:D323:CCAB:EA4E:8BBA:0A44:2172:F909:62E8:699C:3B14:2DAB:8B51:D2E2:083C,
fvz-rec-no-osl-01,"opennic-fvz-rec-no-osl-01 in Oslo, Norway","Fusl's public OpenNIC Tier2 DNS Resolver in Oslo, Norway - Cloud.net (https://cloud.net/)","Oslo, Norway",,http://meo.ws/dnsrec.php,1,no,yes,yes,91.247.228.155,2.dnscrypt-cert.fvz-rec-no-osl-01.dnsrec.meo.ws,0D0C:CDB0:DAF0:2EDF:E340:2251:D9CA:9EAE:BFD0:6F00:7A00:560C:FD53:78D1:2CE3:F4AA,
fvz-rec-nz-akl-01,"opennic-fvz-rec-nz-akl-01 in Auckland, New Zealand","Fusl's public OpenNIC Tier2 DNS Resolver in Auckland, New Zealand - Sponsored by Zappie Host (https://zappiehost.com/)","Auckland, New Zealand",,http://meo.ws/dnsrec.php,1,no,yes,yes,185.99.132.5,2.dnscrypt-cert.fvz-rec-nz-akl-01.dnsrec.meo.ws,D7F2:D231:33BD:2A55:DF4F:C2E8:53FC:43C3:525F:423A:518F:0DC4:5A67:9E35:D940:314B,
fvz-rec-nz-akl-01-ipv6,"opennic-fvz-rec-nz-akl-01 in Auckland, New Zealand (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Auckland, New Zealand (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/)","Auckland, New Zealand",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2a06:1280:bee1::dea:5]:443,2.dnscrypt-cert.fvz-rec-nz-akl-01.dnsrec.meo.ws,D7F2:D231:33BD:2A55:DF4F:C2E8:53FC:43C3:525F:423A:518F:0DC4:5A67:9E35:D940:314B,
fvz-rec-ro-buh-01,"opennic-fvz-rec-ro-buh-01 in Bucharest, Romania","Fusl's public OpenNIC Tier2 DNS Resolver in Bucharest, Romania - HostClean.net (http://www.hostclean.net/)","Bucharest, Romania",,http://meo.ws/dnsrec.php,1,no,yes,yes,89.34.26.150,2.dnscrypt-cert.fvz-rec-ro-buh-01.dnsrec.meo.ws,EAA2:541A:F705:0D97:7F8C:D5B0:7B8D:D0AD:849A:653C:9E69:C02C:AB8D:FA5B:6F99:7B96,
fvz-rec-us-lax-01,"opennic-fvz-rec-us-lax-01 in Los Angeles, United States","Fusl's public OpenNIC Tier2 DNS Resolver in Los Angeles, United States - Sponsored by evoBurst (http://evoburst.com/)","Los Angeles, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,198.96.89.143,2.dnscrypt-cert.fvz-rec-us-lax-01.dnsrec.meo.ws,DB55:4132:4B48:5FB5:2F34:7B22:9CA5:784C:AB24:FBF2:9A96:0894:A6E3:EA93:FEA6:1DD5,
fvz-rec-us-lax-01-ipv6,"opennic-fvz-rec-us-lax-01 in Los Angeles, United States (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Los Angeles, United States (IPv6) - Sponsored by evoBurst (http://evoburst.com/)","Los Angeles, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2607:fcd0:100:87e9::b98d]:443,2.dnscrypt-cert.fvz-rec-us-lax-01.dnsrec.meo.ws,DB55:4132:4B48:5FB5:2F34:7B22:9CA5:784C:AB24:FBF2:9A96:0894:A6E3:EA93:FEA6:1DD5,
fvz-rec-us-ler-01,"opennic-fvz-rec-us-ler-01 in Lenoir, United States","Fusl's public OpenNIC Tier2 DNS Resolver in Lenoir, United States - Sponsored by Zappie Host (https://zappiehost.com/)","Lenoir, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,192.209.63.8,2.dnscrypt-cert.fvz-rec-us-ler-01.dnsrec.meo.ws,962D:FF03:6864:E891:0885:91AC:C207:1E38:0D94:1531:7123:3D32:9A25:DB25:CDD2:7EBE,
fvz-rec-us-ler-01-ipv6,"opennic-fvz-rec-us-ler-01 in Lenoir, United States (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Lenoir, United States (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/)","Lenoir, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2606:1e80:dace:bebe::da:1]:443,2.dnscrypt-cert.fvz-rec-us-ler-01.dnsrec.meo.ws,962D:FF03:6864:E891:0885:91AC:C207:1E38:0D94:1531:7123:3D32:9A25:DB25:CDD2:7EBE,
fvz-rec-us-mia-01,"opennic-fvz-rec-us-mia-01 in Miami, United States","Fusl's public OpenNIC Tier2 DNS Resolver in Miami, United States - Sponsored by evoBurst (http://evoburst.com/)","Miami, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,173.44.61.182,2.dnscrypt-cert.fvz-rec-us-mia-01.dnsrec.meo.ws,B864:FA77:A58F:F757:6B53:1086:BDF0:6B2F:7D33:1D09:E561:236E:A9ED:557F:F6C3:B7F1,
fvz-rec-us-mia-01-ipv6,"opennic-fvz-rec-us-mia-01 in Miami, United States (IPv6)","Fusl's public OpenNIC Tier2 DNS Resolver in Miami, United States (IPv6) - Sponsored by evoBurst (http://evoburst.com/)","Miami, United States",,http://meo.ws/dnsrec.php,1,no,yes,yes,[2607:ff48:aa81:e99::273b]:443,2.dnscrypt-cert.fvz-rec-us-mia-01.dnsrec.meo.ws,B864:FA77:A58F:F757:6B53:1086:BDF0:6B2F:7D33:1D09:E561:236E:A9ED:557F:F6C3:B7F1,
ipredator,Ipredator.se Server,Public DNSCrypt server in Sweden provided by Ipredator.se,Sweden,,https://www.ipredator.se,1,no,yes,no,194.132.32.32:443,2.dnscrypt-cert.ipredator.se,C44C:566A:A8D6:46C4:32B1:04F5:3D00:961B:32DC:71CF:1C04:BD9E:B013:E480:E7A4:7828,pubkey.resolver2.ipredator.se
ns0.dnscrypt.is,"ns0.dnscrypt.is in Reykjavík, Iceland","DNSSEC enabled, non-logging, uncensored. Sponsored by 1984 Hosting.","Reykjavík, Iceland",,https://dnscrypt.is,1,yes,yes,no,93.95.228.87:443,2.dnscrypt-cert.ns0.dnscrypt.is,EE41:6A83:451C:218F:37B2:B736:78C4:999F:7DE6:89D1:31D2:7866:7C8E:A8BB:1C95:B402,pubkey.ns0.dnscrypt.is
okturtles,okTurtles,For a surveillance-free world. HTTPS is broken. DNSChain fixes it.,"Georgia, US","33.032501, -83.895699",http://okturtles.com/,1,no,yes,yes,23.226.227.93:443,2.dnscrypt-cert.okturtles.com,1D85:3953:E34F:AFD0:05F9:4C6F:D1CC:E635:D411:9904:0D48:D19A:5D35:0B6A:7C81:73CB,
opennic-tumabox,TumaBox,Public DNS server operated by TumaBox.org,Germany,,http://wiki.tumabox.org/doku.php?id=dns,1,no,yes,no,130.255.73.90:5353,2.tumabox.org,D591:7B11:6A35:3114:C238:AA99:A6EB:0C28:7CF7:6805:41AC:5DBF:A8A0:239E:228C:5B06,
ovpnto-ro,"OpenNIC OVPN.to Romania",by oVPN.to VPN and Proxy service,Romania,,https://ovpn.to,1,no,yes,yes,93.115.92.252:5353,2.dnscrypt-cert.opennic-dns-ro1.ovpn.to,C665:8FFD:3D64:FC86:DD2C:87D1:0DDA:6069:C0ED:2C71:5E8D:9705:2C21:C12F:8153:EC14,
ovpnto-se,"OpenNIC OVPN.to Sweden",by oVPN.to VPN and Proxy service,Sweden,,https://ovpn.to,1,no,yes,yes,95.215.46.195:5353,2.dnscrypt-cert.sweden.ovpn.to,1014:0662:B5D6:B65B:6F55:4367:A77C:A057:DA1A:CE6A:D9ED:1C1F:040E:80A5:895C:83F5,
ovpnto-se-ipv6,OpenNIC OVPN.to Sweden over IPv6,by oVPN.to VPN and Proxy service,Sweden,,https://ovpn.to,1,no,yes,yes,[2a02:7aa0:1619::c434:714c]:5353,2.dnscrypt-cert.sweden.ovpn.to,1014:0662:B5D6:B65B:6F55:4367:A77C:A057:DA1A:CE6A:D9ED:1C1F:040E:80A5:895C:83F5,
soltysiak,Soltysiak,Public DNSCrypt server in Poland,Poland,"52.4014619, 16.9278078",http://dc1.soltysiak.com/,1,yes,yes,yes,178.216.201.222:2053,2.dnscrypt-cert.soltysiak.com,25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21,pubkey.dc1.soltysiak.com
soltysiak-ipv6,Soltysiak over IPv6,Public DNSCrypt server in Poland,Poland,"52.4014619, 16.9278078",http://dc1.soltysiak.com/,1,yes,yes,yes,[2001:470:70:4ff::2]:2053,2.dnscrypt-cert.soltysiak.com,25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21,pubkey.dc1.soltysiak.com
1 Name Full name Description Location Coordinates URL Version DNSSEC validation No logs Namecoin Resolver address Provider name Provider public key Provider public key TXT record
2 4armed 4ARMED DNSCrypt Server provided by www.4armed.com France https://www.4armed.com 1 yes yes no 51.254.115.48:443 2.dnscrypt-cert.dnscrypt.4armed.io FD3E:5887:63EA:17A9:1AF8:4325:DE82:1507:6ED0:01AB:2F9E:55DE:689B:F491:4D8E:526E
3 cisco Cisco OpenDNS Remove your DNS blind spot Anycast https://www.opendns.com 1 no no no 208.67.220.220:443 2.dnscrypt-cert.opendns.com B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
4 cisco-familyshield Cisco OpenDNS with FamilyShield Blocks web sites not suitable for children Anycast https://www.opendns.com/home-internet-security/parental-controls/ 1 no no no 208.67.220.123:443 2.dnscrypt-cert.opendns.com B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
5 cisco-ipv6 Cisco OpenDNS over IPv6 Cisco OpenDNS IPv6 sandbox Anycast https://www.opendns.com/about/innovations/ipv6/ 1 no no no [2620:0:ccc::2]:443 2.dnscrypt-cert.opendns.com B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
6 cisco-port53 Cisco OpenDNS backward compatibility port 53 Remove your DNS blind spot Anycast https://www.opendns.com 1 no no no 208.67.220.220:53 2.dnscrypt-cert.opendns.com B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
7 cloudns-can CloudNS Canberra CloudNS is an Australian based security focused DNS provider Canberra, AU https://cloudns.com.au 1 yes yes yes 113.20.6.2:443 2.dnscrypt-cert.cloudns.com.au 1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4
8 cloudns-syd CloudNS Sydney CloudNS is an Australian based security focused DNS provider Sydney, AU https://cloudns.com.au 1 yes yes yes 113.20.8.17:443 2.dnscrypt-cert-2.cloudns.com.au 67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330
9 cs-cfi cryptostorm.is cryptofree France DNSCrypt server (port 443) provided by cryptostorm.is Paris, France https://cryptostorm.is 1 no yes yes 212.83.175.31:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
10 cs-cfii cryptostorm.is secondary cryptofree France DNSCrypt server (port 443) provided by cryptostorm.is Paris, France https://cryptostorm.is 1 no yes yes 195.154.61.33:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
11 cs-ch cryptostorm.is Switzerland DNSCrypt server (port 443) provided by cryptostorm.is Baar, Switzerland https://cryptostorm.is 1 no yes yes 185.60.147.77:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
12 cs-de cryptostorm.is Germany DNSCrypt server (port 443) provided by cryptostorm.is Frankfurt, Germany https://cryptostorm.is 1 no yes yes 46.165.222.246:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
13 cs-fr cryptostorm.is France DNSCrypt server (port 443) provided by cryptostorm.is Paris, France https://cryptostorm.is 1 no yes yes 212.129.46.86:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
14 cs-fr2 cryptostorm.is secondary France DNSCrypt server (port 443) provided by cryptostorm.is Paris, France https://cryptostorm.is 1 no yes yes 212.129.46.32:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
15 cs-pt cryptostorm.is Portugal DNSCrypt server (port 443) provided by cryptostorm.is Lisbon, Portugal https://cryptostorm.is 1 no yes yes 109.71.42.228:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
16 cs-uk cryptostorm.is England DNSCrypt server (port 443) provided by cryptostorm.is London, England https://cryptostorm.is 1 no yes yes 31.24.34.50:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
17 cs-uswest cryptostorm.is Seattle, WA (US) DNSCrypt server (port 443) provided by cryptostorm.is Seattle, WA https://cryptostorm.is 1 no yes yes 76.164.234.11:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
18 cs-uswest2 cryptostorm.is Las Vegas, NV (US) DNSCrypt server (port 443) provided by cryptostorm.is Las Vegas, NV https://cryptostorm.is 1 no yes yes 104.238.194.235:443 2.dnscrypt-cert.cryptostorm.is 3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
19 d0wn-bg-ns1 OpenNIC Resolver Bulgaria 01 - d0wn Server provided by Martin 'd0wn' Albus Bulgaria https://dns.d0wn.biz 1 no yes yes 217.12.203.133:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
20 d0wn-cr-ns1 OpenNIC Resolver Costa Rica 01 - d0wn Server provided by Martin 'd0wn' Albus Costa Rica https://dns.d0wn.biz 1 no yes yes 190.10.8.128:54 2.dnscrypt-cert.cr.d0wn.biz 6A9F:AB11:B806:2349:A082:6687:6F57:E99E:7818:BB5F:30F8:1C5C:95E1:2057:B1A8:16FB pubkey.cr.dnscrypt.d0wn.biz
21 d0wn-de-ns2 OpenNIC Resolver Germany 02 - d0wn Server provided by Martin 'd0wn' Albus Germany https://dns.d0wn.biz 1 no yes yes 213.202.215.23:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
22 d0wn-fr-ns2 OpenNIC Resolver France 02 - d0wn Server provided by Martin 'd0wn' Albus France https://dns.d0wn.biz 1 no yes yes 37.187.0.40:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
23 d0wn-gr-ns1 OpenNIC Resolver Greece 01 - d0wn Server provided by Martin 'd0wn' Albus & www.aws.gr Greece https://dns.d0wn.biz 1 no yes yes 85.25.105.193:54 2.dnscrypt-cert.gr.d0wn.biz D056:D3A4:9568:5AFE:4B0D:C688:7A75:41B2:7217:F0C9:75A5:A6C0:142D:363B:F992:9867 pubkey.gr.dnscrypt.d0wn.biz
24 d0wn-nl-ns1 OpenNIC Resolver Netherlands 01 - d0wn Server provided by Martin 'd0wn' Albus Netherlands https://dns.d0wn.biz 1 no yes yes 95.85.9.86:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
25 d0wn-nl-ns2 OpenNIC Resolver Netherlands 02 - d0wn Server provided by Martin 'd0wn' Albus Netherlands https://dns.d0wn.biz 1 no yes yes 185.83.217.248:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
26 d0wn-pl-ns1 OpenNIC Resolver Poland 01 - d0wn Server provided by Martin 'd0wn' Albus Poland https://dns.d0wn.biz 1 no yes yes 37.233.98.173:54 2.dnscrypt-cert.pl.d0wn.biz 8ECD:8F3E:C003:4622:E66D:96F4:CDCA:84D0:5DA6:11ED:192D:9BE7:B7C7:6F6B:FFA7:75D9 pubkey.pl.dnscrypt.d0wn.biz
27 d0wn-random-ns1 DNSCrypt Randomizer 01 - d0wn Server provided by Martin 'd0wn' Albus Moldova https://dns.d0wn.biz 1 no yes yes 178.17.170.133:54 2.dnscrypt-cert.random.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.random2.dnscrypt.d0wn.biz
28 d0wn-ru-ns1 OpenNIC Resolver Russia 01 - d0wn Server provided by Martin 'd0wn' Albus Russia https://dns.d0wn.biz 1 no yes yes 91.214.71.181:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
29 d0wn-ua-ns1 OpenNIC Resolver Ukraine 01 - d0wn Server provided by Martin 'd0wn' Albus Ukraine https://dns.d0wn.biz 1 no yes yes 217.12.210.54:54 2.dnscrypt-cert.d0wn.biz 9970:E22D:7F6C:967F:8AED:CEEB:FBC1:94B9:AF54:376E:2BF7:39F1:F466:CBC9:AFDB:2A62 pubkey.dnscrypt.d0wn.biz
30 dnscrypt.eu-dk DNSCrypt.eu Denmark Free, non-logged, uncensored. Hosted by Netgroup. Denmark https://dnscrypt.eu 1 yes yes no 77.66.84.233:443 2.dnscrypt-cert.resolver2.dnscrypt.eu 3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955 pubkey.resolver2.dnscrypt.eu
31 dnscrypt.eu-dk-ipv6 DNSCrypt.eu Denmark over IPv6 Free, non-logged, uncensored. Hosted by Netgroup. Denmark https://dnscrypt.eu 1 yes yes no [2001:1448:243::dc2]:443 2.dnscrypt-cert.resolver2.dnscrypt.eu 3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955 pubkey.resolver2.dnscrypt.eu
32 dnscrypt.eu-nl DNSCrypt.eu Holland Free, non-logged, uncensored. Hosted by RamNode. Netherlands https://dnscrypt.eu 1 yes yes no 176.56.237.171:443 2.dnscrypt-cert.resolver1.dnscrypt.eu 67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 pubkey.resolver1.dnscrypt.eu
33 dnscrypt.eu-nl-ipv6 DNSCrypt.eu Holland over IPv6 Free, non-logged, uncensored. Hosted by RamNode. Netherlands https://dnscrypt.eu 1 yes yes no [2a00:d880:3:1::a6c1:2e89]:443 2.dnscrypt-cert.resolver1.dnscrypt.eu 67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 pubkey.resolver1.dnscrypt.eu
34 dnscrypt.org-fr DNSCrypt.org France DNSSEC/Namecoin/Non-logged/Uncensored - ARM server donated by Scaleway.com Paris, France 1 yes yes yes 212.47.228.136 2.dnscrypt-cert.fr.dnscrypt.org E801:B84E:A606:BFB0:BAC0:CE43:445B:B15E:BA64:B02F:A3C4:AA31:AE10:636A:0790:324D pubkey.fr.dnscrypt.org
35 fvz-rec-at-vie-01 opennic-fvz-rec-at-vie-01 in Vienna, Austria Fusl's public OpenNIC Tier2 DNS Resolver in Vienna, Austria - Sponsored by dediserve (https://dediserve.com/) Vienna, Austria http://meo.ws/dnsrec.php 1 no yes yes 79.133.43.124 2.dnscrypt-cert.fvz-rec-at-vie-01.dnsrec.meo.ws 8D64:21DA:85D0:11B2:5056:319C:A81B:C6BB:EABC:0790:3CED:1469:EA4B:91A7:9568:C6BC
36 fvz-rec-ca-mtr-01 opennic-fvz-rec-ca-mtr-01 in Montreal, Canada Fusl's public OpenNIC Tier2 DNS Resolver in Montreal, Canada - Sponsored by Zappie Host (https://zappiehost.com/) Montreal, Canada http://meo.ws/dnsrec.php 1 no yes yes 192.99.240.129 2.dnscrypt-cert.fvz-rec-ca-mtr-01.dnsrec.meo.ws 71D3:851D:9FBA:4A03:1526:2D29:CAAF:56B8:60D8:4439:1AED:5C6A:CAB4:9397:D31C:757E
37 fvz-rec-ca-mtr-01-ipv6 opennic-fvz-rec-ca-mtr-01 in Montreal, Canada (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Montreal, Canada (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/) Montreal, Canada http://meo.ws/dnsrec.php 1 no yes yes [2607:5300:60:6715::151:1]:443 2.dnscrypt-cert.fvz-rec-ca-mtr-01.dnsrec.meo.ws 71D3:851D:9FBA:4A03:1526:2D29:CAAF:56B8:60D8:4439:1AED:5C6A:CAB4:9397:D31C:757E
38 fvz-rec-ca-tor-01 opennic-fvz-rec-ca-tor-01 in Toronto, Canada Fusl's public OpenNIC Tier2 DNS Resolver in Toronto, Canada - Sponsored by Luna Node (https://lunanode.com/) Toronto, Canada http://meo.ws/dnsrec.php 1 no yes yes 172.81.176.146 2.dnscrypt-cert.fvz-rec-ca-tor-01.dnsrec.meo.ws 0F75:DB7D:7BF0:B078:8DF6:8472:7B1A:5069:A6EC:BDDF:FD0D:0E85:5C45:B500:D532:994F
39 fvz-rec-ca-tor-01-ipv6 opennic-fvz-rec-ca-tor-01 in Toronto, Canada (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Toronto, Canada (IPv6) - Sponsored by Luna Node (https://lunanode.com/) Toronto, Canada http://meo.ws/dnsrec.php 1 no yes yes [2602:ffb6:2:0:f816:3eff:fe23:ae28]:443 2.dnscrypt-cert.fvz-rec-ca-tor-01.dnsrec.meo.ws 0F75:DB7D:7BF0:B078:8DF6:8472:7B1A:5069:A6EC:BDDF:FD0D:0E85:5C45:B500:D532:994F
40 fvz-rec-de-fra-01 opennic-fvz-rec-de-fra-01 in Frankfurt, Germany Fusl's public OpenNIC Tier2 DNS Resolver in Frankfurt, Germany - Sponsored by a very kind person Frankfurt, Germany http://meo.ws/dnsrec.php 1 no yes yes 185.97.7.7 2.dnscrypt-cert.fvz-rec-de-fra-01.dnsrec.meo.ws 9FCC:EB74:6856:238D:AC57:428B:DE4F:D9C6:E736:5370:E9F9:5415:3BD3:6EBE:A8C2:FAFE
41 fvz-rec-fr-sxb-01 opennic-fvz-rec-fr-sxb-01 in Strasbourg, France Fusl's public OpenNIC Tier2 DNS Resolver in Strasbourg, France - Sponsored by GalaxyHostPlus (https://galaxyhostplus.com/) Strasbourg, France http://meo.ws/dnsrec.php 1 no yes yes 51.254.68.187:27015 2.dnscrypt-cert.fvz-rec-fr-sxb-01.dnsrec.meo.ws 53E7:3A2C:7EB2:C574:0C2B:8826:56EF:13CF:FA3F:1B3F:A902:7773:E0F1:A9D2:0CD7:E037
42 fvz-rec-gb-brs-01 opennic-fvz-rec-gb-brs-01 in Bristol, United Kingdom Fusl's public OpenNIC Tier2 DNS Resolver in Bristol, United Kingdom - Sponsored by a very kind person Bristol, United Kingdom http://meo.ws/dnsrec.php 1 no yes yes 185.115.125.185 2.dnscrypt-cert.fvz-rec-gb-brs-01.dnsrec.meo.ws FE7B:2A4C:ECBA:E837:B978:D831:BD9D:D51D:9382:7F52:2D46:3A2D:2EEB:3753:0099:E117
43 fvz-rec-gb-lon-01 opennic-fvz-rec-gb-lon-01 in London, United Kingdom Fusl's public OpenNIC Tier2 DNS Resolver in London, United Kingdom - Sponsored by Konsole (https://konsole.co.uk/) London, United Kingdom http://meo.ws/dnsrec.php 1 no yes yes 93.170.96.119 2.dnscrypt-cert.fvz-rec-gb-lon-01.dnsrec.meo.ws DDD8:847B:B3E8:DDE2:AB59:DB53:5381:8024:2032:E3FD:C5A2:C48A:C527:B77F:15CC:D28C
44 fvz-rec-gb-lon-03 opennic-fvz-rec-gb-lon-03 in London, United Kingdom Fusl's public OpenNIC Tier2 DNS Resolver in London, United Kingdom - Sponsored by dediserve (https://dediserve.com/) London, United Kingdom http://meo.ws/dnsrec.php 1 no yes yes 95.154.236.104 2.dnscrypt-cert.fvz-rec-gb-lon-03.dnsrec.meo.ws 972C:778B:8F32:21DB:E10B:B13B:6AFF:FED5:EE85:C526:844A:6662:6E05:FD44:5571:0597
45 fvz-rec-hk-ztw-01 opennic-fvz-rec-hk-ztw-01 in Tsuen Wan, Hong Kong Fusl's public OpenNIC Tier2 DNS Resolver in Tsuen Wan, Hong Kong - Sponsored by dediserve (https://dediserve.com/) Tsuen Wan, Hong Kong http://meo.ws/dnsrec.php 1 no yes yes 103.53.199.71 2.dnscrypt-cert.fvz-rec-hk-ztw-01.dnsrec.meo.ws FD3A:5CE0:FD44:D174:681F:F008:7958:9EC8:8D4B:B2D9:32A2:2746:FEAD:77F7:3992:33FA
46 fvz-rec-ie-du-01 opennic-fvz-rec-ie-du-01 in Dublin, Ireland Fusl's public OpenNIC Tier2 DNS Resolver in Dublin, Ireland - Sponsored by dediserve (https://dediserve.com/) Dublin, Ireland http://meo.ws/dnsrec.php 1 no yes yes 217.78.6.191 2.dnscrypt-cert.fvz-rec-ie-du-01.dnsrec.meo.ws DCAF:BA31:C7A9:5F68:FE40:3C69:FE1A:CFF5:CD4C:400D:7DE7:7DEA:1AF4:8F8D:7669:8DFB
47 fvz-rec-nl-ams-01 opennic-fvz-rec-nl-ams-01 in Amsterdam, Netherlands Fusl's public OpenNIC Tier2 DNS Resolver in Amsterdam, Netherlands - Sponsored by dediserve (https://dediserve.com/) Amsterdam, Netherlands http://meo.ws/dnsrec.php 1 no yes yes 93.158.205.94 2.dnscrypt-cert.fvz-rec-nl-ams-01.dnsrec.meo.ws 7B81:4CB7:D323:CCAB:EA4E:8BBA:0A44:2172:F909:62E8:699C:3B14:2DAB:8B51:D2E2:083C
48 fvz-rec-no-osl-01 opennic-fvz-rec-no-osl-01 in Oslo, Norway Fusl's public OpenNIC Tier2 DNS Resolver in Oslo, Norway - Cloud.net (https://cloud.net/) Oslo, Norway http://meo.ws/dnsrec.php 1 no yes yes 91.247.228.155 2.dnscrypt-cert.fvz-rec-no-osl-01.dnsrec.meo.ws 0D0C:CDB0:DAF0:2EDF:E340:2251:D9CA:9EAE:BFD0:6F00:7A00:560C:FD53:78D1:2CE3:F4AA
49 fvz-rec-nz-akl-01 opennic-fvz-rec-nz-akl-01 in Auckland, New Zealand Fusl's public OpenNIC Tier2 DNS Resolver in Auckland, New Zealand - Sponsored by Zappie Host (https://zappiehost.com/) Auckland, New Zealand http://meo.ws/dnsrec.php 1 no yes yes 185.99.132.5 2.dnscrypt-cert.fvz-rec-nz-akl-01.dnsrec.meo.ws D7F2:D231:33BD:2A55:DF4F:C2E8:53FC:43C3:525F:423A:518F:0DC4:5A67:9E35:D940:314B
50 fvz-rec-nz-akl-01-ipv6 opennic-fvz-rec-nz-akl-01 in Auckland, New Zealand (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Auckland, New Zealand (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/) Auckland, New Zealand http://meo.ws/dnsrec.php 1 no yes yes [2a06:1280:bee1::dea:5]:443 2.dnscrypt-cert.fvz-rec-nz-akl-01.dnsrec.meo.ws D7F2:D231:33BD:2A55:DF4F:C2E8:53FC:43C3:525F:423A:518F:0DC4:5A67:9E35:D940:314B
51 fvz-rec-ro-buh-01 opennic-fvz-rec-ro-buh-01 in Bucharest, Romania Fusl's public OpenNIC Tier2 DNS Resolver in Bucharest, Romania - HostClean.net (http://www.hostclean.net/) Bucharest, Romania http://meo.ws/dnsrec.php 1 no yes yes 89.34.26.150 2.dnscrypt-cert.fvz-rec-ro-buh-01.dnsrec.meo.ws EAA2:541A:F705:0D97:7F8C:D5B0:7B8D:D0AD:849A:653C:9E69:C02C:AB8D:FA5B:6F99:7B96
52 fvz-rec-us-lax-01 opennic-fvz-rec-us-lax-01 in Los Angeles, United States Fusl's public OpenNIC Tier2 DNS Resolver in Los Angeles, United States - Sponsored by evoBurst (http://evoburst.com/) Los Angeles, United States http://meo.ws/dnsrec.php 1 no yes yes 198.96.89.143 2.dnscrypt-cert.fvz-rec-us-lax-01.dnsrec.meo.ws DB55:4132:4B48:5FB5:2F34:7B22:9CA5:784C:AB24:FBF2:9A96:0894:A6E3:EA93:FEA6:1DD5
53 fvz-rec-us-lax-01-ipv6 opennic-fvz-rec-us-lax-01 in Los Angeles, United States (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Los Angeles, United States (IPv6) - Sponsored by evoBurst (http://evoburst.com/) Los Angeles, United States http://meo.ws/dnsrec.php 1 no yes yes [2607:fcd0:100:87e9::b98d]:443 2.dnscrypt-cert.fvz-rec-us-lax-01.dnsrec.meo.ws DB55:4132:4B48:5FB5:2F34:7B22:9CA5:784C:AB24:FBF2:9A96:0894:A6E3:EA93:FEA6:1DD5
54 fvz-rec-us-ler-01 opennic-fvz-rec-us-ler-01 in Lenoir, United States Fusl's public OpenNIC Tier2 DNS Resolver in Lenoir, United States - Sponsored by Zappie Host (https://zappiehost.com/) Lenoir, United States http://meo.ws/dnsrec.php 1 no yes yes 192.209.63.8 2.dnscrypt-cert.fvz-rec-us-ler-01.dnsrec.meo.ws 962D:FF03:6864:E891:0885:91AC:C207:1E38:0D94:1531:7123:3D32:9A25:DB25:CDD2:7EBE
55 fvz-rec-us-ler-01-ipv6 opennic-fvz-rec-us-ler-01 in Lenoir, United States (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Lenoir, United States (IPv6) - Sponsored by Zappie Host (https://zappiehost.com/) Lenoir, United States http://meo.ws/dnsrec.php 1 no yes yes [2606:1e80:dace:bebe::da:1]:443 2.dnscrypt-cert.fvz-rec-us-ler-01.dnsrec.meo.ws 962D:FF03:6864:E891:0885:91AC:C207:1E38:0D94:1531:7123:3D32:9A25:DB25:CDD2:7EBE
56 fvz-rec-us-mia-01 opennic-fvz-rec-us-mia-01 in Miami, United States Fusl's public OpenNIC Tier2 DNS Resolver in Miami, United States - Sponsored by evoBurst (http://evoburst.com/) Miami, United States http://meo.ws/dnsrec.php 1 no yes yes 173.44.61.182 2.dnscrypt-cert.fvz-rec-us-mia-01.dnsrec.meo.ws B864:FA77:A58F:F757:6B53:1086:BDF0:6B2F:7D33:1D09:E561:236E:A9ED:557F:F6C3:B7F1
57 fvz-rec-us-mia-01-ipv6 opennic-fvz-rec-us-mia-01 in Miami, United States (IPv6) Fusl's public OpenNIC Tier2 DNS Resolver in Miami, United States (IPv6) - Sponsored by evoBurst (http://evoburst.com/) Miami, United States http://meo.ws/dnsrec.php 1 no yes yes [2607:ff48:aa81:e99::273b]:443 2.dnscrypt-cert.fvz-rec-us-mia-01.dnsrec.meo.ws B864:FA77:A58F:F757:6B53:1086:BDF0:6B2F:7D33:1D09:E561:236E:A9ED:557F:F6C3:B7F1
58 ipredator Ipredator.se Server Public DNSCrypt server in Sweden provided by Ipredator.se Sweden https://www.ipredator.se 1 no yes no 194.132.32.32:443 2.dnscrypt-cert.ipredator.se C44C:566A:A8D6:46C4:32B1:04F5:3D00:961B:32DC:71CF:1C04:BD9E:B013:E480:E7A4:7828 pubkey.resolver2.ipredator.se
59 ns0.dnscrypt.is ns0.dnscrypt.is in Reykjavík, Iceland DNSSEC enabled, non-logging, uncensored. Sponsored by 1984 Hosting. Reykjavík, Iceland https://dnscrypt.is 1 yes yes no 93.95.228.87:443 2.dnscrypt-cert.ns0.dnscrypt.is EE41:6A83:451C:218F:37B2:B736:78C4:999F:7DE6:89D1:31D2:7866:7C8E:A8BB:1C95:B402 pubkey.ns0.dnscrypt.is
60 okturtles okTurtles For a surveillance-free world. HTTPS is broken. DNSChain fixes it. Georgia, US 33.032501, -83.895699 http://okturtles.com/ 1 no yes yes 23.226.227.93:443 2.dnscrypt-cert.okturtles.com 1D85:3953:E34F:AFD0:05F9:4C6F:D1CC:E635:D411:9904:0D48:D19A:5D35:0B6A:7C81:73CB
61 opennic-tumabox TumaBox Public DNS server operated by TumaBox.org Germany http://wiki.tumabox.org/doku.php?id=dns 1 no yes no 130.255.73.90:5353 2.tumabox.org D591:7B11:6A35:3114:C238:AA99:A6EB:0C28:7CF7:6805:41AC:5DBF:A8A0:239E:228C:5B06
62 ovpnto-ro OpenNIC OVPN.to Romania by oVPN.to VPN and Proxy service Romania https://ovpn.to 1 no yes yes 93.115.92.252:5353 2.dnscrypt-cert.opennic-dns-ro1.ovpn.to C665:8FFD:3D64:FC86:DD2C:87D1:0DDA:6069:C0ED:2C71:5E8D:9705:2C21:C12F:8153:EC14
63 ovpnto-se OpenNIC OVPN.to Sweden by oVPN.to VPN and Proxy service Sweden https://ovpn.to 1 no yes yes 95.215.46.195:5353 2.dnscrypt-cert.sweden.ovpn.to 1014:0662:B5D6:B65B:6F55:4367:A77C:A057:DA1A:CE6A:D9ED:1C1F:040E:80A5:895C:83F5
64 ovpnto-se-ipv6 OpenNIC OVPN.to Sweden over IPv6 by oVPN.to VPN and Proxy service Sweden https://ovpn.to 1 no yes yes [2a02:7aa0:1619::c434:714c]:5353 2.dnscrypt-cert.sweden.ovpn.to 1014:0662:B5D6:B65B:6F55:4367:A77C:A057:DA1A:CE6A:D9ED:1C1F:040E:80A5:895C:83F5
65 soltysiak Soltysiak Public DNSCrypt server in Poland Poland 52.4014619, 16.9278078 http://dc1.soltysiak.com/ 1 yes yes yes 178.216.201.222:2053 2.dnscrypt-cert.soltysiak.com 25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21 pubkey.dc1.soltysiak.com
66 soltysiak-ipv6 Soltysiak over IPv6 Public DNSCrypt server in Poland Poland 52.4014619, 16.9278078 http://dc1.soltysiak.com/ 1 yes yes yes [2001:470:70:4ff::2]:2053 2.dnscrypt-cert.soltysiak.com 25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21 pubkey.dc1.soltysiak.com

View File

@ -1,2 +0,0 @@
untrusted comment: minisign public key used to sign the resolvers list
RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

View File

@ -1,120 +0,0 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "DNSCRYPT\-PROXY" "8" "February 2016" "" ""
.
.SH "NAME"
\fBdnscrypt\-proxy\fR \- A DNSCrypt forwarder
.
.SH "SYNOPSIS"
\fBdnscrypt\-proxy\fR [\fIoptions\fR]
.
.SH "DESCRIPTION"
\fBdnscrypt\-proxy\fR accepts DNS requests, authenticates and encrypts them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
.
.P
Replies from the resolver are expected to be authenticated or else they will be discarded\.
.
.P
The proxy verifies the replies, decrypts them, and transparently forwards them to the local stub resolver\.
.
.P
\fBdnscrypt\-proxy\fR listens to \fB127\.0\.0\.1\fR / port \fB53\fR by default\.
.
.SH "WARNING"
\fBdnscrypt\-proxy\fR is not a DNS cache\. Unless your operating system already provides a decent built\-in cache (and by default, most systems don\'t), clients shouldn\'t directly send requests to \fBdnscrypt\-proxy\fR\.
.
.P
Intead, run a DNS cache like \fBUnbound\fR, and configure it to use \fBdnscrypt\-proxy\fR as a forwarder\. Both can safely run on the same machine as long as they use different IP addresses and/or different ports\.
.
.SH "OPTIONS"
.
.IP "\(bu" 4
\fB\-a\fR, \fB\-\-local\-address=<ip>[:port]\fR: what local IP the daemon will listen to, with an optional port\. The default port is 53\.
.
.IP "\(bu" 4
\fB\-d\fR, \fB\-\-daemonize\fR: detach from the current terminal and run the server in background\.
.
.IP "\(bu" 4
\fB\-E\fR, \fB\-\-ephemeral\-keys\fR: By default, queries are always sent with the same public key, allowing providers to link this public key to the different IP addresses you are using\. This option requires extra CPU cycles, but mitigates this by computing an ephemeral key pair for every query\.
.
.IP "\(bu" 4
\fB\-e\fR, \fB\-\-edns\-payload\-size=<bytes>\fR: transparently add an OPT pseudo\-RR to outgoing queries in order to enable the EDNS0 extension mechanism\. The payload size is the size of the largest response we accept from the resolver before retrying over TCP\. This feature is enabled by default, with a payload size of 1252 bytes\. Any value below 512 disables it\.
.
.IP "\(bu" 4
\fB\-h\fR, \fB\-\-help\fR: show usage\.
.
.IP "\(bu" 4
\fB\-k\fR, \fB\-\-provider\-key=<key>\fR: specify the provider public key (see below)\.
.
.IP "\(bu" 4
\fB\-K\fR, \fB\-\-client\-key=<file>\fR: use a static client secret key stored in \fB<file>\fR\.
.
.IP "\(bu" 4
\fB\-L\fR, \fB\-\-resolvers\-list=<file>\fR: path to the CSV file containing the list of available resolvers, and the parameters to use them\.
.
.IP "\(bu" 4
\fB\-l\fR, \fB\-\-logfile=<file>\fR: log events to this file instead of the standard output\.
.
.IP "\(bu" 4
\fB\-m\fR, \fB\-\-loglevel=<level>\fR: don\'t log events with priority above this level after the service has been started up\. Default is \fB6\fR, the value for \fBLOG_INFO\fR\. Valid values are \fB0\fR (system is unusable), \fB1\fR (action must be taken immediately), \fB2\fR (critical conditions), \fB3\fR (error conditions), \fB4\fR (warning conditions), \fB5\fR (normal but significant condition), \fB6\fR (informational) and \fB7\fR (debug\-level messages)\.
.
.IP "\(bu" 4
\fB\-n\fR, \fB\-\-max\-active\-requests=<count>\fR: set the maximum number of simultaneous active requests\. The default value is 250\.
.
.IP "\(bu" 4
\fB\-p\fR, \fB\-\-pidfile=<file>\fR: write the PID number to a file\.
.
.IP "\(bu" 4
\fB\-R\fR, \fB\-\-resolver\-name=<name>\fR: name of the resolver to use, from the list of available resolvers (see \fB\-L\fR)\.
.
.IP "\(bu" 4
\fB\-r\fR, \fB\-\-resolver\-address=<ip>[:port]\fR: a DNSCrypt\-capable resolver IP address with an optional port\. The default port is 443\.
.
.IP "\(bu" 4
\-S, \-\-syslog: if a log file hasn\'t been set, log diagnostic messages to syslog instead of printing them\. \-\-daemonize implies \-\-syslog\.
.
.IP "\(bu" 4
\fB\-t\fR, \fB\-\-test=<margin>\fR: don\'t actually start the proxy, but check that a valid certificate can be retrieved from the server and that it will remain valid for the next \fImargin\fR minutes\. The exit code is 0 if a valid certificate can be used, 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a currently valid certificate is going to expire before \fImargin\fR\. The margin is always specificied in minutes\.
.
.IP "\(bu" 4
\fB\-u\fR, \fB\-\-user=<user name>\fR: chroot(2) to this user\'s home directory and drop privileges\.
.
.IP "\(bu" 4
\fB\-N\fR, \fB\-\-provider\-name=<FQDN>\fR: the fully\-qualified name of the dnscrypt certificate provider\.
.
.IP "\(bu" 4
\fB\-T\fR, \fB\-\-tcp\-only\fR: always use TCP\. A connection made using UDP will get a truncated response, so that the (stub) resolver retries using TCP\.
.
.IP "\(bu" 4
\fB\-V\fR, \fB\-\-version\fR: show version number\.
.
.IP "" 0
.
.P
A public key is 256\-bit long, and it has to be specified as a hexadecimal string, with optional columns\.
.
.SH "COMMON USAGE EXAMPLE"
.
.nf
$ dnscrypt\-proxy \-\-daemonize \-\-resolver\-name=\.\.\.
.
.fi
.
.P
The resolver name is the first column (Name) in the CSV file\.
.
.SH "USAGE EXAMPLE WITH A PRIVATE SERVER"
.
.nf
$ dnscrypt\-proxy \-\-daemonize \-\-provider\-key=\.\.\. \-\-provider\-name=\.\.\. \-\-resolver\-address=\.\.\.
.
.fi
.
.SH "BUGS AND SUPPORT"
Please report issues with DNSCrypt itself to https://dnscrypt\.org/issues
.
.SH "SEE ALSO"
hostip(8)

View File

@ -1,54 +0,0 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "HOSTIP" "8" "June 2015" "" ""
.
.SH "NAME"
\fBhostip\fR \- Resolve a host name to an IP address
.
.SH "SYNOPSIS"
\fBhostip\fR [\fIoptions\fR] host_name
.
.SH "DESCRIPTION"
\fBhostip\fR sends a DNS query to a resolver, and prints the IP addresses for the given host name\.
.
.P
It can be useful in order to retrieve IP addresses before dnscrypt\-proxy(8) is started\.
.
.SH "OPTIONS"
.
.IP "\(bu" 4
\fB\-6\fR, \fB\-\-ipv6\fR: ask for AAAA records\.
.
.IP "\(bu" 4
\fB\-h\fR, \fB\-\-help\fR: show usage\.
.
.IP "\(bu" 4
\fB\-r\fR, \fB\-\-resolver\-address=<ip>[:port]\fR: the resolver IP address (default: 8\.8\.8\.8, Google DNS)\.
.
.IP "\(bu" 4
\fB\-V\fR, \fB\-\-version\fR: show version number\.
.
.IP "" 0
.
.SH "SIMPLE USAGE EXAMPLE"
.
.nf
$ hostip www\.example\.com
.
.fi
.
.SH "ADVANCED USAGE EXAMPLE"
.
.nf
$ hostip \-6 \-r 4\.2\.2\.2 www\.google\.com
.
.fi
.
.SH "EXIT STATUS"
The \fBhostip\fR utility exits 0 on success, and > 0 if an error occurs\.
.
.SH "SEE ALSO"
dnscrypt\-proxy(8)

View File

@ -0,0 +1,10 @@
version: "3.8"
services:
dnscrypt-proxy:
image: vimagick/dnscrypt-proxy
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- ./data:/etc/dnscrypt-proxy
restart: unless-stopped

View File

@ -0,0 +1,2 @@
dnscrypt-server
===============

View File

View File

@ -1,15 +1,13 @@
version: "3.8"
services:
dnscrypt-server:
image: jedisct1/dnscrypt-server
container_name: dnscrypt-server
# command: init -N easypi.pro -E 192.168.1.1:443 -M 0.0.0.0:9100 -A
command: init -N easypi.duckdns.org -E 192.168.1.1:443 -M 0.0.0.0:9100 -A
ports:
- "443:443/tcp"
- "443:443/udp"
- "9100:9100/tcp"
volumes:
- ./data:/opt/encrypted-dns/etc/keys
ulimits:
nofile:
soft: 90000
hard: 90000
- ./data/keys:/opt/encrypted-dns/etc/keys
- ./data/lists:/opt/encrypted-dns/etc/lists
restart: unless-stopped

View File

@ -1,64 +0,0 @@
#
# Dockerfile for dnscrypt-wrapper
#
FROM debian:jessie
MAINTAINER kev <noreply@easypi.pro>
ENV LIBSODIUM_VERSION 1.0.15
ENV DNSCRYPT_VERSION 0.3
ENV RESOLVER_ADDR 8.8.8.8:53
ENV LISTEN_ADDR 0.0.0.0:443
ENV PROVIDER_NAME 2.dnscrypt-cert.easypi.info
RUN set -xe \
&& apt-get update \
&& apt-get install -y autoconf \
automake \
build-essential \
curl \
git \
libevent-2.0 \
libevent-dev \
&& mkdir libsodium \
&& cd libsodium \
&& curl -sSL https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VERSION.tar.gz | tar xz --strip 1 \
&& ./configure --prefix=/usr \
&& make install \
&& ldconfig \
&& cd .. \
&& rm -rf libsodium \
&& mkdir dnscrypt-wrapper \
&& cd dnscrypt-wrapper \
&& curl -sSL https://github.com/Cofyc/dnscrypt-wrapper/archive/v$DNSCRYPT_VERSION.tar.gz | tar xz --strip 1 \
&& make configure \
&& ./configure --prefix=/usr \
&& make install \
&& cd .. \
&& rm -rf dnscrypt-wrapper \
&& apt-get purge --auto-remove -y autoconf \
automake \
build-essential \
curl \
git \
libevent-dev \
&& rm -rf /var/lib/apt/lists/*
RUN set -xe \
&& mkdir -p /var/lib/dnscrypt-wrapper \
&& cd /var/lib/dnscrypt-wrapper \
&& dnscrypt-wrapper --gen-provider-keypair > README.txt \
&& dnscrypt-wrapper --gen-crypt-keypair --crypt-secretkey-file=1.key \
&& dnscrypt-wrapper --gen-cert-file --crypt-secretkey-file=1.key --provider-cert-file=1.cert
WORKDIR /var/lib/dnscrypt-wrapper
VOLUME /var/lib/dnscrypt-wrapper
EXPOSE 443/tcp 443/udp
CMD dnscrypt-wrapper --resolver-address=${RESOLVER_ADDR} \
--listen-address=${LISTEN_ADDR} \
--provider-name=${PROVIDER_NAME} \
--crypt-secretkey-file=1.key \
--provider-cert-file=1.cert \
--verbose

View File

@ -1 +0,0 @@
https://github.com/vimagick/dockerfiles/tree/master/dnscrypt