Dnscrypt-proxy 2.0.9 released

The final version of dnscrypt-proxy 2.0.9 is now available.

dnscrypt-proxy is a very flexible DNS proxy, that supports the DNSCrypt and DNS-over-HTTP/2 protocols. It can be used to securely connect to, and runs on a wide range of operating systems.

It is available for download here: dnscrypt-proxy

Please use the dedicated issue tracker for bug reports and questions related to this; Cloudflare may not like to see their forums being used for this.

But this version comes with quite a lot of changes, some being particularly relevant to people using

Prior to listing these changes, here are quite a few things that dnscrypt-proxy does, in addition to DNS encryption and authentication:

  • It includes a built-in DNS cache
  • You can block ads, malware, and any unwanted content even when using Cloudflare. Blocking is done locally, so you fully control what you want to block, when, and get real-time logs. See filtering for more information as well as some ready-to-use blacklists.
  • You can use it for parental control. In addition to blocking inappropriate websites, you can allow some websites to be only accessible (or not accessible) on specific days or times of the day. See the time-based filters documentation for more information.
  • In addition, web searches on Google, Bing, Youtube, can be configured to only return “safe” results, using cloaking.
  • Make your local devices see each other even when connecting to Cloudflare using DNS-over-HTTP/2, with forwarding.

Version 2.0.9 requires significantly less memory than previous versions to load large lists.

dnscrypt-proxy was already reported to be the fastest available DNS-over-HTTP/2 client, but when used with Cloudflare, version 2.0.9 is twice as fast on non-Intel devices (Raspberry Pi, MIPS-based routers, Android).

On these devices, uncomment the tls_cipher_suite line in the configuration file to drastically reduce CPU usage on (re)connections to Cloudflare. Go doesn’t have optimized X25519 implementations for non-Intel (x86_64) devices, so using RSA requires 2 to 3 times less CPU cycles.

If you are using a Windows system with an outdated certificates list, you can also uncomment that line as a workaround to connect to Cloudflare.

Finally, version 2.0.9 introduces a new syntax for blocking exact strings, adds support for patterns to cloaking, implements whitelists, and comes with additional reliability and speed improvements.

Windows users may prefer to use it via Simple DNSCrypt and iOS users via DNSCloak. Both will include dnscrypt-proxy 2.0.9 in the forthcoming days.


Sweet! Sorry I can only give it one :heart:

1 Like

Please let us know when Simple DNSCrypt makes this available, and how exactly to get it into our Simple DNSCrypt.

Bump :slight_smile:

Still have this question.