dnscrypt-proxy

When you type a website address into your browser, your computer has to look up the actual server location behind that name. This lookup process, called DNS, is usually sent in plain text across the internet, which means your internet provider or anyone monitoring the network can see which websites you visit. dnscrypt-proxy is a tool that sits between your computer and the internet and encrypts those lookups so they stay private.

It supports several different encrypted DNS protocols: DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt, and Oblivious DoH. Each of these sends your lookup requests in an encrypted form to a remote server that resolves them on your behalf. Some options add an extra layer by routing requests through relays so the final DNS server cannot see your IP address either. For even more privacy, it can route traffic through Tor or SOCKS proxies.

Beyond privacy, the tool includes features for filtering and control. It can block ads, malware domains, and other unwanted content by checking each request against lists you configure. Time-based filtering lets you apply different rules at different hours of the week. A cloaking feature works like an enhanced hosts file, letting you return custom addresses for specific domain names, which some users also use to enforce safe search on major search engines.

For performance, dnscrypt-proxy keeps a local cache of recent lookups to speed up repeated requests, and it can connect to multiple DNS resolvers at once, automatically measuring their speed and spreading traffic across the fastest ones. Pre-built binaries are available for a wide range of systems including Windows, macOS, Linux, Android, and several BSD variants, so most users can install it without compiling anything.

The README is a short overview. Full documentation, setup guides, and a list of public DNS servers that support these encrypted protocols are on the project website at dnscrypt.info.