fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix packages

Browse Source
This commit is contained in:
CN_SZTL 2019-07-02 18:48:34 +08:00
parent 95d4274c3e
commit 0a8deeffbd
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
24 changed files with 10029 additions and 724 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
package/jsda/dnscrypt-proxy-full/Makefile Executable file
View File

@ -0,0 +1,74 @@
#
# Copyright (C) 2015-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=dnscrypt-proxy-full
PKG_VERSION:=2.0.25
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
TITLE:=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS.
DEPENDS:=
URL:=https://github.com/jedisct1/dnscrypt-proxy/releases
endef
define Package/$(PKG_NAME)/description
A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS.
endef
ifeq ($(ARCH),x86_64)
PKG_ARCH_DNSCRYPT:=linux_x86_64
PKG_BUILD_DNSCRYPT:=linux-x86_64
endif
ifeq ($(ARCH),i386)
PKG_ARCH_DNSCRYPT:=linux_i386
PKG_BUILD_DNSCRYPT:=linux-i386
endif
ifeq ($(ARCH),mipsel)
PKG_ARCH_DNSCRYPT:=linux_mipsle
PKG_BUILD_DNSCRYPT:=linux-mipsle
endif
ifeq ($(ARCH),mips)
PKG_ARCH_DNSCRYPT:=linux_mips
PKG_BUILD_DNSCRYPT:=linux-mips
endif
ifeq ($(ARCH),arm)
PKG_ARCH_DNSCRYPT:=linux_armv6
PKG_BUILD_DNSCRYPT:=linux-armv6
endif
ifeq ($(ARCH),aarch64)
PKG_ARCH_DNSCRYPT:=linux_armv8
PKG_BUILD_DNSCRYPT:=linux-armv8
endif
define Build/Prepare
[ ! -f $(PKG_BUILD_DIR)/dnscrypt-proxy-$(PKG_ARCH_DNSCRYPT)-$(PKG_VERSION).tar.gz ] && wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/$(PKG_VERSION)/dnscrypt-proxy-$(PKG_ARCH_DNSCRYPT)-$(PKG_VERSION).tar.gz -O $(PKG_BUILD_DIR)/dnscrypt-proxy-$(PKG_ARCH_DNSCRYPT)-$(PKG_VERSION).tar.gz
tar -xzvf $(PKG_BUILD_DIR)/dnscrypt-proxy-$(PKG_ARCH_DNSCRYPT)-$(PKG_VERSION).tar.gz -C $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
chmod +x $(PKG_BUILD_DIR)/$(PKG_BUILD_DNSCRYPT)/dnscrypt-proxy && upx --lzma $(PKG_BUILD_DIR)/$(PKG_BUILD_DNSCRYPT)/dnscrypt-proxy
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_BUILD_DNSCRYPT)/dnscrypt-proxy $(1)/usr/bin/dnscrypt-proxy
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/etc/init.d/dnscrypt-proxy $(1)/etc/init.d/dnscrypt-proxy
$(INSTALL_DIR) $(1)/etc/dnscrypt-proxy
$(CP) -r ./files/etc/dnscrypt-proxy $(1)/etc
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

18
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/LICENSE Executable file
View File

@ -0,0 +1,18 @@
/*
* ISC License
*
* Copyright (c) 2018
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

8296
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/chinadns_chnroute.txt Executable file
View File

File diff suppressed because it is too large Load Diff

51
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/dnscrypt-proxy.toml Executable file
View File

@ -0,0 +1,51 @@
ipv4_servers = true
#ipv6服务开关
ipv6_servers = false
require_dnssec = true
require_nolog = true
require_nofilter = true
cache = true
#是否禁用ipv6
block_ipv6 = true
force_tcp = true
server_names = ["cloudflare", "d0wn-us-ns1"]
#ipv6dns
#server_names = ["cloudflare-ipv6", "d0wn-tz-ns1-ipv6"]
listen_addresses = ['127.0.0.1:5433', '[::1]:5433']
max_clients = 300
dnscrypt_servers = true
doh_servers = true
daemonize = false
timeout = 5000
log_level = 0
use_syslog = false
cert_refresh_delay = 240
ignore_system_dns = false
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
cache_size = 25600
cache_min_ttl = 60000
cache_max_ttl = 864000
cache_neg_ttl = 60
fallback_resolver = '9.9.9.9:53'
[query_log]
format = "ltsv"
[nx_log]
format = "ltsv"
[blacklist]
[ip_blacklist]
[sources]
[sources.public-resolvers]
urls = ["https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md", "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"]
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"
cache_file = "public-resolvers.md"
refresh_delay = 72
prefix = ""

38
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/example-blacklist.txt Executable file
View File

@ -0,0 +1,38 @@
###########################
# Blacklist #
###########################
## Rules for name-based query blocking, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## =example.com | block example.com but not *.example.com
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
ad.*
ads.*
banner.*
banners.*
creatives.*
oas.*
oascentral.*
stats.*
tag.*
telemetry.*
tracker.*
*.local
eth0.me
*.workgroup
## Time-based rules
# *.youtube.* @time-to-sleep
# facebook.com @work

22
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/example-cloaking-rules.txt Executable file
View File

@ -0,0 +1,22 @@
################################
# Cloaking rules #
################################
# The following example rules force "safe" (without adult content) search
# results from Google, Bing and YouTube.
#
# This has to be enabled with the `cloaking_rules` parameter in the main
# configuration file
www.google.* forcesafesearch.google.com
www.bing.com strict.bing.com
www.youtube.com restrictmoderate.youtube.com
m.youtube.com restrictmoderate.youtube.com
youtubei.googleapis.com restrictmoderate.youtube.com
youtube.googleapis.com restrictmoderate.youtube.com
www.youtube-nocookie.com restrictmoderate.youtube.com
localhost 127.0.0.1

520
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml Executable file
View File

@ -0,0 +1,520 @@
##############################################
# #
# dnscrypt-proxy configuration #
# #
##############################################
## This is an example configuration file.
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
##
## Online documentation is available here: https://dnscrypt.info/doc
##################################
# Global settings #
##################################
## List of servers to use
##
## Servers from the "public-resolvers" source (see down below) can
## be viewed here: https://dnscrypt.info/public-servers
##
## If this line is commented, all registered servers matching the require_* filters
## will be used.
##
## The proxy will automatically pick the fastest, working servers from the list.
## Remove the leading # first to enable this; lines starting with # are ignored.
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Note: When using systemd socket activation, choose an empty set (i.e. [] ).
listen_addresses = ['127.0.0.1:53', '[::1]:53']
## Maximum number of simultaneous client connections to accept
max_clients = 250
## Switch to a different system user after listening sockets have been created.
## Note (1): this feature is currently unsupported on Windows.
## Note (2): this feature is not compatible with systemd socket activation.
## Note (3): when using -pidfile, the PID file directory must be writable by the new user
# user_name = 'nobody'
## Require servers (from static + remote sources) to satisfy specific properties
# Use servers reachable over IPv4
ipv4_servers = true
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = false
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = false
# Server must not log user queries (declarative)
require_nolog = true
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
## Always use TCP to connect to upstream servers.
## This can be useful if you need to route everything through Tor.
## Otherwise, leave this to `false`, as it doesn't improve security
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
## only increase latency.
force_tcp = false
## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
# proxy = "socks5://127.0.0.1:9050"
## HTTP/HTTPS proxy
## Only for DoH servers
# http_proxy = "http://127.0.0.1:8888"
## How long a DNS query will wait for a response, in milliseconds
timeout = 2500
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
keepalive = 30
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2'
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
# log_level = 2
## log file for the application
# log_file = 'dnscrypt-proxy.log'
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
## Delay, in minutes, after which certificates are reloaded
cert_refresh_delay = 240
## DNSCrypt: Create a new, unique key for every single DNS query
## This may improve privacy but can also have a significant impact on CPU usage
## Only enable if you don't have a lot of network load
# dnscrypt_ephemeral_keys = false
## DoH: Disable TLS session tickets - increases privacy but also latency
# tls_disable_session_tickets = false
## DoH: Use a specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems.
##
## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it.
# tls_cipher_suite = [52392, 49199]
## Fallback resolver
## This is a normal, non-encrypted DNS resolver, that will be only used
## for one-shot queries when retrieving the initial resolvers list, and
## only if the system DNS configuration doesn't work.
## No user application queries will ever be leaked through this resolver,
## and it will not be used after IP addresses of resolvers URLs have been found.
## It will never be used if lists have already been cached, and if stamps
## don't include host names without IP addresses.
## It will not be used if the configured system DNS works.
## A resolver supporting DNSSEC is recommended. This may become mandatory.
##
## People in China may need to use 114.114.114.114:53 here.
## Other popular options include 8.8.8.8 and 1.1.1.1.
fallback_resolver = '9.9.9.9:53'
## Never let dnscrypt-proxy try to use the system DNS settings;
## unconditionally use the fallback resolver.
ignore_system_dns = false
## Maximum time (in seconds) to wait for network connectivity before
## initializing the proxy.
## Useful if the proxy is automatically started at boot, and network
## connectivity is not guaranteed to be immediately available.
## Use 0 to disable.
netprobe_timeout = 60
## Offline mode - Do not use any remote encrypted servers.
## The proxy will remain fully functional to respond to queries that
## plugins can handle directly (forwarding, cloaking, ...)
# offline_mode = false
## Automatic log files rotation
# Maximum log files size in MB
log_files_max_size = 10
# How long to keep backup files, in days
log_files_max_age = 7
# Maximum log files backups to keep (or 0 to keep all backups)
log_files_max_backups = 1
#########################
# Filters #
#########################
## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers.
## Do not enable if you added a validating resolver such as dnsmasq in front
## of the proxy.
block_ipv6 = false
##################################################################################
# Route queries for specific domains to a dedicated set of servers #
##################################################################################
## Example map entries (one entry per line):
## example.com 9.9.9.9
## example.net 9.9.9.9,8.8.8.8,1.1.1.1
# forwarding_rules = 'forwarding-rules.txt'
###############################
# Cloaking rules #
###############################
## Cloaking returns a predefined address for a specific name.
## In addition to acting as a HOSTS file, it can also return the IP address
## of a different name. It will also do CNAME flattening.
##
## Example map entries (one entry per line)
## example.com 10.1.1.1
## www.google.com forcesafesearch.google.com
# cloaking_rules = 'cloaking-rules.txt'
###########################
# DNS cache #
###########################
## Enable a DNS cache to reduce latency and outgoing traffic
cache = true
## Cache size
cache_size = 512
## Minimum TTL for cached entries
cache_min_ttl = 600
## Maximum TTL for cached entries
cache_max_ttl = 86400
## Minimum TTL for negatively cached entries
cache_neg_min_ttl = 60
## Maximum TTL for negatively cached entries
cache_neg_max_ttl = 600
###############################
# Query logging #
###############################
## Log client queries to a file
[query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'query.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
# ignored_qtypes = ['DNSKEY', 'NS']
############################################
# Suspicious queries logging #
############################################
## Log queries for nonexistent zones
## These queries can reveal the presence of malware, broken/obsolete applications,
## and devices signaling their presence to 3rd parties.
[nx_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
# file = 'nx.log'
## Query log format (currently supported: tsv and ltsv)
format = 'tsv'
######################################################
# Pattern-based blocking (blacklists) #
######################################################
## Blacklists are made of one pattern per line. Example of valid patterns:
##
## example.com
## =example.com
## *sex*
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
##
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
## A script to build blacklists from public feeds can be found in the
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
[blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
###########################################################
# Pattern-based IP blocking (IP blacklists) #
###########################################################
## IP blacklists are made of one pattern per line. Example of valid patterns:
##
## 127.*
## fe80:abcd:*
## 192.168.1.4
[ip_blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
# blacklist_file = 'ip-blacklist.txt'
## Optional path to a file logging blocked queries
# log_file = 'ip-blocked.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
######################################################
# Pattern-based whitelisting (blacklists bypass) #
######################################################
## Whitelists support the same patterns as blacklists
## If a name matches a whitelist entry, the corresponding session
## will bypass names and IP filters.
##
## Time-based rules are also supported to make some websites only accessible at specific times of the day.
[whitelist]
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
# whitelist_file = 'whitelist.txt'
## Optional path to a file logging whitelisted queries
# log_file = 'whitelisted.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
##########################################
# Time access restrictions #
##########################################
## One or more weekly schedules can be defined here.
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
##
## For example, the following rule in a blacklist file:
## *.youtube.* @time-to-sleep
## would block access to YouTube only during the days, and period of the days
## define by the 'time-to-sleep' schedule.
##
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
## {after= '9:00', before='18:00'} matches 9:00-18:00
[schedules]
# [schedules.'time-to-sleep']
# mon = [{after='21:00', before='7:00'}]
# tue = [{after='21:00', before='7:00'}]
# wed = [{after='21:00', before='7:00'}]
# thu = [{after='21:00', before='7:00'}]
# fri = [{after='23:00', before='7:00'}]
# sat = [{after='23:00', before='7:00'}]
# sun = [{after='21:00', before='7:00'}]
# [schedules.'work']
# mon = [{after='9:00', before='18:00'}]
# tue = [{after='9:00', before='18:00'}]
# wed = [{after='9:00', before='18:00'}]
# thu = [{after='9:00', before='18:00'}]
# fri = [{after='9:00', before='17:00'}]
#########################
# Servers #
#########################
## Remote lists of available servers
## Multiple sources can be used simultaneously, but every source
## requires a dedicated cache file.
##
## Refer to the documentation for URLs of public sources.
##
## A prefix can be prepended to server names in order to
## avoid collisions if different sources share the same for
## different servers. In that case, names listed in `server_names`
## must include the prefixes.
##
## If the `urls` property is missing, cache files and valid signatures
## must be already present; This doesn't prevent these cache files from
## expiring after `refresh_delay` hours.
[sources]
## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
## Quad9 over DNSCrypt - https://quad9.net/
# [sources.quad9-resolvers]
# urls = ["https://www.quad9.net/quad9-resolvers.md"]
# minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
# cache_file = "quad9-resolvers.md"
# refresh_delay = 72
# prefix = "quad9-"
## Another example source, with resolvers censoring some websites not appropriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless
# [sources.'parental-control']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
# cache_file = 'parental-control.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
## Optional, local, static list of additional servers
## Mostly useful for testing your own servers.
[static]
# [static.'google']
# stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'

14
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/example-forwarding-rules.txt Executable file
View File

@ -0,0 +1,14 @@
##################################
# Forwarding rules #
##################################
## This is used to route specific domain names to specific servers.
## The general format is:
## <domain> <server address>[:port] [, <server address>[:port]...]
## IPv6 addresses can be specified by enclosing the address in square brackets.
## In order to enable this feature, the "forwarding_rules" property needs to
## be set to this file name inside the main configuration file.
## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8
# example.com 9.9.9.9,8.8.8.8

23
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/example-whitelist.txt Executable file
View File

@ -0,0 +1,23 @@
###########################
# Whitelist #
###########################
## Rules for name-based query whitelisting, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## =example.com | whitelists example.com but not *.example.com
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
## Time-based rules
# *.youtube.* @time-to-play
# facebook.com @play

947
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/public-resolvers.md Executable file
View File

@ -0,0 +1,947 @@
# public-resolvers
This is an extensive list of public DNS resolvers supporting the
DNSCrypt and DNS-over-HTTP2 protocols.
This list is maintained by Frank Denis <j @ dnscrypt [.] info>
Warning: it includes servers that may censor content, servers that don't
verify DNSSEC records, and servers that will collect and monetize your
queries.
Adjust the `require_*` options in dnscrypt-proxy to filter that list
according to your needs.
To use that list, add this to the `[sources]` section of your
`dnscrypt-proxy.toml` configuration file:
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'public-resolvers.md'
--
## aaflalo-me-gcp
DNS-over-HTTPS proxy of aaflalo-me hosted in Google Cloud Platform.
Non-logging, AD-filtering, supports DNSSEC.
sdns://AgMAAAAAAAAADDM1LjIzMS42OS43NyA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBJkbnMtZ2NwLmFhZmxhbG8ubWUKL2Rucy1xdWVyeQ
## aaflalo-me
DNS-over-HTTPS server running rust-doh with PiHole for Adblocking.
Non-logging, AD-filtering, supports DNSSEC.
Hosted in Netherlands on a RamNode VPS.
sdns://AgMAAAAAAAAADjE3Ni41Ni4yMzYuMTc1ID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4DmRucy5hYWZsYWxvLm1lCi9kbnMtcXVlcnk
## adguard-dns-family
Adguard DNS with safesearch and adult content blocking
sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMjo1NDQzILgxXdexS27jIKRw3C7Wsao5jMnlhvhdRUXWuMm1AFq6ITIuZG5zY3J5cHQuZmFtaWx5Lm5zMS5hZGd1YXJkLmNvbQ
## adguard-dns
Remove ads and protect your computer from malware
sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20
## adguard-dns-family-doh
Adguard DNS with safesearch and adult content blocking (over DoH)
sdns://AgMAAAAAAAAADzE3Ni4xMDMuMTMwLjEzMiD5_zfwLmMstzhwJcB-V5CKPTcbfJXYzdA5DeIx7ZQ6EhZkbnMtZmFtaWx5LmFkZ3VhcmQuY29tCi9kbnMtcXVlcnk
## adguard-dns-doh
Remove ads and protect your computer from malware (over DoH)
sdns://AgMAAAAAAAAADzE3Ni4xMDMuMTMwLjEzMCD5_zfwLmMstzhwJcB-V5CKPTcbfJXYzdA5DeIx7ZQ6Eg9kbnMuYWRndWFyZC5jb20KL2Rucy1xdWVyeQ
## adguard-dns-family-ipv6
Adguard DNS with safesearch and adult content blocking
sdns://AQMAAAAAAAAAGlsyYTAwOjVhNjA6OmJhZDI6MGZmXTo1NDQzIIwhF6nrwVfW-2QFbwrbwRxdg2c0c8RuJY2bL1fU7jUfITIuZG5zY3J5cHQuZmFtaWx5Lm5zMi5hZGd1YXJkLmNvbQ
## adguard-dns-ipv6
Remove ads and protect your computer from malware
sdns://AQMAAAAAAAAAGVsyYTAwOjVhNjA6OmFkMjowZmZdOjU0NDMggdAC02pMpQxHO3R5ZQ_hLgKzIcthOFYqII5APf3FXpQiMi5kbnNjcnlwdC5kZWZhdWx0Lm5zMi5hZGd1YXJkLmNvbQ
## arvind-io
Public resolver by EnKrypt (https://arvind.io).
Hosted in Bangalore, India.
Non-logging, non-filtering, supports DNSSEC.
sdns://AQcAAAAAAAAAEjEzOS41OS4xNi4xMzA6NTM1MyCORifHOIOoUQMIIbpa5-XQQfSq75W3gpAWy2Udh8MoyRkyLmRuc2NyeXB0LWNlcnQuYXJ2aW5kLmlv
## bottlepost-dns-nl
Provided by bottlepost.me
Hosted in The Netherlands, DNSSEC / No Logs / No Filter
sdns://AQcAAAAAAAAAEzE3OC4xMjguMjU1LjI4OjUzNTMgkr1k-Lp2d9IXiFlXoBAgFGZUCJSPW_x81Ec6ShkPsJYdMi5kbnNjcnlwdC1jZXJ0LmJvdHRsZXBvc3QubWU
## brasil.dnscrypt-tupi.org
DNSSEC validation, caching, no IPv6, non-logging, non-filtering, uncensored DNS server in Brazil. DNSCrypt, DoH, DoT protocols. More info https://dnscrypt-tupi.org/
sdns://AQcAAAAAAAAADjE5MS4yNTIuMTAwLjM1IHz_72B2AuG2R6iJW0MgDEMXbgQXOhBOjCOgt4bnycsvKDIuZG5zY3J5cHQtY2VydC5icmFzaWwuZG5zY3J5cHQtdHVwaS5vcmc
## brasil.dnscrypt-tupi.org-doh
DNSSEC validation, caching, no IPv6, non-logging, non-filtering, uncensored DNS server in Brazil. DNSCrypt, DoH, DoT protocols. More info https://dnscrypt-tupi.org/
sdns://AgcAAAAAAAAADjE5MS4yNTIuMTAwLjM1ABVkbnMuZG5zY3J5cHQtdHVwaS5vcmcKL2Rucy1xdWVyeQ
## captnemo-in
Server running out of a Digital Ocean droplet in BLR1 region.
Maintained by Abhay Rana aka Nemo.
If you are within India, this might be a nice DNS server to use.
sdns://AQQAAAAAAAAAEjEzOS41OS40OC4yMjI6NDQzNCAFOt_yxaMpFtga2IpneSwwK6rV0oAyleham9IvhoceEBsyLmRuc2NyeXB0LWNlcnQuY2FwdG5lbW8uaW4
## cisco
Remove your DNS blind spot
Warning: modifies your queries to include a copy of your network
address when forwarding them to a selection of companies and organizations.
sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
## cisco-familyshield
Block websites not suitable for children
Warning: modifies your queries to include a copy of your network
address when forwarding them to a selection of companies and organizations.
sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMTIzILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
## cisco-ipv6
Cisco OpenDNS IPv6 sandbox
Warning: modifies your queries to include a copy of your network
address when forwarding them to a selection of companies and organizations.
sdns://AQAAAAAAAAAAD1syNjIwOjA6Y2NjOjoyXSC3NRFAIG8iXT4r2CLX_WkeocM8yNZmjQy-BL-rykP7eRsyLmRuc2NyeXB0LWNlcnQub3BlbmRucy5jb20
## cleanbrowsing-adult
Blocks access to all adult, pornographic and explicit sites. It does
not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
are allowed. Google and Bing are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AQMAAAAAAAAAEzE4NS4yMjguMTY4LjEwOjg0NDMgvKwy-tVDaRcfCDLWB1AnwyCM7vDo6Z-UGNx3YGXUjykRY2xlYW5icm93c2luZy5vcmc
## cleanbrowsing-adult-ipv6
Blocks access to all adult, pornographic and explicit sites. It does
not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
are allowed. Google and Bing are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AQMAAAAAAAAAFVsyYTBkOjJhMDA6MTo6MV06ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw
## cleanbrowsing-family
Blocks access to all adult, pornographic and explicit sites. It also
blocks proxy and VPN domains that are used to bypass the filters.
Mixed content sites (like Reddit) are also blocked. Google, Bing and
Youtube are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AQMAAAAAAAAAFDE4NS4yMjguMTY4LjE2ODo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
## cleanbrowsing-family-ipv6
Blocks access to all adult, pornographic and explicit sites. It also
blocks proxy and VPN domains that are used to bypass the filters.
Mixed content sites (like Reddit) are also blocked. Google, Bing and
Youtube are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
## doh-cleanbrowsing-security
Block access to phishing, malware and malicious domains. It does not block adult content.
By https://cleanbrowsing.org/
sdns://AQMAAAAAAAAAEjE4NS4yMjguMTY4Ljk6ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw
## cloudflare
Cloudflare DNS (anycast) - aka 1.1.1.1 / 1.0.0.1
sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk
## cloudflare-ipv6
Cloudflare DNS over IPv6 (anycast)
sdns://AgcAAAAAAAAAGVsyNjA2OjQ3MDA6NDcwMDo6MTExMV06NTOgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk
## commons-host
DoH server by the Commons Host CDN
sdns://AgUAAAAAAAAAACA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OAxjb21tb25zLmhvc3QKL2Rucy1xdWVyeQ
## comodo-02
Comodo Dome Shield (anycast) - https://cdome.comodo.com/shield/
sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ
## cpunks-ru
Cypherpunks.ru public DNS server
sdns://AQYAAAAAAAAAEjc3LjUxLjE4MS4yMDk6NTM1MyAYOMyj2VMKZjQzXVAFvTdYROOXfuhoK2xVKBK9p40umR4yLmRuc2NyeXB0LWNlcnQuY3lwaGVycHVua3MucnU
## cs-caeast
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjE2Ny4xMTQuODQuMTMyIDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-cawest
provided by cryptostorm.is
sdns://AQIAAAAAAAAADzE2Mi4yMjEuMjA3LjIyOCAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-cfi
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTIxMi44My4xNzUuMzEgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-ch
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTE4NS42MC4xNDcuNzcgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-de
provided by cryptostorm.is
sdns://AQIAAAAAAAAADDg0LjE2LjI0MC40MyAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-de3
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjg5LjE2My4yMTQuMTc0IDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-dk2
provided by cryptostorm.is
sdns://AQIAAAAAAAAADzE4NS4yMTIuMTY5LjEzOSAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-fi
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjE4NS4xMTcuMTE4LjIwIDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-fr
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTIxMi4xMjkuNDYuODYgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-fr2
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTIxMi4xMjkuNDYuMzIgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-lv
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTgwLjIzMy4xMzQuNTIgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-nl
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjIxMy4xNjMuNjQuMjA4IDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-pl
provided by cryptostorm.is
sdns://AQIAAAAAAAAACzUuMTMzLjguMTg3IDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-pt
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTEwOS43MS40Mi4yMjggMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-ro
provided by cryptostorm.is
sdns://AQIAAAAAAAAADDUuMjU0Ljk2LjE5NSAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-rome
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjE4NS45NC4xOTMuMjM0IDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-useast2
provided by cryptostorm.is
sdns://AQIAAAAAAAAADDE5OC43LjU4LjIyNyAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-usnorth
provided by cryptostorm.is
sdns://AQIAAAAAAAAADjE3My4yMzQuNTYuMTE1IDEzcq1ZVjLCQWuHLwmPhRvduWUoTGy-mk8ZCWQw26laHjIuZG5zY3J5cHQtY2VydC5jcnlwdG9zdG9ybS5pcw
## cs-ussouth2
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTEwOC42Mi4xOS4xMzEgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## cs-uswest
provided by cryptostorm.is
sdns://AQIAAAAAAAAADDY0LjEyMC41LjI1MSAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-uswest3
provided by cryptostorm.is
sdns://AQIAAAAAAAAADzEwNC4yMzguMTk1LjEzOSAxM3KtWVYywkFrhy8Jj4Ub3bllKExsvppPGQlkMNupWh4yLmRuc2NyeXB0LWNlcnQuY3J5cHRvc3Rvcm0uaXM
## cs-uswest5
provided by cryptostorm.is
sdns://AQIAAAAAAAAADTE3My4yMDguOTUuNzUgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz
## d0wn-is-ns2
Server provided by Martin 'd0wn' Albus
sdns://AQcAAAAAAAAADTkzLjk1LjIyNi4xNjUghGA0qcYwyjwErEqQFiXxeoeyrLlBgKxIHiwQ6M7eGm8cMi5kbnNjcnlwdC1jZXJ0LmlzMi5kMHduLmJpeg
## d0wn-nl-ns4
Server provided by Martin 'd0wn' Albus
sdns://AQcAAAAAAAAADTMxLjIyMC40My4xMDUgKk9DiVzmMjC0xXalrDhkGE0SaUmxYP2wkWartM7GBnIcMi5kbnNjcnlwdC1jZXJ0Lm5sNC5kMHduLmJpeg
## d0wn-tz-ns1
Server provided by Martin 'd0wn' Albus
sdns://AQcAAAAAAAAACzQxLjc5LjY5LjEzINYGFfvRRTuhTnaKPlxcs6wXRhMxRj2gr4z33wTaTXVtGzIuZG5zY3J5cHQtY2VydC50ei5kMHduLmJpeg
## d0wn-tz-ns1-ipv6
Server provided by Martin 'd0wn' Albus
sdns://AQcAAAAAAAAAGFsyYzBmOmZkYTg6NTo6MmVkMTpkMmVjXSDWBhX70UU7oU52ij5cXLOsF0YTMUY9oK-M998E2k11bRsyLmRuc2NyeXB0LWNlcnQudHouZDB3bi5iaXo
## de.dnsmaschine.net
DNSSEC/Non-logged/Uncensored
Hosted by vultr.com (Frankfurt Germany)
sdns://AQcAAAAAAAAAEzIwOS4yNTAuMjM1LjE3MDo0NDMgz0wbvISl_NVCSe0wDJMS79BAFZoWth1djmhuzv_n3KAiMi5kbnNjcnlwdC1jZXJ0LmRlLmRuc21hc2NoaW5lLm5ldA
## dnscrypt.ca-1
Uncensored DNSSEC validating and log-free
sdns://AQcAAAAAAAAAFDE5OS4xNjcuMTMwLjExODo1MzUzIHT3RVUXvCb3EXflbXKTJ4hscpFbP0YoMD-RDEfDjoJ5HTIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5jYS0x
## dnscrypt.ca-1-ipv6
Uncensored DNSSEC validating and log-free
sdns://AQcAAAAAAAAAH1syNjA1OjIxMDA6MDoxOjo3MzRkOjc4NzZdOjUzNTMgie_Aik8Gbx0Yhl3AXGNrjkhIIuR2hdxG8wSccOyE5podMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmNhLTE
## dnscrypt.ca-2
Uncensored DNSSEC validating and log-free
sdns://AQcAAAAAAAAAFDE5OS4xNjcuMTI4LjExMjo1MzUzIEPVLIJZIpbC22-NSM4iT9zHJibhBvbjiGGT-gCQKWMbHTIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5jYS0y
## dnscrypt.ca-2-ipv6
Uncensored DNSSEC validating and log-free
sdns://AQcAAAAAAAAAH1syNjA1OjIxMDA6MDoxOjpiNWFkOjE4ZTJdOjUzNTMg5DtuKuW1dRp0BBgQ97rtLa9wScW38wTZSLyEgVkXmowdMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmNhLTI
## dnscrypt.eu-dk
Free, non-logged, uncensored. Hosted by Netgroup.
sdns://AQcAAAAAAAAADDc3LjY2Ljg0LjIzMyA3SFWF47nQiP0lrTawNwH1UgzWSJ6a3VIUV0lVnwqZVSUyLmRuc2NyeXB0LWNlcnQucmVzb2x2ZXIyLmRuc2NyeXB0LmV1
## dnscrypt.eu-dk-ipv6
Free, non-logged, uncensored. Hosted by Netgroup.
sdns://AQcAAAAAAAAAFFsyMDAxOjE0NDg6MjQzOjpkYzJdIDdIVYXjudCI_SWtNrA3AfVSDNZInprdUhRXSVWfCplVJTIuZG5zY3J5cHQtY2VydC5yZXNvbHZlcjIuZG5zY3J5cHQuZXU
## dnscrypt.eu-nl
Free, non-logged, uncensored. Hosted by RamNode.
sdns://AQcAAAAAAAAADjE3Ni41Ni4yMzcuMTcxIGfADywhxVSBRd18tGonGvLrlpkxQKMJtiuNFlMRhZxmJTIuZG5zY3J5cHQtY2VydC5yZXNvbHZlcjEuZG5zY3J5cHQuZXU
## dnscrypt.me
DNSSEC / no logs / no filter, Germany
http://dnscrypt.me
sdns://AQcAAAAAAAAADjk0LjE5OS4yMTMuMTcyIGBM5f1Wb-7SLs4vAJ7gc4hyFSmM5OOLWOvI3Hu5gRVOGzIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5tZQ
## dnscrypt.nl-ns0
DNSCrypt v2 server in Amsterdam, the Netherlands. DNSSEC, no logs, uncensored, recursive DNS. https://dnscrypt.nl
sdns://AQcAAAAAAAAADDQ1Ljc2LjM1LjIxMiBMhPuMBRFd-l-Xxe0DKRNwx4q81k4V3VOrCN5y-4RKyh8yLmRuc2NyeXB0LWNlcnQubnMwLmRuc2NyeXB0Lm5s
## dnscrypt.nl-ns0-ipv6
DNSCrypt v2 server in Amsterdam, the Netherlands. DNSSEC, no logs, uncensored, recursive DNS. https://dnscrypt.nl
sdns://AQcAAAAAAAAAJlsyMDAxOjE5ZjA6NTAwMTozMGE6NTQwMDpmZjpmZTU4OjcxNDBdIEyE-4wFEV36X5fF7QMpE3DHirzWThXdU6sI3nL7hErKHzIuZG5zY3J5cHQtY2VydC5uczAuZG5zY3J5cHQubmw
## dnscrypt.nl-ns0-doh
DNS-over-HTTPS server in Amsterdam, the Netherlands. DNSSEC, no logs, uncensored, recursive DNS. https://dnscrypt.nl
sdns://AgcAAAAAAAAADjEwOC42MS4xOTkuMTcwID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4D2RvaC5kbnNjcnlwdC5ubAovZG5zLXF1ZXJ5
## dnscrypt.uk-ipv4
DNSCrypt v2, no logs, uncensored, DNSSEC. Hosted in London UK by Digital Ocean
https://www.dnscrypt.uk
sdns://AQcAAAAAAAAAEjEzOS41OS4yMDAuMTE2OjQ0MyAmJwT-OXZ9NntZ2eu_HtZeXARhCdiAynbBYcu6bArCdxsyLmRuc2NyeXB0LWNlcnQuZG5zY3J5cHQudWs
## dnscrypt.uk-ipv6
DNSCrypt v2, no logs, uncensored, DNSSEC. Hosted in London UK by Digital Ocean
https://www.dnscrypt.uk
sdns://AQcAAAAAAAAAHlsyYTAzOmIwYzA6MTplMDo6MmUzOmUwMDFdOjQ0MyAmJwT-OXZ9NntZ2eu_HtZeXARhCdiAynbBYcu6bArCdxsyLmRuc2NyeXB0LWNlcnQuZG5zY3J5cHQudWs
## dnscrypt-jp-blahdns-ipv4
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Japan
https://blahdns.com/
sdns://AQMAAAAAAAAAEzEwOC42MS4yMDEuMTE5Ojg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t
## dnscrypt-jp-blahdns-ipv6
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Japan
https://blahdns.com/
sdns://AQMAAAAAAAAALlsyMDAxOjE5ZjA6NzAwMToxZGVkOjU0MDA6MDFmZjpmZTkwOjk0NWJdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t
## dnscrypt-de-blahdns-ipv4
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Germany
https://blahdns.com/
sdns://AQMAAAAAAAAAEzE1OS42OS4xOTguMTAxOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t
## dnscrypt-de-blahdns-ipv6
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Germany
https://blahdns.com/
sdns://AQMAAAAAAAAAHFsyYTAxOjRmODoxYzFjOjZiNGI6OjFdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t
## dnswarden-adult-filter-ipv4
Blocks adult content, ads, trackers, phishing and malware sites. Enforces forcesafesearch on widely used search engines and youtube. DNSSEC enabled and no query logging. Hosted in Germany. By https://dnswarden.com
sdns://AgMAAAAAAAAADDE1OS42OS4xNi41OAASZG9oMi5kbnN3YXJkZW4uY29tAS8
## dnswarden-adult-filter-ipv6
Blocks adult content, ads, trackers, phishing and malware sites. Enforces forcesafesearch on widely used search engines and youtube. DNSSEC enabled and no query logging. Hosted in Germany. By https://dnswarden.com
sdns://AgMAAAAAAAAAF1syYTAxOjRmODoxYzFjOjc1NDk6OjFdABJkb2gyLmRuc3dhcmRlbi5jb20BLw
## dnswarden-normal-ipv4
Blocks ads, trackers, phishing and malware sites. DNSSEC enabled and no query logging. Hosted in Germany. By https://dnswarden.com
sdns://AgMAAAAAAAAADTk0LjEzMC4xODMuMTgAEmRvaDEuZG5zd2FyZGVuLmNvbQEv
## dnswarden-normal-ipv6
Blocks ads, trackers, phishing and malware sites. DNSSEC enabled and no query logging. Hosted in Germany. By https://dnswarden.com
sdns://AgMAAAAAAAAAF1syYTAxOjRmODoxYzBjOjQyYjI6OjFdABJkb2gxLmRuc3dhcmRlbi5jb20BLw
## doh-blahdns-de
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Germany
https://blahdns.com/
sdns://AgMAAAAAAAAADjE1OS42OS4xOTguMTAxABJkb2gtZGUuYmxhaGRucy5jb20KL2Rucy1xdWVyeQ
## doh-blahdns
Blocks ad and Tracking, no Logging, DNSSEC, Hosted in Japan
https://blahdns.com/
sdns://AgMAAAAAAAAADjEwOC42MS4yMDEuMTE5AA9kb2guYmxhaGRucy5jb20KL2Rucy1xdWVyeQ
## doh-cleanbrowsing-adult
Blocks access to all adult, pornographic and explicit sites. It does
not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
are allowed. Google and Bing are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnEi9kb2gvYWR1bHQtZmlsdGVyLw
## doh-cleanbrowsing-family
Blocks access to all adult, pornographic and explicit sites. It also
blocks proxy and VPN domains that are used to bypass the filters.
Mixed content sites (like Reddit) are also blocked. Google, Bing and
Youtube are set to the Safe Mode.
By https://cleanbrowsing.org/
sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnEy9kb2gvZmFtaWx5LWZpbHRlci8
## doh-cleanbrowsing-security
Block access to phishing, malware and malicious domains. It does not block adult content.
By https://cleanbrowsing.org/
sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnFS9kb2gvc2VjdXJpdHktZmlsdGVyLw
## doh-crypto-sx
DNS-over-HTTPS server. Backend hosted by Scaleway, globally cached via Cloudflare.
Maintained by Frank Denis.
sdns://AgcAAAAAAAAADTEwNC4xOS4xOTguMjkgHdhQioxWWQQ5fHhkUeCPV2E888inI_bzef1MOFi2858NZG9oLmNyeXB0by5zeAovZG5zLXF1ZXJ5
## doh-ibksturm
doh-server (nginx - doh-httpproxy - unbound backend), DNSSEC / Non-Logged / Uncensored, OpenNIC and Root DNS-Zone Copy
Hosted in Switzerland by ibksturm, aka Andreas Ziegler
sdns://AgcAAAAAAAAADzIxNy4xNjIuMjA2LjE3OAAUaWJrc3R1cm0uc3lub2xvZ3kubWUKL2Rucy1xdWVyeQ
## eieiDNS
DNS-over-HTTPS server. Blocks ad and Tracking, DNSSEC, Hosted in Thailand
Warning: modifies your queries to include a copy of your network
address when forwarding them to upstream servers.
sdns://AgEAAAAAAAAADDEwMy44Ni40OS4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBRkb2gxLmVpZWlkbnMuY29tOjQ0MwovZG5zLXF1ZXJ5
## ev-ca
Non-logging, uncensored DNS resolver provided by evilvibes.com
Hosted by: vultr.com - Location: Toronto, Canada
sdns://AQcAAAAAAAAADjE0OS4yNDguNTEuMjEyIJqd7T8sjWmQU5pdBaP5FF2vX0xrz561gdeGrur3jCHfHTIuZG5zY3J5cHQtY2VydC5ldmlsdmliZXMuY29t
## ev-us
Non-logging, uncensored DNS resolver provided by evilvibes.com
Hosted by: vultr.com - Location: Seattle, USA
sdns://AQcAAAAAAAAADjEwNC4xNTYuMjUyLjE4ILNYRzmUAe4JezM_eiaokRdEOF7hA_jTl65AAyNMlNYQHTIuZG5zY3J5cHQtY2VydC5ldmlsdmliZXMuY29t
## freetsa.org
Non-logged/Uncensored provided by freetsa.org
sdns://AQcAAAAAAAAAEzIwNS4xODUuMTE2LjExNjo1NTMg2P-7QuAxvnp5cwtFVo1Jak6Ky1mqg2b9arkeJyp9FuQbMi5kbnNjcnlwdC1jZXJ0LmZyZWV0c2Eub3Jn
## fvz-anyone
Fusl's public primary OpenNIC Tier2 Anycast DNS Resolver
sdns://AQYAAAAAAAAAFDE4NS4xMjEuMTc3LjE3Nzo1MzUzIBpq0KMrTFphppXRU2cNaasWkD-ew_f2TxPlNaMYsiilHTIuZG5zY3J5cHQtY2VydC5kbnNyZWMubWVvLndz
## fvz-anytwo
Fusl's public secondary OpenNIC Tier2 Anycast DNS Resolver
sdns://AQYAAAAAAAAAFDE2OS4yMzkuMjAyLjIwMjo1MzUzIBpq0KMrTFphppXRU2cNaasWkD-ew_f2TxPlNaMYsiilHTIuZG5zY3J5cHQtY2VydC5kbnNyZWMubWVvLndz
## google
Google DNS (anycast)
sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQ5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs
## gridns-sg
Gridth's public filtering non-logging DNS-over-HTTPS server. Block ads and tracking.
Hosted in Digital Ocean droplet in SGP region. Upstream to 1.1.1.1.
sdns://AgMAAAAAAAAADDE2Ny45OS4zMS42OSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBFzZy5kbnMuZ3JpZC5pbi50aAovZG5zLXF1ZXJ5
## ibksturm
dnscrypt-server (nginx - dnscrypt-wrapper - unbound backend), DNSSEC / Non-Logged / Uncensored, OpenNIC and Root DNS-Zone Copy
Hosted in Switzerland by ibksturm, aka Andreas Ziegler
sdns://AQcAAAAAAAAADzIxNy4xNjIuMjA2LjE3OCCDqbk-RaofnMFcPfds4pwWaf-s4542cUr-GlEE-pR-uBkyLmRuc2NyeXB0LWNlcnQuaWJrc3R1cm0u
## id-gmail
DNSCrypt server located in Singapore, provided by id-gmail.
Filters out ads, trackers and malware, supports DNSSEC and doesn't log anything.
sdns://AQMAAAAAAAAADTE0OS4yOC4xNTIuODEg75aAZujZlPBl2D7d0xru7fVthldGPkrKR83X_pfD1PYcMi5kbnNjcnlwdC1jZXJ0LmRucy50aWFyLmFwcA
## id-gmail-doh
DNS-over-HTTPS server located in Singapore, provided by id-gmail.
Filters out ads, trackers and malware, supports DNSSEC and doesn't log anything.
sdns://AgMAAAAAAAAACzQ1LjMyLjEwNS40ID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4DGRvaC50aWFyLmFwcAovZG5zLXF1ZXJ5
## ipredator
Public DNSCrypt server in Sweden provided by Ipredator.se
sdns://AQcAAAAAAAAADTE5NC4xMzIuMzIuMzIgxExWaqjWRsQysQT1PQCWGzLccc8cBL2esBPkgOekeCgcMi5kbnNjcnlwdC1jZXJ0LmlwcmVkYXRvci5zZQ
## nawala-childprotection
Internet filtering system (anycast), protecting child from inappropriate websites and abusive contents.
By http://nawala.id in Indonesia.
sdns://AQAAAAAAAAAADzE4MC4xMzEuMTQ0LjE0NCDGC-b_38Dj4-ikI477AO1GXcLPfETOFpE36KZIHdOzLhkyLmRuc2NyeXB0LWNlcnQubmF3YWxhLmlk
## opennic-ethservices
OpenNIC • DNSSEC • 24-hour Logs • AnonymousLogs • NoFilters
Location: Frankfurt, Germany
By ethservices.
sdns://AQUAAAAAAAAAEjk0LjI0Ny40My4yNTQ6NTM1MyDUQmYmXRg576Roac_42Ue6uQtQ664-FvA20PgVt_UIfigyLmRuc2NyeXB0LWNlcnQub3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRl
## opennic-famicoman
OpenNIC • NoLogs • NoFilters
Location: Amsterdam, Netherlands
By famicoman.phillymesh.net
sdns://AQYAAAAAAAAAEzE0Ni4xODUuMTc2LjM2OjUzNTMguI9IYFUXNpaj0r_g7MdhdRmP4BLhAbT-hpwenEw15082Mi5kbnNjcnlwdC1jZXJ0Lm9wZW5uaWMucGVlcjMuZmFtaWNvbWFuLnBoaWxseW1lc2gubmV0
## opennic-luggs
Public DNS server in Canada operated by Luggs
sdns://AQYAAAAAAAAADTE0Mi40LjIwNC4xMTEgHBl5MxvoI8zPCJp5BpN-XDQQKlasf2Jw4EYlsu3bBOMfMi5kbnNjcnlwdC1jZXJ0Lm5zMy5jYS5sdWdncy5jbw
## opennic-luggs-ipv6
Public DNS server in Canada operated by Luggs
sdns://AQYAAAAAAAAAIVsyNjA3OjUzMDA6MTIwOmE4YToxNDI6NDoyMDQ6MTExXSAcGXkzG-gjzM8ImnkGk35cNBAqVqx_YnDgRiWy7dsE4x8yLmRuc2NyeXB0LWNlcnQubnMzLmNhLmx1Z2dzLmNv
## opennic-luggs2
Second public DNS server in Canada operated by Luggs
sdns://AQYAAAAAAAAAEDE0Mi40LjIwNS40Nzo0NDMgvL-34FDBPaJCLACwsaya1kjFwmS8thcLiD1xishuugkfMi5kbnNjcnlwdC1jZXJ0Lm5zNC5jYS5sdWdncy5jbw
## opennic-luggs2-ipv6
Second public DNS server in Canada operated by Luggs (IPv6)
sdns://AQYAAAAAAAAAJFsyNjA3OjUzMDA6MTIwOmE4YToxNDI6NDoyMDU6NDddOjQ0MyC8v7fgUME9okIsALCxrJrWSMXCZLy2FwuIPXGKyG66CR8yLmRuc2NyeXB0LWNlcnQubnM0LmNhLmx1Z2dzLmNv
## opennic-onic
Public DNS server hosted at MIT (Cambridge, MA, USA) operated by jproulx
sdns://AQcAAAAAAAAADjEyOC41Mi4xMzAuMjA5IBKNsb3hDHyh1SsJH2M-mcGTfRT1-BKwy1s89cvMBHJyIjIuZG5zY3J5cHQtY2VydC5vbmljLmNzYWlsLm1pdC5lZHU
## opennic-tumabox
Public DNS server operated by TumaBox.org
sdns://AQYAAAAAAAAAEjEzMC4yNTUuNzMuOTA6NTM1MyDVkXsRajUxFMI4qpmm6wwofPdoBUGsXb-ooCOeIoxbBg0yLnR1bWFib3gub3Jn
## opennic-tumabox-ipv6
Public DNS server operated by TumaBox.org
sdns://AQYAAAAAAAAAG1syYTAyOmUwMDpmZmZkOjEzOTo6OV06NTM1MyDVkXsRajUxFMI4qpmm6wwofPdoBUGsXb-ooCOeIoxbBg0yLnR1bWFib3gub3Jn
## powerdns-doh
By PowerDNS/Open-Xchange https://powerdns.org
sdns://AgcAAAAAAAAAACA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBBkb2gucG93ZXJkbnMub3JnAS8
## publicarray-au
DNSSEC • OpenNic • Non-logging • Uncensored - hosted at vultr.com
Maintained by publicarray - https://dns.seby.io
sdns://AQcAAAAAAAAADDQ1Ljc2LjExMy4zMSAIVGh4i6eKXqlF6o9Fg92cgD2WcDvKQJ7v_Wq4XrQsVhsyLmRuc2NyeXB0LWNlcnQuZG5zLnNlYnkuaW8
## publicarray-au-doh
DNSSEC • OpenNic • Non-logging • Uncensored - hosted on vultr.com
Maintained by publicarray - https://dns.seby.io
sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk
## qag.me
Plain Vanilla setup of dnscrypt-server-docker on a headless box. Upstream to 1.1.1.1.
Home Server running on a static IP in Bangalore / Bengaluru, INDIA.
Maintained by Cruisemaniac (https://cruisemaniac.com) aka Ashwin Murali.
sdns://AQcAAAAAAAAAEjEwNi41MS4xMjguNzg6NDQzNCDrpsCqF14emkVAo_yJi9T2xxp5KmXhlGtbTL1R-5vVLhYyLmRuc2NyeXB0LWNlcnQucWFnLm1l
## quad9-dnscrypt-ip4-filter-pri
Quad9 (anycast) dnssec/no-log/filter 9.9.9.9
sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
## quad9-dnscrypt-ip4-filter-alt
Quad9 (anycast) dnssec/no-log/filter 149.112.112.9
sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
## quad9-dnscrypt-ip4-nofilter-pri
Quad9 (anycast) no-dnssec/no-log/no-filter 9.9.9.10
sdns://AQYAAAAAAAAADTkuOS45LjEwOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA
## quad9-dnscrypt-ip4-nofilter-alt
Quad9 (anycast) no-dnssec/no-log/no-filter 149.112.112.10
sdns://AQYAAAAAAAAAEzE0OS4xMTIuMTEyLjEwOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA
## quad9-dnscrypt-ip6-filter-alt
Quad9 (anycast) dnssec/no-log/filter 2620:fe::9
sdns://AQMAAAAAAAAAEVsyNjIwOmZlOjo5XTo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ
## quad9-dnscrypt-ip6-filter-pri
Quad9 (anycast) dnssec/no-log/filter 2620:fe::fe:9
sdns://AQMAAAAAAAAAFFsyNjIwOmZlOjpmZTo5XTo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ
## quad9-dnscrypt-ip6-nofilter-pri
Quad9 (anycast) no-dnssec/no-log/no-filter 2620:fe::10
sdns://AQYAAAAAAAAAElsyNjIwOmZlOjoxMF06ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
## quad9-dnscrypt-ip6-nofilter-alt
Quad9 (anycast) no-dnssec/no-log/no-filter 2620:fe::fe:10
sdns://AQYAAAAAAAAAFVsyNjIwOmZlOjpmZToxMF06ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
## quad9-doh-ip4-filter-pri
Quad9 (anycast) dnssec/no-log/filter 9.9.9.9
sdns://AgMAAAAAAAAABzkuOS45LjmAABJkbnM5LnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
## quad9-doh-ip4-filter-alt
Quad9 (anycast) dnssec/no-log/filter 149.112.112.9
sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjmAABJkbnM5LnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
## quad9-doh-ip4-nofilter-pri
Quad9 (anycast) no-dnssec/no-log/no-filter 9.9.9.10
sdns://AgYAAAAAAAAACDkuOS45LjEwgAASZG5zOS5xdWFkOS5uZXQ6NDQzCi9kbnMtcXVlcnk
## quad9-doh-ip4-nofilter-alt
Quad9 (anycast) no-dnssec/no-log/no-filter 149.112.112.10
sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwgAASZG5zOS5xdWFkOS5uZXQ6NDQzCi9kbnMtcXVlcnk
## quad9-doh-ip6-filter-pri
Quad9 (anycast) dnssec/no-log/filter 2620:fe::9
sdns://AgMAAAAAAAAADFsyNjIwOmZlOjo5XYAAEmRuczkucXVhZDkubmV0OjQ0MwovZG5zLXF1ZXJ5
## quad9-doh-ip6-filter-alt
Quad9 (anycast) dnssec/no-log/filter 2620:fe::fe:9
sdns://AgMAAAAAAAAAD1syNjIwOmZlOjpmZTo5XYAAEmRuczkucXVhZDkubmV0OjQ0MwovZG5zLXF1ZXJ5
## quad9-doh-ip6-nofilter-pri
Quad9 (anycast) no-dnssec/no-log/no-filter 2620:fe::10
sdns://AgYAAAAAAAAADVsyNjIwOmZlOjoxMF2AABJkbnM5LnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
## quad9-doh-ip6-nofilter-alt
Quad9 (anycast) no-dnssec/no-log/no-filter 2620:fe::fe:10
sdns://AgYAAAAAAAAAEFsyNjIwOmZlOjpmZToxMF2AABJkbnM5LnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
## qualityology.com
Non-logging, non-filtering, DNSSEC validating server in Los Angeles, California.
Maintained by Evan Xu (@ex-git)
sdns://AQcAAAAAAAAAEjE3My44Mi4yMzIuMjMyOjg1MyCPlK_22Cu9WRVyKgl-CZp2GXezsRDWizG-BHIzChok4iAyLmRuc2NyeXB0LWNlcnQucXVhbGl0eW9sb2d5LmNvbQ
## rubyfish-ea
Resolver in mainland China, forwarding queries for non-Chinese domains
to upstream servers in East Asia.
https://www.rubyfish.cn/
sdns://AgUAAAAAAAAADzExNS4xNTkuMTU0LjIyNiA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA9kbnMucnVieWZpc2guY24KL2Rucy1xdWVyeQ
## rubyfish-uw
Resolver in mainland China, forwarding queries for non-Chinese domains
to US-West.
https://www.rubyfish.cn/
sdns://AgUAAAAAAAAADDQ3Ljk5LjE2NS4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA9kbnMucnVieWZpc2guY24KL2Rucy1xdWVyeQ
## scaleway-fr
DNSSEC/Non-logged/Uncensored - ARM server donated by Scaleway.com
Maintained by Frank Denis - https://fr.dnscrypt.info
This server used to be called `dnscrypt.org-fr`.
sdns://AQcAAAAAAAAADjIxMi40Ny4yMjguMTM2IOgBuE6mBr-wusDOQ0RbsV66ZLAvo8SqMa4QY2oHkDJNHzIuZG5zY3J5cHQtY2VydC5mci5kbnNjcnlwdC5vcmc
## securedns
Uncensored and no logging (DNSCrypt protocol)
sdns://AQcAAAAAAAAAEzE0Ni4xODUuMTY3LjQzOjUzNTMgs6WXaRRXWwSJ4Z-unEPmefryjFcYlwAxf3u0likfsJUcMi5kbnNjcnlwdC1jZXJ0LnNlY3VyZWRucy5ldQ
## securedns-ipv6
Uncensored and no logging (IPv6, DNSCrypt protocol)
sdns://AQcAAAAAAAAAIVsyYTAzOmIwYzA6MDoxMDEwOjplOWE6MzAwMV06NTM1MyCzpZdpFFdbBInhn66cQ-Z5-vKMVxiXADF_e7SWKR-wlRwyLmRuc2NyeXB0LWNlcnQuc2VjdXJlZG5zLmV1
## securedns-doh
Uncensored and no logging (DoH protocol)
sdns://AgcAAAAAAAAADjE0Ni4xODUuMTY3LjQzABBkb2guc2VjdXJlZG5zLmV1Ci9kbnMtcXVlcnk
## securedns-ipv6-doh
Uncensored and no logging (IPv6, DoH protocol)
sdns://AgcAAAAAAAAAGjJhMDM6YjBjMDowOjEwMTA6OmU5YTozMDAxABBkb2guc2VjdXJlZG5zLmV1Ci9kbnMtcXVlcnk
## sfw.scaleway-fr
Uses deep learning to block adult websites. Free, DNSSEC, no logs.
Hosted in Paris, running on a 1-XS server donated by Scaleway.com
Maintained by Frank Denis - https://fr.dnscrypt.info/sfw.html
sdns://AQMAAAAAAAAADzE2My4xNzIuMTgwLjEyNSDfYnO_x1IZKotaObwMhaw_-WRF1zZE9mJygl01WPGh_x8yLmRuc2NyeXB0LWNlcnQuc2Z3LnNjYWxld2F5LWZy
## soltysiak
Public DNSCrypt server in Poland
sdns://AQcAAAAAAAAAFDE3OC4yMTYuMjAxLjIyMjoyMDUzICXE4YgpFUaXj5wrvbanr6QB7aBRBQhdUwPnGSjAZo8hHTIuZG5zY3J5cHQtY2VydC5zb2x0eXNpYWsuY29t
## trashvpn.de
dnscrypt-server Docker image : DNSSEC/Non-logged/Uncensored
Hosted in Germany
sdns://AQcAAAAAAAAAEjM3LjIyMS4xOTUuMTgxOjQ0MyAl_sppDIKYr4Er_QKZ1ee96Xy_f5ZZs5Dxo0EvV22IoBsyLmRuc2NyeXB0LWNlcnQudHJhc2h2cG4uZGU
## ventricle.us
Public DNSCrypt resolver provided by Jacob Henner
sdns://AQcAAAAAAAAADTEwNy4xNzAuNTcuMzQg6YXxGK1OPMZf8iUgGJDG9Vi3W1pS9WsXz-rBAFyLm6olMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LnZlbnRyaWNsZS51cw
## yandex
Yandex public DNS server (anycast)
sdns://AQQAAAAAAAAAEDc3Ljg4LjguNzg6MTUzNTMg04TAccn3RmKvKszVe13MlxTUB7atNgHhrtwG1W1JYyciMi5kbnNjcnlwdC1jZXJ0LmJyb3dzZXIueWFuZGV4Lm5ldA
## zeroaim-ipv6
dnscrypt-server Docker image : DNSSEC/Non-logged/Uncensored
Hosted in Germany
sdns://AQcAAAAAAAAAGVsyYTAzOjQwMDA6YjoyMjM6OjFdOjg0NDMgcrQcuGXx2fhX6rmtaP6aPXj8gumVIrn4GIrn6aTB1fUfMi5kbnNjcnlwdC1jZXJ0Lnplcm9haW0uZGUtaXB2Ng
## opennic-userspace
Non-logging OpenNIC resolver in Melbourne, Australia - https://userspace.com.au
sdns://AQYAAAAAAAAAEzEwMy4yMzYuMTYyLjExOTo0NDMgrAN5npeaXgUs0qL88HYBouapH6Vl2B3wcbQae5_HZYgpMi5kbnNjcnlwdC1jZXJ0Lm5zMDMubWVsLnVzZXJzcGFjZS5jb20uYXU
## opennic-userspace-ipv6
Non-logging OpenNIC resolver in Melbourne, Australia - https://userspace.com.au
sdns://AQYAAAAAAAAAJ1syNDA0Ojk0MDA6MzowOjIxNjozZWZmOmZlZTA6N2Y2OV06NTM1MyCsA3mel5peBSzSovzwdgGi5qkfpWXYHfBxtBp7n8dliCkyLmRuc2NyeXB0LWNlcnQubnMwMy5tZWwudXNlcnNwYWNlLmNvbS5hdQ
## opennic-bongobow
Non-logging OpenNIC resolver in Munich, Germany
sdns://AQYAAAAAAAAAEjUuMTg5LjE3MC4xOTY6NTM1MyBUNSxVQDuC7pPEB_3CNESXDZpW7yK_z_nskJzNMiQyaygyLmRuc2NyeXB0LWNlcnQubnMxNi5kZS5kbnMub3Blbm5pYy5nbHVl
## opennic-bongobow-ipv6
Non-logging OpenNIC resolver in Munich, Germany
sdns://AQYAAAAAAAAAIFsyYTAyOmMyMDc6MjAwODoyNTIwOjUzOjoxXTo1MzUzIFQ1LFVAO4Luk8QH_cI0RJcNmlbvIr_P-eyQnM0yJDJrKDIuZG5zY3J5cHQtY2VydC5uczE2LmRlLmRucy5vcGVubmljLmdsdWU
## opennic-R4SAS
Non-logging OpenNIC resolver in France
sdns://AQYAAAAAAAAAETE1MS44MC4yMjIuNzk6NDQzIO4Y9lZnORlvodxu39dnm6mFruwTRnlmovbEga4Fyw3TIDIuZG5zY3J5cHQtY2VydC5vcGVubmljLmkycGQueHl6
## opennic-R4SAS-ipv6
Non-logging OpenNIC resolver in France
sdns://AQYAAAAAAAAAG1syMDAxOjQ3MDoxZjE1OmI4MDo6NTNdOjQ0MyDuGPZWZzkZb6Hcbt_XZ5upha7sE0Z5ZqL2xIGuBcsN0yAyLmRuc2NyeXB0LWNlcnQub3Blbm5pYy5pMnBkLnh5eg

4
package/jsda/dnscrypt-proxy-full/files/etc/dnscrypt-proxy/public-resolvers.md.minisig Executable file
View File

@ -0,0 +1,4 @@
untrusted comment: signature from minisign secret key
RWQf6LRCGA9i52m1Yh3jlvDnRFBD8KXbQzaSGe0u5MzMat6JKYjTAD3NR5zkLLeX6QUQNj9l8pP+d7KyQ6J0jmXvrcWvhjv8AQo=
trusted comment: timestamp:1547144019 file:public-resolvers.md
BPxXIYBVGkD7Yf+WA1FwGCaJ5n0KB2c1nSQ02hsBI5ErZRvmy9e4Qg/Y6I2t25nK5s5psFM2Ycdtc4va7skaAg==

19
package/jsda/dnscrypt-proxy-full/files/etc/init.d/dnscrypt-proxy Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh /etc/rc.common
USE_PROCD=1
# starts before dnsmasq starts
START=95
# stops before networking stops
STOP=10
PROG=/usr/bin/dnscrypt-proxy
CONFIGFILE=/etc/dnscrypt-proxy/dnscrypt-proxy.toml
start_service() {
procd_open_instance
procd_set_param command "$PROG" -config "$CONFIGFILE"
procd_set_param file "$CONFIGFILE"
procd_set_param respawn
procd_close_instance
}

1
package/jsda/gargoyle-packages Submodule

@ -0,0 +1 @@
Subproject commit 91b4e235db8cbdfe1343e3ef011d36cb94fe463e

49
package/jsda/luci-app-qosv4/Makefile
View File

@ -1,49 +0,0 @@
#
# Copyright (C) 2010-2011 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-qosv4
PKG_VERSION:=1.1f
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk
define Package/luci-app-qosv4
SECTION:=LuCI
CATEGORY:=LuCI
SUBMENU:=3. Applications
TITLE:=LuCI Support for QoSv4.
DEPENDS:=+tc +iptables-mod-conntrack-extra +iptables-mod-conntrack-extra +iptables-mod-filter +iptables-mod-imq +iptables-mod-ipopt +iptables-mod-nat-extra +iptables-mod-imq +kmod-sched
PKGARCH:=all
MAINTAINER:=qq 3341249
endef
define Package/luci-app-qosv4/description
An agent script that makes qosv4 configuration simple.
endef
define Build/Compile
endef
define Package/luci-app-qosv4/postinst
#!/bin/sh
[ -n "${IPKG_INSTROOT}" ] || {
( . /etc/uci-defaults/luci-qosv4 ) && rm -f /etc/uci-defaults/luci-qosv4
chmod 755 /etc/init.d/qosv4 >/dev/null 2>&1
/etc/init.d/qosv4 enable >/dev/null 2>&1
sed -i -e '/qos_scheduler/d' /etc/crontabs/root >/dev/null 2>&1
exit 0
}
endef
define Package/luci-app-qosv4/install
$(CP) ./files/* $(1)
endef
$(eval $(call BuildPackage,luci-app-qosv4))

29
package/jsda/luci-app-qosv4/files/etc/config/qosv4
View File

@ -1,29 +0,0 @@
config 'qos_settings'
option 'UP' '100'
option 'DOWN' '500'
option 'UPLOADR' '2'
option 'DOWNLOADR' '2'
option 'UPLOADR2' '1'
option 'UPLOADC2' '5'
option 'DOWNLOADR2' '1'
option 'DOWNLOADC2' '2'
option 'qos_scheduler' '1'
option 'enable' '0'
config 'qos_ip'
option 'limit_ip' '192.168.1.5'
option 'UPLOADC' '15'
option 'DOWNLOADC' '15'
option 'ip_prio' '5'
option 'enable' '0'
config 'qos_nolimit_ip'
option 'nolimit_ip' '192.168.1.1'
option 'nolimit_mac' '00:00:00:00:00'
option 'enable' '0'
config 'transmission_limit'
option 'downlimit' '100'
option 'uplimit' '100'
option 'enable' '0'

16
package/jsda/luci-app-qosv4/files/etc/init.d/qosv4
View File

@ -1,16 +0,0 @@
#!/bin/sh /etc/rc.common
START=60
start(){
enabled=$(uci get qosv4.@qos_settings[0].enable)
[ "$enabled" -eq 1 ] && /usr/bin/qosv4 start
}
stop(){
/usr/bin/qosv4 stop
}
restart(){
/etc/init.d/qosv4 stop
/etc/init.d/qosv4 start
}

10
package/jsda/luci-app-qosv4/files/etc/uci-defaults/luci-qosv4
View File

@ -1,10 +0,0 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete ucitrack.@qosv4[-1]
add ucitrack qosv4
set ucitrack.@qosv4[-1].init=qosv4
commit ucitrack
EOF
rm -f /tmp/luci-indexcahe
exit 0

432
package/jsda/luci-app-qosv4/files/usr/bin/qosv4
View File

@ -1,432 +0,0 @@
#!/bin/sh
#copyright by zhoutao0712 V4 moded zjhzzyf
#变量初始化(速率单位是KB/S)
#UIP="192.168.1."
#NET="192.168.100.0/24"
#IPS="2"
#IPE="20"
#UP=1135
#DOWN=1175
#UPLOADR=1
#UPLOADC=15
#DOWNLOADR=10
#DOWNLOADC=$((DOWN*9/10))
#UPLOADR2=1
#UPLOADC2=5
#DOWNLOADR2=2
#DOWNLOADC2=$((DOWN*6/10))
#DOWNLOADR 单IP下载保证带宽DOWNLOADR=10
#DOWNLOADc 单IP下载最大带宽DOWNLOADC=$((DOWN*9/10))
#IPS限速开始IP地址
#IPE限速结束IP地址
#IPS和IPE最好不要填写2---254不然脚本运行时间会比较长会多占用一些内存。
#效率上如果采用了u32 hashv4.0和智能QOS修改版本就没影响。
#UP=35总上传带宽。我的ADSL虽然是50KB/S但为了低延迟还是填35吧
#DOWN=175:总下载带宽。我的ADSL虽然是205KB/S但为了低延迟还是填175吧
#UPLOADR=2:单IP上传保证带宽2KB/S就很OK了。
#UPLOADC=15:单IP上传最大带宽ADSL也就填这么多了搞QQ视频应该没问题。
#UPLOADR2=1:被“惩罚”后的单IP上传保证带宽。
#UPLOADC2=5被“惩罚”后的单IP上传UDP最大带宽一般不要超过6KB/S
#DOWNLOADR2:被“惩罚”后的单IP下载保证带宽
#DOWNLOADC2:被“惩罚”后的单IP下载最大带宽
. /lib/functions.sh
load_modules(){
rmmod imq
insmod imq numdevs=1
insmod cls_fw
insmod sch_hfsc
insmod sch_sfq
insmod sch_red
insmod sch_htb
insmod sch_prio
insmod ipt_multiport
insmod ipt_CONNMARK
insmod ipt_length
insmod ipt_IMQ
insmod ipt_hashlimit
insmod cls_u32
insmod xt_connlimit
insmod xt_connbytes
}
lan_net(){
lan_ipaddr=$(uci get network.lan.ipaddr)
lan_netmask=$(uci get network.lan.netmask)
calc=$(ipcalc.sh $lan_ipaddr $lan_netmask)
prefix=${calc##*=}
lan_network=${calc##*NETWORK=}
lan_network=$(echo $lan_network | sed 's/.PRE.*//')
NET="$lan_network/$prefix"
UIP=$(uci get network.lan.ipaddr|awk -F "." '{print $1"."$2"."$3 }')
qos_interface=$(uci -P /var/state get network.wan.ifname 2>/dev/null)
if [ -z $qos_interface ] ; then
qos_interface=$(uci -P /var/state get network.wan.device 2>/dev/null)
fi
}
#装载核心模块,创建QOS专用链
qos_start(){
#ifconfig $qos_interface up
ifconfig imq0 up
iptables -t mangle -N QOSDOWN
iptables -t mangle -N QOSUP
iptables -t mangle -A PREROUTING ! -p icmp -s $NET ! -d $NET -j QOSUP
#iptables -t mangle -I PREROUTING -p udp --dport 53 -j ACCEPT
iptables -t mangle -I POSTROUTING ! -p icmp -d $NET ! -s $NET -j QOSDOWN
#iptables -t mangle -I POSTROUTING -p udp --dport 53 -j ACCEPT
iptables -t mangle -A OUTPUT -o br-lan -j ACCEPT
iptables -t mangle -A INPUT -i br-lan -j ACCEPT
#iptables -t mangle -I OUTPUT -p udp --dport 53 -j ACCEPT
#iptables -t mangle -I INPUT -p udp --dport 53 -j ACCEPT
#iptables -t mangle -A OUTPUT -d ! $NET -j QOSUP
iptables -t mangle -A INPUT ! -s $NET -j QOSDOWN
#iptables -t mangle -A OUTPUT -j QOSUP
#iptables -t mangle -A INPUT -j QOSDOWN
iptables -t mangle -A QOSDOWN -p udp -m multiport --ports 53,67,68 -j RETURN
iptables -t mangle -A QOSUP -p udp -m multiport --destination-port 53,67,68 -j RETURN
iptables -t mangle -N PUNISH0
iptables -t mangle -A QOSUP -p udp -j PUNISH0
iptables -t mangle -A PUNISH0 -m hashlimit --hashlimit 100/sec --hashlimit-mode srcip --hashlimit-name udplmt -j RETURN
iptables -t mangle -A PUNISH0 -m recent --rcheck --seconds 20 -j DROP
iptables -t mangle -A PUNISH0 -m recent --set
iptables -t mangle -N NEWCONN
iptables -t mangle -A QOSUP -m state --state NEW -j NEWCONN
echo "line 99"
iptables -t mangle -A NEWCONN ! -p tcp -m connlimit --connlimit-above 100 -j DROP
iptables -t mangle -A NEWCONN -p tcp -m connlimit --connlimit-above 200 -j DROP
echo "line 102"
iptables -t mangle -A QOSDOWN -p tcp ! --syn -m length --length :128 -j RETURN
iptables -t mangle -A QOSUP -p tcp ! --syn -m length --length :80 -j RETURN
iptables -t mangle -A QOSDOWN -d $NET -j IMQ --todev 0
#iptables -t mangle -A QOSUP -s $NET -j IMQ --todev 1
#小包web浏览和游戏爆发队列限速 #在5秒内平均下载速率小于10KB/S的IP进入高优先级队列253
iptables -t mangle -N BCOUNT
iptables -t mangle -A QOSDOWN -p tcp -m length --length :768 -j MARK --set-mark 255
iptables -t mangle -A QOSUP -p tcp -m length --length :512 -j MARK --set-mark 255
iptables -t mangle -A QOSDOWN -p tcp -m multiport --sports 80,443,25,110 -j BCOUNT
echo "line 117"
iptables -t mangle -A QOSUP -p tcp -m multiport --sports 80,443,25,110 -m connbytes --connbytes :51200 --connbytes-dir both --connbytes-mode bytes -j MARK --set-mark 254
iptables -t mangle -A QOSUP -p tcp -m multiport --dports 80,443,25,110 -j BCOUNT
iptables -t mangle -A QOSDOWN -p tcp -m multiport --sports 80,443,25,110 -m connbytes --connbytes :102400 --connbytes-dir both --connbytes-mode bytes -j MARK --set-mark 254
echo "line 121"
#iptables -t mangle -A QOSDOWN -p tcp -m multiport --sports 80,443,25,110 -m bcount --range :153600 -j MARK --set-mark 254
#iptables -t mangle -A QOSUP -p tcp -m multiport --dports 80,443,25,110 -m bcount --range :51200 -j MARK --set-mark 254
iptables -t mangle -A QOSDOWN -m recent --rdest --rcheck --seconds 120 -j MARK --set-mark 253
iptables -t mangle -A QOSUP -p udp -m recent --rcheck --seconds 120 -j MARK --set-mark 253
iptables -t mangle -A QOSDOWN -j MARK --set-mark 252
iptables -t mangle -A QOSUP -j MARK --set-mark 252
echo "line 129"
#根队列初始化
#tc qdisc del dev imq0 root
#tc qdisc del dev $qos_interface root
echo "line 133"
tc qdisc add dev imq0 root handle 1: htb default 999
tc qdisc add dev $qos_interface root handle 1: htb default 999
tc class add dev $qos_interface parent 1: classid 1:1 htb rate $((UP))kbps
tc class add dev imq0 parent 1: classid 1:1 htb rate $((DOWN))kbps
#小包web浏览和游戏爆发队列限速
tc class add dev imq0 parent 1:1 classid 1:5000 htb rate $((DOWN/5))kbps quantum 15000 prio 1
tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 255 fw flowid 1:5000
tc class add dev $qos_interface parent 1:1 classid 1:5000 htb rate $((UP))kbps quantum 15000 prio 1
tc filter add dev $qos_interface parent 1:0 protocol ip prio 5 handle 255 fw flowid 1:5000
tc class add dev imq0 parent 1:1 classid 1:4000 htb rate $((DOWN/10))kbps ceil $((DOWN*6/10))kbps quantum 8000 prio 3
tc filter add dev imq0 parent 1:0 protocol ip prio 10 handle 254 fw flowid 1:4000
tc class add dev $qos_interface parent 1:1 classid 1:4000 htb rate $((UP/10))kbps ceil $((UP/2))kbps quantum 1500 prio 3
tc filter add dev $qos_interface parent 1:0 protocol ip prio 10 handle 254 fw flowid 1:4000
tc class add dev $qos_interface parent 1:1 classid 1:3000 htb rate $((UP/3))kbps ceil $((UP))kbps
tc class add dev imq0 parent 1:1 classid 1:3000 htb rate $((DOWN/3))kbps ceil $((DOWN))kbps
tc filter add dev $qos_interface parent 1:0 protocol ip prio 20 handle 253 fw flowid 1:3000
tc filter add dev imq0 parent 1:0 protocol ip prio 20 handle 253 fw flowid 1:3000
tc class add dev $qos_interface parent 1:1 classid 1:2000 htb rate $((UP*2/3))kbps ceil $((UP))kbps
tc class add dev imq0 parent 1:1 classid 1:2000 htb rate $((DOWN*2/3))kbps ceil $((DOWN))kbps
tc filter add dev $qos_interface parent 1:0 protocol ip prio 15 handle 252 fw flowid 1:2000
tc filter add dev imq0 parent 1:0 protocol ip prio 15 handle 252 fw flowid 1:2000
tc filter add dev imq0 parent 1:3000 prio 200 handle f0: protocol ip u32 divisor 256
tc filter add dev imq0 protocol ip parent 1:3000 prio 200 u32 ht 800:: match ip dst $NET hashkey mask 0x000000ff at 16 link f0:
tc filter add dev $qos_interface parent 1:3000 prio 200 handle f0: protocol ip u32 divisor 256
tc filter add dev $qos_interface protocol ip parent 1:3000 prio 200 u32 ht 800:: match ip src $NET hashkey mask 0x000000ff at 12 link f0:
tc filter add dev imq0 parent 1:2000 prio 100 handle f1: protocol ip u32 divisor 256
tc filter add dev imq0 protocol ip parent 1:2000 prio 100 u32 ht 801:: match ip dst $NET hashkey mask 0x000000ff at 16 link f1:
tc filter add dev $qos_interface parent 1:2000 prio 100 handle f1: protocol ip u32 divisor 256
tc filter add dev $qos_interface protocol ip parent 1:2000 prio 100 u32 ht 801:: match ip src $NET hashkey mask 0x000000ff at 12 link f1:
}
#所有普通IP单独限速
qos_ip_limit()
{
n=$(echo $limit_ip |cut -d "." -f4)
m=$(printf "%x\n" $n)
echo "$limit_ip start limit"
tc class add dev $qos_interface parent 1:3000 classid 1:${n}f htb rate $((UPLOADR2))kbps ceil $((UPLOADC2))kbps quantum 1500 prio 7
tc class add dev imq0 parent 1:3000 classid 1:${n}f htb rate $((DOWNLOADR2))kbps ceil $((DOWNLOADC2))kbps quantum 1500 prio 7
tc qdisc add dev $qos_interface parent 1:${n}f handle ${n}f bfifo limit 8kb
tc qdisc add dev imq0 parent 1:${n}f handle ${n}f sfq perturb 15
tc filter add dev $qos_interface parent 1:3000 protocol ip prio 200 u32 ht f0:${m}: match ip src 0/0 flowid 1:${n}f
tc filter add dev imq0 parent 1:3000 protocol ip prio 200 u32 ht f0:${m}: match ip dst 0/0 flowid 1:${n}f
tc class add dev $qos_interface parent 1:2000 classid 1:${n}a htb rate $((UPLOADR))kbps ceil $((UPLOADC))kbps quantum 1500 prio $ip_prio
tc class add dev imq0 parent 1:2000 classid 1:${n}a htb rate $((DOWNLOADR))kbps ceil $((DOWNLOADC))kbps quantum 2000 prio $ip_prio
tc qdisc add dev $qos_interface parent 1:${n}a handle ${n}a bfifo limit 8kb
tc qdisc add dev imq0 parent 1:${n}a handle ${n}a sfq perturb 15
tc filter add dev $qos_interface parent 1:2000 protocol ip prio 100 u32 ht f1:${m}: match ip src 0/0 flowid 1:${n}a
tc filter add dev imq0 parent 1:2000 protocol ip prio 100 u32 ht f1:${m}: match ip dst 0/0 flowid 1:${n}a
echo "$limit_ip end limit"
}
qos_ip_limit_2(){
tc class add dev $qos_interface parent 1:1 classid 1:999 htb rate 1kbps ceil $((UP/5))kbps quantum 1500 prio 7
tc class add dev imq0 parent 1:1 classid 1:999 htb rate 2kbps ceil $((DOWN))kbps quantum 1500 prio 7
}
#192.168.1.8,192.168.1.80-192.168.1.90有zhoutao0712发放的免死金牌
qos_else(){
#iptables -t mangle -I PUNISH0 -m iprange --src-range 192.168.1.80-192.168.1.90 -j RETURN
iptables -t mangle -I PUNISH0 -s $nolimit_ip -j RETURN
}
qos_transmission_limit(){
config_get enable $1 enable
config_get downlimit $1 downlimit
config_get uplimit $1 uplimit
echo "transmission limit enable=$enable "
transmission_enable=$(uci get transmission.@transmission[0].enable)
transmission_enabled=$(uci get transmission.@transmission[0].enabled)
echo "transmission-daemon enable=$transmission_enable"
echo "transmission-daemon enabled=$transmission_enabled"
if [ "$transmission_enable" == "1" -o "$transmission_enabled" == "1" ];then
if [ "$enable" == "1" ];then
echo " transmission limit ........downlimit=$downlimit uplimit=$uplimit"
transmission-remote --downlimit $downlimit
transmission-remote --uplimit $uplimit
echo "1" > /tmp/transmission-flag
else
echo " transmission no limit oooooooooo"
transmission-remote --no-downlimit
transmission-remote --no-uplimit
echo "0" > /tmp/transmission-flag
fi
fi
}
#加入例行任务5分钟执行一次当有ip在线的时候按需开启transmission限速和qos限速。
#当只有1个IP在线时候关闭内网QOS限速 。
#当没有IP在线时候关闭QOS限速 关闭transmission限速。
qos_scheduler(){
echo "qos_scheduler start....."
wait_time="5"
[ -z "$(cat /etc/crontabs/root| grep qos_scheduler)" ]&&echo -e "*/${wait_time} * * * * sh /tmp/qos_scheduler #qos_scheduler#" >> /etc/crontabs/root
cat >/tmp/qos_scheduler <<"EOF"
[ -e /tmp/qosv4_nolimit_mac ]&&mac_list=$(cat /tmp/qosv4_nolimit_mac)
local RUN="ip neigh| grep : ${mac_list} |grep -c $UIP"
ip_num=`eval $RUN`
old_ip_num=$(cat /tmp/qosv4_old_ip_num)
echo "new_ip_num=$ip_num"
echo "old_ip_num=$old_ip_num"
#如果在线ip和上次相同 退出
if [ "$ip_num" -eq "$old_ip_num" ]
then
ip neigh flush dev br-lan
echo "在线ip和上次相同"
exit
fi
qosv4_transmission_enabl=$(uci get qosv4.@transmission_limit[0].enable)
qosv4_transmission_uplimit=$(uci get qosv4.@transmission_limit[0].uplimit)
qosv4_transmission_downlimit=$(uci get qosv4.@transmission_limit[0].downlimit)
transmission_enable=$(uci get transmission.@transmission[0].enable)
transmission_enabled=$(uci get transmission.@transmission[0].enabled)
#如果在线ip为1 关闭内网QOS限速 根据设置开启 transmission限速然后退出
if [ "$ip_num" -eq "1" ]
then
ifconfig imq0 down
ifconfig $qos_interface down
if [ "$transmission_enable" == "1" -o "$transmission_enabled" == "1" ];then
if [ "$qosv4_transmission_enabl" == "1" ];then
echo " transmission limit ........downlimit=$qosv4_transmission_downlimit uplimit=$qosv4_transmission_uplimit"
transmission-remote --downlimit $qosv4_transmission_downlimit
transmission-remote --uplimit $qosv4_transmission_uplimit
else
transmission-remote --no-downlimit
transmission-remote --no-uplimit
echo "0" > /tmp/transmission-flag
fi
fi
ip neigh flush dev br-lan
echo "$ip_num" >/tmp/qosv4_old_ip_num
exit
fi
# 当没有IP在线时候关闭QOS限速 关闭transmission限速。
if [ "$ip_num" -eq "0" ]
then
ifconfig imq0 down
ifconfig $qos_interface down
if [ "$transmission_enable" == "1" -o "$transmission_enabled" == "1" ];then
transmission-remote --no-downlimit
transmission-remote --no-uplimit
fi
fi
ip neigh flush dev br-lan
echo "$ip_num" >/tmp/qosv4_old_ip_num
exit
fi
#如果在线ip 大于1 开启内网QOS限速 开启transmission限速
if [ $(ifconfig |grep -c imq0) -eq 0 ]
then
ifconfig imq0 up
ifconfig $qos_interface up
echo "cass 3"
fi
if [ "$transmission_enable" == "1" -o "$transmission_enabled" == "1" ];then
if [ "$qosv4_transmission_enabl" == "1" ];then
echo " transmission limit ........downlimit=$qosv4_transmission_downlimit uplimit=$qosv4_transmission_uplimit"
transmission-remote --downlimit $qosv4_transmission_downlimit
transmission-remote --uplimit $qosv4_transmission_uplimit
else
transmission-remote --no-downlimit
transmission-remote --no-uplimit
echo "0" > /tmp/transmission-flag
fi
fi
ip neigh flush dev br-lan
echo "$ip_num" >/tmp/qosv4_old_ip_num
EOF
}
qos_stop(){
for iface in $(tc qdisc show | grep htb | awk '{print $5}'); do
tc qdisc del dev "$iface" root
done
iptables -t mangle -D PREROUTING ! -p icmp -s $NET ! -d $NET -j QOSUP
iptables -t mangle -D POSTROUTING ! -p icmp -d $NET ! -s $NET -j QOSDOWN
iptables -t mangle -D OUTPUT -o br-lan -j ACCEPT
iptables -t mangle -D INPUT -i br-lan -j ACCEPT
iptables -t mangle -D OUTPUT ! -d $NET -j QOSUP
iptables -t mangle -D INPUT ! -s $NET -j QOSDOWN
iptables -t mangle -D OUTPUT -j QOSUP
iptables -t mangle -D INPUT -j QOSDOWN
iptables -t mangle -D PREROUTING -p udp --dport 53 -j ACCEPT
iptables -t mangle -D POSTROUTING -p udp --dport 53 -j ACCEPT
iptables -t mangle -D OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t mangle -D INPUT --dport 53 -j ACCEPT
iptables -t mangle -F QOSDOWN
iptables -t mangle -F QOSUP
iptables -t mangle -F PUNISH0
iptables -t mangle -F NEWCONN
iptables -t mangle -F BCOUNT
iptables -t mangle -X QOSDOWN
iptables -t mangle -X QOSUP
iptables -t mangle -X PUNISH0
iptables -t mangle -X NEWCONN
iptables -t mangle -X BCOUNT
}
qos_config_get(){
config_get enable $1 enable
config_get UP $1 UP
config_get DOWN $1 DOWN
config_get UPLOADR2 $1 UPLOADR2
config_get UPLOADC2 $1 UPLOADC2
config_get DOWNLOADR2 $1 DOWNLOADR2
config_get DOWNLOADC2 $1 DOWNLOADC2
config_get UPLOADR $1 UPLOADR
config_get DOWNLOADR $1 DOWNLOADR
config_get qos_scheduler $1 qos_scheduler
}
qos_limit_ip_get(){
config_get enable $1 enable
config_get limit_ip $1 limit_ip
config_get ip_prio $1 ip_prio
config_get UPLOADC $1 UPLOADC
config_get DOWNLOADC $1 DOWNLOADC
echo "enable=$enable limit_ip=$limit_ip ip_prio=$ip_prio UPLOADC=$UPLOADC DOWNLOADC=$DOWNLOADC"
[ "$enable" == "1" ]&&qos_ip_limit
}
qos_nolimit_ip_get(){
config_get enable $1 enable
config_get nolimit_ip $1 nolimit_ip
config_get nolimit_mac $1 nolimit_mac
[ "$enable" == "1" ]&&printf "|grep -v $nolimit_mac " >>/tmp/qosv4_nolimit_mac
}
lan_net
config_load qosv4
case $1 in
start)
qos_stop >/dev/null 2>&1
qos_stop >/dev/null 2>&1
echo "start qos v4........"
rm -rf /tmp/qosv4_nolimit_mac
config_foreach qos_config_get qos_settings
echo "qosv4 enable=$enable "
if [ "$enable" == "1" ];then
load_modules >/dev/null 2>&1
qos_start
config_foreach qos_limit_ip_get qos_ip
qos_ip_limit_2
config_foreach qos_nolimit_ip_get qos_nolimit_ip
config_foreach qos_transmission_limit transmission_limit
else
qos_stop >/dev/null 2>&1
qos_stop >/dev/null 2>&1
fi
echo "qos_scheduler = $qos_scheduler"
if [ "$qos_scheduler" == "1" ];then
qos_scheduler
else
[ -n "$(cat /etc/crontabs/root| grep qos_scheduler)" ]&& sed -i -e '/qos_scheduler/d' /etc/crontabs/root
fi
;;
stop)
qos_stop >/dev/null 2>&1
qos_stop >/dev/null 2>&1
;;
esac

17
package/jsda/luci-app-qosv4/files/usr/lib/lua/luci/controller/qosv4.lua
View File

@ -1,17 +0,0 @@
module("luci.controller.qosv4", package.seeall)
function index()
require("luci.i18n")
luci.i18n.loadc("qosv4")
local fs = luci.fs or nixio.fs
if not fs.access("/etc/config/qosv4") then
return
end
local page = entry({"admin", "network", "qosv4"}, cbi("qosv4"), "QOSv4")
page.i18n = "qosv4"
page.dependent = true
end

BIN
package/jsda/luci-app-qosv4/files/usr/lib/lua/luci/i18n/qosv4.zh-cn.lmo
View File

Binary file not shown.

163
package/jsda/luci-app-qosv4/files/usr/lib/lua/luci/model/cbi/qosv4.lua
View File

@ -1,163 +0,0 @@
require("luci.tools.webadmin")
--[[
config 'qos_settings'
option 'enable' '0'
option 'UP' '100'
option 'DOWN' '500'
option qos_scheduler 1
config 'qos_ip'
option 'enable' '0'
option 'limit_ip' '192.168.1.5'
option 'UPLOADR' '2'
option 'DOWNLOADR' '2'
option 'UPLOADC' '15'
option 'DOWNLOADC' '15'
option 'UPLOADR2' '1'
option 'UPLOADC2' '5'
option 'DOWNLOADR2' '1'
option 'DOWNLOADC2' '2'
config 'qos_nolimit_ip'
option 'enable' '0'
option 'limit_ip' '192.168.1.6'
]]--
local sys = require "luci.sys"
m = Map("qosv4", translate("qosv4 title","QOSv4"),
translate("qosv4 title desc","qosv4 title desc"))
s = m:section(TypedSection, "qos_settings", translate("qos goble setting","qos goble setting"))
s.anonymous = true
s.addremove = false
enable = s:option(Flag, "enable", translate("qos enable", "qos enable"))
enable.default = false
enable.optional = false
enable.rmempty = false
qos_scheduler = s:option(Flag, "qos_scheduler", translate("qos scheduler enable", "qos scheduler enable"),
translate("qos scheduler desc","qos scheduler desc"))
qos_scheduler.default = false
qos_scheduler.optional = false
qos_scheduler.rmempty = false
DOWN = s:option(Value, "DOWN", translate("DOWN speed","DOWN speed"),
translate("DOWN speed desc","DOWN speed desc"))
DOWN.optional = false
DOWN.rmempty = false
UP = s:option(Value, "UP", translate("UP speed","UP speed"),
translate("UP speed desc","UP speed desc"))
UP.optional = false
UP.rmempty = false
DOWNLOADR = s:option(Value, "DOWNLOADR", translate("DOWNLOADR speed","DOWNLOADR speed"))
DOWNLOADR.optional = false
DOWNLOADR.rmempty = false
UPLOADR = s:option(Value, "UPLOADR", translate("UPLOADR speed","UPLOADR speed"))
UPLOADR.optional = false
UPLOADR.rmempty = false
DOWNLOADR2 = s:option(Value, "DOWNLOADR2", translate("DOWNLOADR2 speed","DOWNLOADR2 speed"))
DOWNLOADR2.optional = false
DOWNLOADR2.rmempty = false
UPLOADR2 = s:option(Value, "UPLOADR2", translate("UPLOADR2 speed","UPLOADR2 speed"))
UPLOADR2.optional = false
UPLOADR2.rmempty = false
DOWNLOADC2 = s:option(Value, "DOWNLOADC2", translate("DOWNLOADC2 speed","DOWNLOADC2 speed"))
DOWNLOADC2.optional = false
DOWNLOADC2.rmempty = false
UPLOADC2 = s:option(Value, "UPLOADC2", translate("UPLOADC2 speed","UPLOADC2 speed"))
UPLOADC2.optional = false
UPLOADC2.rmempty = false
s = m:section(TypedSection, "qos_ip", translate("qos black ip","qos black ip"))
s.template = "cbi/tblsection"
s.anonymous = true
s.addremove = true
enable = s:option(Flag, "enable", translate("enable", "enable"))
enable.default = false
enable.optional = false
enable.rmempty = false
limit_ip = s:option(Value, "limit_ip", translate("limit_ip","limit_ip"))
limit_ip.rmempty = true
luci.tools.webadmin.cbi_add_knownips(limit_ip)
DOWNLOADC = s:option(Value, "DOWNLOADC", translate("DOWNLOADC speed","DOWNLOADC speed"))
DOWNLOADC.optional = false
DOWNLOADC.rmempty = false
UPLOADC = s:option(Value, "UPLOADC", translate("UPLOADC speed","UPLOADC speed"))
UPLOADC.optional = false
UPLOADC.rmempty = false
ip_prio = s:option(Value, "ip_prio", translate("ip prio","ip prio"),
translate("ip prio desc"," default 5 "))
ip_prio.optional = false
ip_prio.rmempty = false
s = m:section(TypedSection, "transmission_limit", translate("transmission limit","transmission limit"))
s.template = "cbi/tblsection"
s.anonymous = true
s.addremove = false
enable = s:option(Flag, "enable", translate("enable", "enable"))
enable.default = false
enable.optional = false
enable.rmempty = false
downlimit= s:option(Value, "downlimit", translate("downlimit speed","downlimit speed"))
downlimit.optional = false
downlimit.rmempty = false
uplimit= s:option(Value, "uplimit", translate("uplimit speed","uplimit speed"))
uplimit.optional = false
uplimit.rmempty = false
s = m:section(TypedSection, "qos_nolimit_ip", translate("qos white","qos white"))
s.template = "cbi/tblsection"
s.anonymous = true
s.addremove = true
enable = s:option(Flag, "enable", translate("enable", "enable"))
enable.default = false
enable.optional = false
enable.rmempty = false
nolimit_mac= s:option(Value, "nolimit_mac", translate("white mac","white mac"))
nolimit_mac.rmempty = true
nolimit_ip= s:option(Value, "nolimit_ip", translate("white ip","white ip"))
nolimit_ip.rmempty = true
luci.ip.neighbors(function(entry)
nolimit_ip:value(entry["IP address"])
nolimit_mac:value(
entry["HW address"],
entry["HW address"] .. " (" .. entry["IP address"] .. ")"
)
end)
return m

1
package/jsda/packages2 Submodule

@ -0,0 +1 @@
Subproject commit c718cf5f3ed2c56a379e232b53680dd9eee6a723

2
package/lean/luci-app-ssr-plus/Makefile
View File

@ -68,7 +68,7 @@ define Package/luci-app-ssr-plus
DEPENDS:=+shadowsocksr-libev-alt +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +bash +pdnsd-alt +wget +unzip \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \
+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray \
+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun \
+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server:shadowsocksr-libev-server \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server:shadowsocks-libev-ss-server \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Socks:shadowsocksr-libev-ssr-local \

7
package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
View File

@ -71,16 +71,9 @@ if nixio.fs.access("/usr/bin/dnsforwarder") then
o:value("3", translate("Use dnsforwarder tcp query and cache"))
o:value("4", translate("Use dnsforwarder udp query and cache"))
end
if nixio.fs.access("/usr/sbin/dnsforwarder") then
o:value("3", translate("Use dnsforwarder tcp query and cache"))
o:value("4", translate("Use dnsforwarder udp query and cache"))
end
if nixio.fs.access("/usr/bin/dnscrypt-proxy") then
o:value("5", translate("Use dnscrypt-proxy query and cache"))
end
if nixio.fs.access("/usr/sbin/dnscrypt-proxy") then
o:value("5", translate("Use dnscrypt-proxy query and cache"))
end
o.default = 1
o = s:option(Value, "tunnel_forward", translate("Anti-pollution DNS Server"))