First final version of DNSCrypt-proxy 2.0 is here – works great!

Damn, I must admit, the development of the new DNSCrypt-proxy 2.0 was really really fast and the new version works well, I tested it already like 3 hours and it definitely get my recommendation.



Sadly there isn’t really a changelog so if you want to see what’s changed you need to watch the commits yourself.


  1. Download the package for your system, x64 for 64-Bit and x86 if you are on a 32-Bit host
  2. Extract the files into e.g. C:\Program Files(x86)\dnscrypt-proxy\
  3. Remove the “example-” on ever file
  4. Click on the service-install.bat and allow to install the service
  5. Now you can tweak your configuration file dnscrypt-proxy.toml like you want. Remember that when you’re done to execute the service-restart.bat to apply your changes.

Differences with dnscrypt-proxy 1.x

Features dnscrypt-proxy 1.x dnscrypt-proxy 2.x
Status Old PoC, barely maintained any more Very new, but quickly evolving
Code quality Big ugly mess Readable, easy to work on
Reliability Poor, due to completely broken handling of edge cases Excellent
Security Written in C, bundles patched versions from old branches of system libraries Written in standard and portable Go
Dependencies Specific versions of dnscrypt-proxy, libldns and libtool None
Upstream connections using TCP Catastrophic, requires client retries Implemented as anyone would expect, works well with TOR
XChaCha20 support Only if compiled with recent versions of libsodium Yes, always available
Support of links with small MTU Unreliable due to completely broken padding Reliable, properly implemented
Support for multiple servers Nonexistent Yes, with automatic failover and load-balancing
Custom additions C API, requires libldns for sanity Simple Go structures using miekg/dns
AAAA blocking for IPv4-only networks Yes Yes
DNS caching Yes, with ugly hacks for DNSSEC support Yes, without ugly hacks
EDNS support Broken with custom records Yes
Asynchronous filters Lol, no, filters block everything Of course, thanks to Go
Session-local storage for extensions Impossible Yes
Multicore support Nonexistent Yes, thanks to Go
Efficient padding of queries Couldn’t be any worse Yes
Multiple local sockets Impossible Of course. IPv4, IPv6, as many as you like
Automatically picks the fastest servers Lol, it supports only one at a time, anyway Yes, out of the box
Official, always up-to-date pre-built libraries None Yes, for many platforms. See below.
Automatically downloads and verifies servers lists No. Requires custom scripts, cron jobs and dependencies (minisign) Yes, built-in, including signature verification
Advanced expressions in blacklists (ads*.example[0-9]*.com) No Yes
Forwarding with load balancing No Yes
Built-in system installer Only on Windows Install/uninstall/start/stop/restart as a service on Windows, Linux/(systemd,Upstart,SysV), and macOS/launchd
Built-in servers latency benchmark No Yes
Query type filter: only log a relevant set of query types No Yes
Support for the Windows Event Log No Yes
Log suspicious queries (leading to NXDOMAIN) No Yes
IP filtering Yes, but can be bypassed due to a vulnerability Yes, doesn’t have the vulnerability from v1
Systemd support Yes, but don’t complain about it Yes, but don’t complain about it either
Stamps, as a simple way to provide server parameters No Yes
Supported protocols DNSCrypt v1, DNSCrypt v2 DNSCrypt v1, DNSCrypt v2, DNS-over-HTTP/2
Time-based access control No Yes, per domain, with multiple weekly schedules
Cloaking (like a HOSTS file for the network) No Yes, can also return IPs from other names & flatten CNAME records

What about SimpleDNSCrypt?

The project is still alive, I assume that there going to release a new version with the updated final DNSCrypt-proxy 2.0 within the next two weeks. Because of the fast changes the project made I don’t think that we getting a final build but even a test version would already help a lot of people which aren’t experienced with the windows or dnsproxy shell commands.

Planned features

  • Offline responses
  • Local DNSSEC validation
  • Support for the V1 plugin API
  • Real documentation

I think the project is really great, of course nothing is perfect and DNSCrypt has it’s weaknesses but it’s definitely better than nothing in my eyes. I’ll keep an eye on the project and will inform you guys once there bigger changes.

2 replies on “First final version of DNSCrypt-proxy 2.0 is here – works great!”

hello sir, i followed all the steps, but still not working, what can i do? i tried also simple Dnscrypt 2.0, but he dosn’t work too.

I am on the french version of windows, must I change something?

thank for help


‘Does not work’ usually doesn’t help in any way, what error do you get or which is the step which cause a problem – more details are always better to get at the best possible support.

Usually, you only need to extract the downloaded files to e.g. C:\Program Files(x86) or C:\Program FIles and then execute the service-install script file, dnscrypt-proxy then runs, all you have to do is manually configure the configuration file how you want.

I can’t say more without more details at this point.


Comments are closed.