@hackage dprox0.4.3

a lightweight DNS proxy server, compatible with dnsmasq-china-list

dprox

CircleCI CirrusCI Depends Release Hackage AUR License

dprox is a lightweight DNS proxy server. It's created as a drop-in replacement of dnsmasq to work with dnsmasq-china-list, enhancing overall lookup performance over extensive domain lists.

Installation

dprox should build and work on all unix-like OS with ghc support, as well as Windows.

Although dprox can be built using cabal like any other Hackage package, we recommend using stack for a more reliable compilation with pinned dependencies.

stack setup
stack install

Arch Linux users can install provided AUR package.

Alternatively, you can opt to use the statically linked binary available in the latest release.

Usage

Currently, only a small subset of dnsmasq options is implemented: just enough to seamlessly work with dnsmasq-china-list and hosts-blocklists.

Here is the list of implemented dnsmasq options (with server, local, address and bogus-nxdomain options allowed in configuration file):

-p, --port=<port>
-a, --listen-address=<ipaddr>
-C, --conf-file=<file>
-h, --no-hosts
-H, --addn-hosts=<file>
-S, --local, --server=[/<domain>/]<ipaddr>[#<port>]
-A, --address=[/<domain>/]<ipaddr>
-B, --bogus-nxdomain=<ipaddr>

For more details about these options, use dprox --help or refer to the dnsmasq manpage. However, be aware that there might be minor differences in some options, such as --server.

To use dprox with dnsmasq-china-list and set "8.8.4.4" as the remote DNS server:

dprox -C /etc/dnsmasq.d/accelerated-domains.china.conf -C /etc/dnsmasq.d/bogus-nxdomain.china.conf -S 8.8.4.4

To use dprox with hosts-blocklists and use the default remote DNS server ("8.8.8.8"), excluding the loading of the system hosts file:

dprox -C /opt/hosts-blocklists/domains.txt -H /opt/hosts-blocklists/hostnames.txt -h

Additionally, a customized --ipset option is available (distinct from dnsmasq). With these options configured, in case a DNS request somehow matches with the specified ipset, dprox will switch to an alternative upstream DNS server (with the FakeDNS feature, for example), specified by ipset-server. The exact matching policy can be configured using the ipset-match. These options can be used to enable IP-based routing for DNS requests.

--ipset <ipmask>
--ipset-match <none|all|any|notall>
--ipset-server <ipaddr>[#port]
--ipset-file <file>

Known Issue

  • dprox currently has a relatively large memory footprint, approximately 85MB for the current dnsmasq-china-list.

License

dprox is licensed under the BSD3 license. Refer to the LICENSE file for comprehensive details.