A Secure DNS Client. Using: Msmh Agnostic Server, DNSLookup and GoodbyeDPI. (Windows only)
Client implementation: DNSCrypt, Anonymized DNSCrypt, DoH, DoT and Plain DNS (UDP & TCP).
Server implementation: DoH and Plain DNS (UDP & TCP).
Requirements: .Net Destop Runtime 6
and ASP.NET Core Runtime 6
For x64:\ First install .Net Destop Runtime x64 v6.0.31\ Then install ASP.NET Core Runtime x64 v6.0.31
For x86:\ First install .Net Destop Runtime x86 v6.0.31\ Then install ASP.NET Core Runtime x86 v6.0.31
Microsoft .NET 6.0 Runtime Page
Download:\ Download latest version of SDC - Secure DNS Client
Enable SSL Decryption
you need to restart your browser in order the changes to take effect.sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw
<DNSCrypt Server in STAMP format>
<Space>
<DNSCrypt Relay>
<DNSCrypt Relay>
can be in STAMP or IP:PORT format.sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw sdns://gQ4xNzcuNTQuMTQ1LjEzMQ
sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw 177.54.145.131:443
https://max.rethinkdns.com/dns-query
h3://max.rethinkdns.com/dns-query
tls://dns.quad9.net
udp://8.8.8.8:53
tcp://1.1.1.1:53
Domain
|
Rules
;
example.com|127.0.0.1;
example.com|dns:https://max.rethinkdns.com/dns-query;
example.com|dns:https://max.rethinkdns.com/dns-query;dnsproxy:socks5://127.0.0.1:1080;
youtube.com|dnsdomain:google.com;
example.com|-;
\
*.example.com|-;
// Variables
SmartDns1 = https://one.YourSmartDnsServer.net/dns-query;
SmartDns2 = https://two.YourSmartDnsServer.net/dns-query;
SmartDns3 = https://three.YourSmartDnsServer.net/dns-query;
// YouTube youtube.com|dnsdomain:google.com; ytimg.com|dnsdomain:google.com; .ytimg.com|dnsdomain:google.com; ggpht.com|dnsdomain:google.com; .ggpht.com|dnsdomain:.googleusercontent.com; .googleapis|dnsdomain:google.com; .googlevideo.com|dnsdomain:.c.docs.google.com;
// Use Smart DNS For These Domains developers.google.com|dns:SmartDns1,SmartDns2,SmartDns3; .googleusercontent.com|dns:SmartDns1,SmartDns2,SmartDns3; developer.android.com|dns:SmartDns1,SmartDns2,SmartDns3; gemini.google.com|dns:SmartDns1,SmartDns2,SmartDns3; .openai.com|dns:SmartDns1; claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; .claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; spotify.com|dns:SmartDns1,SmartDns2,SmartDns3; .spotify.com|dns:SmartDns1,SmartDns2,SmartDns3;
---
### Proxy Server
* Proxy server is use to bypass SNI/DNS based blocked websites.
* How to use:
1. SDC DNS Server must be online and set to System.
2. Atleast one of DPI Bypass options must be active.
- Fragment
- SSL Decryption (by installing self-signed root certificate authority)
- Enable `Change SNI` and provide a fake SNI.
3. Start Proxy Server.
4. Set Proxy to System.
---
### Proxy Rules
* Syntax (wildcard is supported):
- `Domain` `|` `Rules` `;`
* Rules:
- Fake DNS (forward a domain to your desired IP address):\
`example.com|127.0.0.1;`
- Use a custom DNS for a domain:\
`example.com|dns:https://max.rethinkdns.com/dns-query;`
- Use a custom and blocked DNS by an upstream proxy:\
`example.com|dns:https://max.rethinkdns.com/dns-query;dnsproxy:socks5://127.0.0.1:1080;`
- DNS Domain (Get IP for a domain and use it for another domain):\
`youtube.com|dnsdomain:google.com;`
- Use upstream proxy for a domain (only socks5 and http are supported):\
`example.com|proxy:socks5://127.0.0.1:1080;`\
`example.com|proxy:http://127.0.0.1:1080;`
- Use upstream proxy with user and pass:\
`example.com|proxy:socks5://127.0.0.1:1080&user:UserName&pass:PassWord;`
- Set a custom/fake SNI for a domain:\
`*.googlevideo.com|sni:google.com;`
- Don't apply DPI bypass for a domain:\
`example.com|--;`\
`*.example.com|--;`
- Block a domain and all it's sub-domains:\
`example.com|-;`\
`*.example.com|-;`
<br><br>
* Example of Proxy Rules file:
// Variables SmartDns1 = https://one.YourSmartDnsServer.net/dns-query; SmartDns2 = https://two.YourSmartDnsServer.net/dns-query; SmartDns3 = https://three.YourSmartDnsServer.net/dns-query;
// Defaults blockport:53,80;
// YouTube youtube.com|dnsdomain:google.com;sni:google.com; ytimg.com|dnsdomain:google.com; .ytimg.com|dnsdomain:google.com; ggpht.com|dnsdomain:google.com; .ggpht.com|dnsdomain:.googleusercontent.com; .googleapis|dnsdomain:google.com; .googlevideo.com|dnsdomain:.c.docs.google.com;sni:google.com;
// Use Smart DNS For These Domains developers.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .googleusercontent.com|--;dns:SmartDns1,SmartDns2,SmartDns3; developer.android.com|--;dns:SmartDns1,SmartDns2,SmartDns3; gemini.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .openai.com|--;dns:SmartDns1; claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; .claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3;
// Don't Apply DPI Bypass To These Domains google.com|--; .google.com|--; github.com|--; .github.com|--; githubusercontent.com|--; .githubusercontent.com|--; stackoverflow.com|--; .stackoverflow.com|--; .sstatic.net|--; .cookielaw.org|--; every1dns.com|--; .every1dns.com|--; nslookup.io|--; .nslookup.io|--; php.net|--; save.tube|--;
// Apply Defaults To Other Domains *|+;
---
[Find Videos in Help Directory.](https://github.com/msasanmh/SecureDNSClient/tree/main/Help)\
[Another Guide.](https://rentry.co/SecureDNSClient)