msasanmh / SecureDNSClient

A DNS Client Supporting DNSCrypt, Anonymized DNSCrypt, DoH, DoT, UDP And TCP.
https://msasanmh.github.io/SecureDNSClient/
GNU General Public License v3.0
839 stars 81 forks source link
anonymized-dnscrypt anti-censorship dns-over-htttps dns-over-tcp dns-over-tls dns-over-udp dns-stamp dnscrypt dnslookup dpi-bypassing goodbyedpi http3

SDC - Secure DNS Client

GitHub all releases GitHub top language GitHub GitHub release (with filter)

A Secure DNS Client. Using: Msmh Agnostic Server, DNSLookup and GoodbyeDPI. (Windows only)

Client implementation: DNSCrypt, Anonymized DNSCrypt, DoH, DoT and Plain DNS (UDP & TCP).
Server implementation: DoH and Plain DNS (UDP & TCP).

Requirements: .Net Destop Runtime 6 and ASP.NET Core Runtime 6

For x64:\ First install .Net Destop Runtime x64 v6.0.31\ Then install ASP.NET Core Runtime x64 v6.0.31

For x86:\ First install .Net Destop Runtime x86 v6.0.31\ Then install ASP.NET Core Runtime x86 v6.0.31

Microsoft .NET 6.0 Runtime Page

Download:\ Download latest version of SDC - Secure DNS Client


Notes


Features


Supported Protocols


DNS Rules

// YouTube youtube.com|dnsdomain:google.com; ytimg.com|dnsdomain:google.com; .ytimg.com|dnsdomain:google.com; ggpht.com|dnsdomain:google.com; .ggpht.com|dnsdomain:.googleusercontent.com; .googleapis|dnsdomain:google.com; .googlevideo.com|dnsdomain:.c.docs.google.com;

// Use Smart DNS For These Domains developers.google.com|dns:SmartDns1,SmartDns2,SmartDns3; .googleusercontent.com|dns:SmartDns1,SmartDns2,SmartDns3; developer.android.com|dns:SmartDns1,SmartDns2,SmartDns3; gemini.google.com|dns:SmartDns1,SmartDns2,SmartDns3; .openai.com|dns:SmartDns1; claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; .claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; spotify.com|dns:SmartDns1,SmartDns2,SmartDns3; .spotify.com|dns:SmartDns1,SmartDns2,SmartDns3;


---

### Proxy Server
* Proxy server is use to bypass SNI/DNS based blocked websites.
* How to use:
    1. SDC DNS Server must be online and set to System.
    2. Atleast one of DPI Bypass options must be active.
        - Fragment
        - SSL Decryption (by installing self-signed root certificate authority)
            - Enable `Change SNI` and provide a fake SNI.
    3. Start Proxy Server.
    4. Set Proxy to System.

---

### Proxy Rules
* Syntax (wildcard is supported):
    - `Domain` `|` `Rules` `;`
* Rules:
    - Fake DNS (forward a domain to your desired IP address):\
    `example.com|127.0.0.1;`
    - Use a custom DNS for a domain:\
    `example.com|dns:https://max.rethinkdns.com/dns-query;`
    - Use a custom and blocked DNS by an upstream proxy:\
    `example.com|dns:https://max.rethinkdns.com/dns-query;dnsproxy:socks5://127.0.0.1:1080;`
    - DNS Domain (Get IP for a domain and use it for another domain):\
    `youtube.com|dnsdomain:google.com;`
    - Use upstream proxy for a domain (only socks5 and http are supported):\
    `example.com|proxy:socks5://127.0.0.1:1080;`\
    `example.com|proxy:http://127.0.0.1:1080;`
    - Use upstream proxy with user and pass:\
    `example.com|proxy:socks5://127.0.0.1:1080&user:UserName&pass:PassWord;`
    - Set a custom/fake SNI for a domain:\
    `*.googlevideo.com|sni:google.com;`
    - Don't apply DPI bypass for a domain:\
    `example.com|--;`\
    `*.example.com|--;`
    - Block a domain and all it's sub-domains:\
    `example.com|-;`\
    `*.example.com|-;`
<br><br>
* Example of Proxy Rules file:

// Variables SmartDns1 = https://one.YourSmartDnsServer.net/dns-query; SmartDns2 = https://two.YourSmartDnsServer.net/dns-query; SmartDns3 = https://three.YourSmartDnsServer.net/dns-query;

// Defaults blockport:53,80;

// YouTube youtube.com|dnsdomain:google.com;sni:google.com; ytimg.com|dnsdomain:google.com; .ytimg.com|dnsdomain:google.com; ggpht.com|dnsdomain:google.com; .ggpht.com|dnsdomain:.googleusercontent.com; .googleapis|dnsdomain:google.com; .googlevideo.com|dnsdomain:.c.docs.google.com;sni:google.com;

// Use Smart DNS For These Domains developers.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .googleusercontent.com|--;dns:SmartDns1,SmartDns2,SmartDns3; developer.android.com|--;dns:SmartDns1,SmartDns2,SmartDns3; gemini.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .openai.com|--;dns:SmartDns1; claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; .claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3; .spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3;

// Don't Apply DPI Bypass To These Domains google.com|--; .google.com|--; github.com|--; .github.com|--; githubusercontent.com|--; .githubusercontent.com|--; stackoverflow.com|--; .stackoverflow.com|--; .sstatic.net|--; .cookielaw.org|--; every1dns.com|--; .every1dns.com|--; nslookup.io|--; .nslookup.io|--; php.net|--; save.tube|--;

// Apply Defaults To Other Domains *|+;



---

[Find Videos in Help Directory.](https://github.com/msasanmh/SecureDNSClient/tree/main/Help)\
[Another Guide.](https://rentry.co/SecureDNSClient)