{"id":29959580,"url":"https://github.com/edelux/dns-proxy","last_synced_at":"2026-04-11T03:31:43.167Z","repository":{"id":299553839,"uuid":"1003336740","full_name":"edelux/dns-proxy","owner":"edelux","description":"Local DNS resolver using DoH for privacy, in a tiny container and support for cloud and local infra","archived":false,"fork":false,"pushed_at":"2026-04-08T15:28:32.000Z","size":161,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-08T17:27:07.429Z","etag":null,"topics":["alpine","ci-cd","debian","dns","dns-over-https","dns-proxy","dnscrypt-proxy","dnsmasq","docker","docker-image","doh","github-actions-docker","kubernetes","lightweight","local-resolver","microcontainers","network-security","self-hosted"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edelux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-17T02:04:01.000Z","updated_at":"2026-04-08T15:31:00.000Z","dependencies_parsed_at":"2025-06-17T06:19:45.190Z","dependency_job_id":"5da4edd6-b9ab-4ab6-82c1-ed9271689cc6","html_url":"https://github.com/edelux/dns-proxy","commit_stats":null,"previous_names":["edelux/dnsmasq","edelux/dns-proxy","edelux/doh-proxy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/edelux/dns-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edelux%2Fdns-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edelux%2Fdns-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edelux%2Fdns-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edelux%2Fdns-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edelux","download_url":"https://codeload.github.com/edelux/dns-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edelux%2Fdns-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31668046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T17:19:37.612Z","status":"online","status_checked_at":"2026-04-11T02:00:05.776Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine","ci-cd","debian","dns","dns-over-https","dns-proxy","dnscrypt-proxy","dnsmasq","docker","docker-image","doh","github-actions-docker","kubernetes","lightweight","local-resolver","microcontainers","network-security","self-hosted"],"created_at":"2025-08-03T22:01:11.706Z","updated_at":"2026-04-11T03:31:43.158Z","avatar_url":"https://github.com/edelux.png","language":"Shell","readme":"\n# Lightweight DNS Proxy with dnsmasq and DNSCrypt-Proxy\n\nA secure, minimal DNS resolver container with DNS-over-HTTPS (DoH), caching, and split DNS — ideal for cloud and local infrastructure.\n\n## 🐧 About\n\n`edelux/dns-proxy` is a lightweight container built from [Debian Stable](https://www.debian.org/releases/stable/) and designed for high-security, low-footprint DNS resolution.\n\nThis image combines [`dnscrypt-proxy`](https://github.com/DNSCrypt/dnscrypt-proxy) and [`dnsmasq`](https://thekelleys.org.uk/dnsmasq/doc.html) to provide:\n\n- **DNS-over-HTTPS (DoH)** and **DNSCrypt v2** secure upstreams\n- **Anonymized DNSCrypt** and **Oblivious DoH (ODoH)** support\n- **Caching resolver** using `dnsmasq`\n- **Split DNS**: forward selected domains to traditional DNS servers\n- **Non-root execution** using `nobody` user\n- Built image **from scratch** for minimal footprint\n- Based on Debian packages unpacked with `dpkg -x` during build (no `apt install` needed at runtime)\n\n---\n\n## 🚀 Quick Start\n\nRun the container with default ports and custom parameters:\n```zsh\ndocker run --rm -p 53:53/udp -d edelux/dns-proxy\n```\n\n```zsh\ndocker run --rm -p 53:53/udp -d edelux/dns-proxy \\\n  --anonymized \\\n  --server=/ec2.internal/10.18.0.2 \\\n  --server=/amazonaws.com/10.18.0.2\n```\n\nThis configuration enables:\n\n- DNS queries to DoH providers via anonymizing relays\n- Split DNS resolution for AWS internal domains via plain DNS (recommended for cloud infra)\n\n---\n## ⚙️ Configuration via Parameters\nConfiguration is handled at runtime using command-line flags:\n\n| Flag | Description |\n| :--- | --- |\n| --server=     | Specifies a plain DNS server (e.g. --server=/amazonaws.com/10.18.0.2).  Recommended \u003cbr\u003efor internal or cloud-specific domains. |\n| --doh-server= | Defines the secure DoH or DNSCrypt v2 server. Supports DNSCrypt, DoH, Anonymized \u003cbr\u003eDNSCrypt, and ODoH. |\n| --doh-route=  | Specifies which anonymized resolver to use when querying DoH providers. |\n| --nocache     | Disables all DNS caching. Useful for debugging or environments where caching is \u003cbr\u003enot desirable. |\n| --cachesize=  | Sets the maximum number of DNS entries to cache. Set to 0 to disable caching \u003cbr\u003eentirely. |\n| --anonymized  | Enables anonymized routing of DoH queries using relay resolvers. |\n\nAll parameters are optional and can be combined freely.\n\n## ♻️ Default Settings\n\n**dmsmasq**\n```conf\nno-poll\nno-hosts\nno-resolv\nbogus-priv\nuser=nobody\ncache-size=128\nkeep-in-foreground\nserver=127.0.0.1#5300\n```\n\n**dnscrypt-proxy**\n```toml\nlisten_addresses = ['127.0.0.1:5300']\nuser_name = 'nobody'\nkeepalive = 30\n\nserver_names = ['cloudflare', 'odoh-cloudflare', 'wikimedia', 'nextdns', 'libredns', 'fdn', 'comss.one', 'bortzmeyer', 'scaleway-fr', 'anon-cs-berlin', 'anon-cs-ch', 'anon-cs-dc', 'anon-cs-fl']\nlb_strategy = 'ph'\nlb_estimator = true\n\nlog_level = 0\nrequire_nolog = true\nrequire_nofilter = true\nignore_system_dns = true\n\nrequire_dnssec = true\ndnscrypt_servers = true\nodoh_servers = true\ndoh_servers = true\n\n[sources]\n  [sources.'public-resolvers']\n    cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'\n    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'\n    refresh_delay = 72\n    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md',\n      'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']\n  [sources.relays]\n    cache_file = '/var/cache/dnscrypt-proxy/relays.md'\n    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'\n    refresh_delay = 73\n    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md',\n      'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md',\n      'https://download.dnscrypt.info/resolvers-list/v3/relays.md']\n```\n\n---\n### 📦 Architecture Support\n- amd64\n- arm64\n- riscv64 \n- ppc64le\n- s390x\n\n### ✅ Use Cases\n- Lightweight encrypted DNS proxy for secure-by-default setups\n- Internal DNS resolver for cloud environments (e.g. AWS, GCP)\n- Drop-in replacement for public resolvers in private infrastructure\n- Self-hosted DNS gateway for IoT, edge, or containerized environments\n\n### 🔐 Security \u0026 Footprint\n- Runs as unprivileged user (nobody)\n- Uses only statically unpacked system files\n- No package manager, cron, or extra services\n- No unnecessary binaries or language runtimes\n\n### 🛠 Build Philosophy\n- Based on Debian packages\n- Runtime built from scratch\n- Uses dpkg -x to extract only required files\n- No runtime apt install or package manager\n- Focused on minimalism, clarity, and reproducibility\n\n### 📎 Links\n[edelux/dns-proxy](https://hub.docker.com/repository/docker/edelux/dns-proxy)\n\n### ✨ License\nThis project is released under the [`MIT`](https://github.com/edelux/dns-proxy#MIT-1-ov-file)\n\n---\n#### 🔁 Repository Renaming Notice\nThis project was formerly published as:\n- [`Docker Hub:`edelux/dnsmasq](https://hub.docker.com/repository/docker/edelux/dnsmasq)\n- [`GitHub:` edelux/dnsmasq](https://github.com/edelux/dnsmasq)\n\n\nSupport for new images will continue under the new name edelux/dns-proxy. The previous image and repository will remain available but will only mirror updates made to this project until December 31, 2025.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedelux%2Fdns-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedelux%2Fdns-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedelux%2Fdns-proxy/lists"}