Got an idea for improving dnscrypt-proxy? We'd love to hear it!
Please read the documentation first in case the behavior already exists or is already documented.
Start with a discussion
The best way to propose a new feature is to start in Discussions under the "Ideas" category. This lets us:
- Talk through the idea together
- Get feedback from other users
- Figure out the best approach
Once we've discussed and agreed on a direction, we can convert it into a tracked issue here.
This helps keep the issue tracker focused on work that's ready to be done.
Summary
Why would this be useful?
Possible implementation
Summary
I want dnscrypt-proxy only resolve A and AAAA and block else, because my primary use is browser and i have no other use of DNS types. Some malicious software actively trying to probe my network by sending PTR or TXT using DNS and I have no way to stop this.
I was able to block TXT but it leaked PTR to upstream. Could you add a filter like this:
# when set, filter the request if the type is match by one of
filter-by-type = PTR,TXT,MX,HTTPS
or
So I don't have to do:
User ---> DNSMasq(filter-rr=TXT,PTR <- This blocks TXT but PTR is ggeting though anyway) --> dnscrypt-proxy
chain.
Why would this be useful?
Some users already asked similar thing;
Possible implementation
# when set, filter the request if the type is match by one of
filter-by-type = PTR,TXT,MX,HTTPS,HINFO
or
Got an idea for improving dnscrypt-proxy? We'd love to hear it!
Please read the documentation first in case the behavior already exists or is already documented.
Start with a discussion
The best way to propose a new feature is to start in Discussions under the "Ideas" category. This lets us:
Once we've discussed and agreed on a direction, we can convert it into a tracked issue here.
This helps keep the issue tracker focused on work that's ready to be done.
Summary
Why would this be useful?
Possible implementation
Summary
I want dnscrypt-proxy only resolve A and AAAA and block else, because my primary use is browser and i have no other use of DNS types. Some malicious software actively trying to probe my network by sending
PTRor TXT using DNS and I have no way to stop this.I was able to block TXT but it leaked PTR to upstream. Could you add a filter like this:
or
So I don't have to do:
User ---> DNSMasq(filter-rr=TXT,PTR <- This blocks TXT but PTR is ggeting though anyway) --> dnscrypt-proxy
chain.
Why would this be useful?
Some users already asked similar thing;
Possible implementation
or