From 052183363156d20801e93b7556f5f3794bfa972d Mon Sep 17 00:00:00 2001 From: MSasanMH Date: Tue, 11 Jun 2024 22:23:04 +0330 Subject: [PATCH] Update README.md --- README.md | 230 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 211 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 5631f99..d0ffc59 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,8 @@ **A Secure DNS Client.** Using: _[Msmh Agnostic Server](https://github.com/msasanmh/MsmhAgnosticServer)_, _[DNSLookup](https://github.com/ameshkov/dnslookup)_ and _[GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI)_. (Windows only) -Client implementation: _DNSCrypt, Anonymized DNSCrypt, DNS-Over-Https, DNS-Over-TLS, DNS-Over-UDP and DNS-Over-TCP._
-Server implementation: _DNS-Over-Https, DNS-Over-UDP and DNS-Over-TCP._ +Client implementation: _DNSCrypt, Anonymized DNSCrypt, DoH, DoT and Plain DNS (UDP & TCP)._
+Server implementation: _DoH and Plain DNS (UDP & TCP)._ - *Find and use fastest secure DNS servers.* - *Hide SNI and website addresses from ISP (Fragment or Fake SNI).* @@ -16,25 +16,217 @@ Server implementation: _DNS-Over-Https, DNS-Over-UDP and DNS-Over-TCP._ - *Encode and decode DNSCrypt STAMP (sdns://).* - *Share to other devices via Proxy (HTTP, HTTPS, SOCKS4, SOCKS4A, SOCKS5).* -**Requirements:** `.Net Destop Runtime 6` and `ASP.NET Core Runtime 6`

-For x64:
-First install [.Net Destop Runtime x64 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.31-windows-x64-installer)
-Then install [ASP.NET Core Runtime x64 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-6.0.31-windows-x64-installer)

-For x86:
-First install [.Net Destop Runtime x86 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.31-windows-x86-installer)
-Then install [ASP.NET Core Runtime x86 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-6.0.31-windows-x86-installer)

-[Microsoft .NET 6.0 Runtime Page](https://dotnet.microsoft.com/en-us/download/dotnet/6.0)
+**Requirements:** `.Net Destop Runtime 6` and `ASP.NET Core Runtime 6` -**Download:**
-[Download latest version of Secure DNS Client](https://github.com/msasanmh/SecureDNSClient/releases/latest)
+For x64:\ +First install [.Net Destop Runtime x64 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.31-windows-x64-installer)\ +Then install [ASP.NET Core Runtime x64 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-6.0.31-windows-x64-installer) -**Note:** -*some antivirus apps raise alert as PUA (Potentially Unwanted Application) for WinDivert which is used by GoodbyeDPI.* -*If your antivirus detects WinDivert as a threat, add it to your exclusion list to ensure SDC functions as expected.* +For x86:\ +First install [.Net Destop Runtime x86 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.31-windows-x86-installer)\ +Then install [ASP.NET Core Runtime x86 v6.0.31](https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-6.0.31-windows-x86-installer) -**Help (How to Use):**
-[Find Docs and Videos in Help Directory](https://github.com/msasanmh/SecureDNSClient/tree/main/Help)
-[Guide](https://rentry.co/SecureDNSClient)
-I'll add more documentations and videos soon. +[Microsoft .NET 6.0 Runtime Page](https://dotnet.microsoft.com/en-us/download/dotnet/6.0) + +**Download:**\ +[Download latest version of SDC - Secure DNS Client](https://github.com/msasanmh/SecureDNSClient/releases/latest) + +--- + +### Notes +* SDC is not a VPN and it does not change your IP address, so your IP address is still visible to the websites you visit. +* SDC is open source and super clean. If your Antivirus raise an alert it's False-Positive, any programmer can read the source and confirm it. some antivirus apps raise alert as PUA (Potentially Unwanted Application) for WinDivert which is used by GoodbyeDPI. If your antivirus detects WinDivert as a threat, add it to your exclusion list to ensure SDC functions as expected. + +--- + +### Features +* Connect with built-in servers or use your own custom servers. +* Find fastest DNS Servers. +* Bypass any SNI/DNS based blocked websites by Fragment and Fake SNI. +* Create local Plain DNS and DoH Servers. +* Supports per domain rules. +* Advanced DNS Scanner. + - Detection of Google safe search. + - Detection of Bing safe search. + - Detection of blocked or restricted Youtube. + - Detection of blocked Adult Content. + - Export online servers based on condition. +* DNS Lookup. +* Cloudflare clean IP scanner. +* Can Read/Modify/Generate STAMP (sdns://) URLs. +* Run and connect on Windows Startup. +* Import servers from text files. +* Extract and import servers from URLs. +* Double-Click on a custom server to get info and status. +* Import/Export all settings. + +--- + +### Supported Protocols +* **DNSCrypt** + - Must be in STAMP format. e.g. + - `sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw` +* **Anonymized DNSCrypt** + - Pattern: `` `` `` + - `` can be in STAMP or IP:PORT format. + - Example: + - `sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw sdns://gQ4xNzcuNTQuMTQ1LjEzMQ` + - `sdns://AQcAAAAAAAAAETg5LjM4LjEzMS4zODo0MzQzIKWHS9r0FoKY--wcnJl1Ar5aOUb91xsufvPUjid3rNRaHzIuZG5zY3J5cHQtY2VydC5hbXMtZG5zY3J5cHQtbmw 177.54.145.131:443` +* **DoH (DNS Over HTTPS)** + - Example (HTTP/2): + - `https://max.rethinkdns.com/dns-query` + - Example (HTTP/3): + - `h3://max.rethinkdns.com/dns-query` +* **DoT (DNS Over TLS)** + - Example: + - `tls://dns.quad9.net` +* **Plain DNS (UDP & TCP)** + - Example: + - `udp://8.8.8.8:53` + - `tcp://1.1.1.1:53` + +--- + +### DNS Rules +* Syntax (wildcard is supported): + - `Domain` `|` `Rules` `;` +* Rules: + - Fake DNS (forward a domain to your desired IP address):\ + `example.com|127.0.0.1;` + - Use a custom DNS for a domain:\ + `example.com|dns:https://max.rethinkdns.com/dns-query;` + - Use a custom and blocked DNS by an upstream proxy:\ + `example.com|dns:https://max.rethinkdns.com/dns-query;dnsproxy:socks5://127.0.0.1:1080;` + - DNS Domain (Get IP for a domain and use it for another domain):\ + `youtube.com|dnsdomain:google.com;` + - Block a domain and all it's sub-domains:\ + `example.com|-;`\ + `*.example.com|-;` +

+* Example of DNS Rules file: +``` +// Variables +SmartDns1 = https://one.YourSmartDnsServer.net/dns-query; +SmartDns2 = https://two.YourSmartDnsServer.net/dns-query; +SmartDns3 = https://three.YourSmartDnsServer.net/dns-query; + +// YouTube +youtube.com|dnsdomain:google.com; +ytimg.com|dnsdomain:google.com; +*.ytimg.com|dnsdomain:google.com; +ggpht.com|dnsdomain:google.com; +*.ggpht.com|dnsdomain:*.googleusercontent.com; +*.googleapis|dnsdomain:google.com; +*.googlevideo.com|dnsdomain:*.c.docs.google.com; + +// Use Smart DNS For These Domains +developers.google.com|dns:SmartDns1,SmartDns2,SmartDns3; +*.googleusercontent.com|dns:SmartDns1,SmartDns2,SmartDns3; +developer.android.com|dns:SmartDns1,SmartDns2,SmartDns3; +gemini.google.com|dns:SmartDns1,SmartDns2,SmartDns3; +*.openai.com|dns:SmartDns1; +claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; +*.claude.ai|dns:SmartDns1,SmartDns2,SmartDns3; +spotify.com|dns:SmartDns1,SmartDns2,SmartDns3; +*.spotify.com|dns:SmartDns1,SmartDns2,SmartDns3; +``` --- + +### Proxy Server +* Proxy server is use to bypass SNI/DNS based blocked websites. +* How to use: + 1. SDC DNS Server must be online and set to System. + 2. Atleast one of DPI Bypass options must be active. + - Fragment + - SSL Decryption (by installing self-signed root certificate authority) + - Enable `Change SNI` and provide a fake SNI. + 3. Start Proxy Server. + 4. Set Proxy to System. + +--- + +### Proxy Rules +* Syntax (wildcard is supported): + - `Domain` `|` `Rules` `;` +* Rules: + - Fake DNS (forward a domain to your desired IP address):\ + `example.com|127.0.0.1;` + - Use a custom DNS for a domain:\ + `example.com|dns:https://max.rethinkdns.com/dns-query;` + - Use a custom and blocked DNS by an upstream proxy:\ + `example.com|dns:https://max.rethinkdns.com/dns-query;dnsproxy:socks5://127.0.0.1:1080;` + - DNS Domain (Get IP for a domain and use it for another domain):\ + `youtube.com|dnsdomain:google.com;` + - Use upstream proxy for a domain (only socks5 and http are supported):\ + `example.com|proxy:socks5://127.0.0.1:1080;`\ + `example.com|proxy:http://127.0.0.1:1080;` + - Use upstream proxy with user and pass:\ + `example.com|proxy:socks5://127.0.0.1:1080&user:UserName&pass:PassWord;` + - Set a custom/fake SNI for a domain:\ + `*.googlevideo.com|sni:google.com;` + - Don't apply DPI bypass for a domain:\ + `example.com|--;`\ + `*.example.com|--;` + - Block a domain and all it's sub-domains:\ + `example.com|-;`\ + `*.example.com|-;` +

+* Example of Proxy Rules file: +``` +// Variables +SmartDns1 = https://one.YourSmartDnsServer.net/dns-query; +SmartDns2 = https://two.YourSmartDnsServer.net/dns-query; +SmartDns3 = https://three.YourSmartDnsServer.net/dns-query; + +// Defaults +blockport:53,80; + +// YouTube +youtube.com|dnsdomain:google.com;sni:google.com; +ytimg.com|dnsdomain:google.com; +*.ytimg.com|dnsdomain:google.com; +ggpht.com|dnsdomain:google.com; +*.ggpht.com|dnsdomain:*.googleusercontent.com; +*.googleapis|dnsdomain:google.com; +*.googlevideo.com|dnsdomain:*.c.docs.google.com;sni:google.com; + +// Use Smart DNS For These Domains +developers.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; +*.googleusercontent.com|--;dns:SmartDns1,SmartDns2,SmartDns3; +developer.android.com|--;dns:SmartDns1,SmartDns2,SmartDns3; +gemini.google.com|--;dns:SmartDns1,SmartDns2,SmartDns3; +*.openai.com|--;dns:SmartDns1; +claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; +*.claude.ai|--;dns:SmartDns1,SmartDns2,SmartDns3; +spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3; +*.spotify.com|--;dns:SmartDns1,SmartDns2,SmartDns3; + +// Don't Apply DPI Bypass To These Domains +google.com|--; +*.google.com|--; +github.com|--; +*.github.com|--; +githubusercontent.com|--; +*.githubusercontent.com|--; +stackoverflow.com|--; +*.stackoverflow.com|--; +*.sstatic.net|--; +*.cookielaw.org|--; +every1dns.com|--; +*.every1dns.com|--; +nslookup.io|--; +*.nslookup.io|--; +php.net|--; +save.tube|--; + +// Apply Defaults To Other Domains +*|+; +``` + +--- + +[Find Videos in Help Directory.](https://github.com/msasanmh/SecureDNSClient/tree/main/Help)\ +[Another Guide.](https://rentry.co/SecureDNSClient) + +