dprox: a lightweight DNS proxy server, compatible with dnsmasq-china-list

[ bsd3, dns, program ] [ Propose Tags ]

Please see the README on GitHub at https://github.com/bjin/dprox#readme

[Skip to Readme]


Manual Flags


Enable static build


Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


  • No Candidates
Versions [RSS] 0.1.0, 0.1.1, 0.1.2,, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2
Dependencies attoparsec (>=0.13), base (>=4.12 && <5), bytestring (>=0.10), bytestring-trie (>=0.2.4), containers (>=0.6), dns (>=3.0.4), fast-logger (>=3.0), hashable (>=1.2), iproute (>=1.7), network (>=2.8), optparse-applicative (>=0.14), psqueues (>=0.2.3), streaming-commons (>=0.2), time (>=1.8) [details]
License BSD-3-Clause
Copyright 2023 Bin Jin
Author Bin Jin
Maintainer bjin@ctrl-d.org
Category DNS
Home page https://github.com/bjin/dprox#readme
Bug tracker https://github.com/bjin/dprox/issues
Source repo head: git clone https://github.com/bjin/dprox
Uploaded by BinJin at 2023-06-04T17:56:44Z
Distributions NixOS:0.4.2
Executables dprox
Downloads 2134 total (2 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
Last success reported on 2023-06-04 [all 1 reports]

Readme for dprox-0.4.2

[back to package description]


CircleCI CirrusCI Depends Release Hackage AUR License

dprox is a lightweight DNS proxy server. It's created as a drop-in replacement of dnsmasq to work with dnsmasq-china-list, while improving the overall lookup performance over large domain list.


dprox should build and work on all unix-like OS with ghc support, as well as Windows.

While dprox can be built with cabal like any other Hackage packages, for a reliable compilation with pinned dependencies, stack is generally recommended.

stack setup
stack install

For Arch Linux users, an AUR package is provided. Alternatively, you also can use the statically linked binary for the latest release.


Only a small subset of dnsmasq options are implemented at the moment, just barely enough to work with dnsmasq-china-list and hosts-blocklists.

Here is the list of implemented dnsmasq options (with server, local, address and bogus-nxdomain options allowed in configuration file):

-p, --port=<port>
-a, --listen-address=<ipaddr>
-C, --conf-file=<file>
-h, --no-hosts
-H, --addn-hosts=<file>
-S, --local, --server=[/<domain>/]<ipaddr>[#<port>]
-A, --address=[/<domain>/]<ipaddr>
-B, --bogus-nxdomain=<ipaddr>

Use dprox --help or dnsmasq manpage for further details about these options. But be aware that there might be minor differences on some options like --server.

To use dprox with dnsmasq-china-list, with "" as the remote DNS server:

dprox -C /etc/dnsmasq.d/accelerated-domains.china.conf -C /etc/dnsmasq.d/bogus-nxdomain.china.conf -S

To use dprox with hosts-blocklists and the default remote DNS server (""), without loading system hosts file:

dprox -C /opt/hosts-blocklists/domains.txt -H /opt/hosts-blocklists/hostnames.txt -h

There is also a customized --ipset option (different from dnsmasq). If DNS response somehow matches ipset, alternative DNS server ipset-server will be used instead. The exact matching policy can be set by ipset-match.

--ipset <ipmask>
--ipset-match <none|all|any|anynotmatch>
--ipset-server <ipaddr>[#port]
--ipset-file <file>

Known Issue

  • dprox has fairly large memory footprint at the moment. About 85MB for current dnsmasq-china-list.


dprox is licensed under the BSD3 license. See LICENSE file for details.