dprox: a lightweight DNS proxy server, compatible with dnsmasq-china-list

[ bsd3, dns, program ] [ Propose Tags ]

Please see the README on GitHub at https://github.com/bjin/dprox#readme

[Skip to Readme]


Manual Flags


Enable static build


Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


  • No Candidates
Versions [RSS] 0.1.0, 0.1.1, 0.1.2,, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3
Dependencies attoparsec (>=0.13), base (>=4.12 && <5), bytestring (>=0.10), bytestring-trie (>=0.2.4), containers (>=0.6), dns (>=3.0.4), fast-logger (>=3.0), hashable (>=1.2), iproute (>=1.7), network (>=2.8), optparse-applicative (>=0.14), psqueues (>=0.2.3), streaming-commons (>=0.2), time (>=1.8), unix [details]
License BSD-3-Clause
Copyright 2023 Bin Jin
Author Bin Jin
Maintainer bjin@ctrl-d.org
Category DNS
Home page https://github.com/bjin/dprox#readme
Bug tracker https://github.com/bjin/dprox/issues
Source repo head: git clone https://github.com/bjin/dprox
Uploaded by BinJin at 2024-01-15T17:37:20Z
Distributions NixOS:0.4.3
Executables dprox
Downloads 2308 total (24 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
Last success reported on 2024-01-15 [all 1 reports]

Readme for dprox-0.4.3

[back to package description]


CircleCI CirrusCI Depends Release Hackage AUR License

dprox is a lightweight DNS proxy server. It's created as a drop-in replacement of dnsmasq to work with dnsmasq-china-list, enhancing overall lookup performance over extensive domain lists.


dprox should build and work on all unix-like OS with ghc support, as well as Windows.

Although dprox can be built using cabal like any other Hackage package, we recommend using stack for a more reliable compilation with pinned dependencies.

stack setup
stack install

Arch Linux users can install provided AUR package.

Alternatively, you can opt to use the statically linked binary available in the latest release.


Currently, only a small subset of dnsmasq options is implemented: just enough to seamlessly work with dnsmasq-china-list and hosts-blocklists.

Here is the list of implemented dnsmasq options (with server, local, address and bogus-nxdomain options allowed in configuration file):

-p, --port=<port>
-a, --listen-address=<ipaddr>
-C, --conf-file=<file>
-h, --no-hosts
-H, --addn-hosts=<file>
-S, --local, --server=[/<domain>/]<ipaddr>[#<port>]
-A, --address=[/<domain>/]<ipaddr>
-B, --bogus-nxdomain=<ipaddr>

For more details about these options, use dprox --help or refer to the dnsmasq manpage. However, be aware that there might be minor differences in some options, such as --server.

To use dprox with dnsmasq-china-list and set "" as the remote DNS server:

dprox -C /etc/dnsmasq.d/accelerated-domains.china.conf -C /etc/dnsmasq.d/bogus-nxdomain.china.conf -S

To use dprox with hosts-blocklists and use the default remote DNS server (""), excluding the loading of the system hosts file:

dprox -C /opt/hosts-blocklists/domains.txt -H /opt/hosts-blocklists/hostnames.txt -h

Additionally, a customized --ipset option is available (distinct from dnsmasq). With these options configured, in case a DNS request somehow matches with the specified ipset, dprox will switch to an alternative upstream DNS server (with the FakeDNS feature, for example), specified by ipset-server. The exact matching policy can be configured using the ipset-match. These options can be used to enable IP-based routing for DNS requests.

--ipset <ipmask>
--ipset-match <none|all|any|notall>
--ipset-server <ipaddr>[#port]
--ipset-file <file>

Known Issue

  • dprox currently has a relatively large memory footprint, approximately 85MB for the current dnsmasq-china-list.


dprox is licensed under the BSD3 license. Refer to the LICENSE file for comprehensive details.