Merge now fix later

DNSCrypt introduce

README.md

@@ -1,32 +1,24 @@
 # DOT DOH with haproxy
 
-**[Mozilla ssl-config](https://ssl-config.mozilla.org/)**
-
 **!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!**
 
 ```
 Query
            Dns-over-TLS
-          --------------------->  Haproxy(Frontend)    ----------------------------->  Knot-resolver
-   Cluster                         Listen(TCP/443/853)                                 Listen(Local/dns)
-          --------------------->            (HTTP/443) -------> m13253/DOH   ------->
-	   Dns-over-HTTPS                                       Listen(Local/http)
-```
-# Server structure
-```
-    Server(or instances)
-    |
-    |----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl)
-    |           |----> DOH (m13253/dns-over-https local)
-    |                    |---------------------------------------------------------------| 
-    |----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl)          v
-                      |--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local)
-                      
+          --------------------->  Haproxy(Frontend)    ----------------------------->  
+Cluster                         Listen(TCP/443/853)                                 
+          --------------------->            (HTTP/443) -------> m13253/DOH   ------->        Knot-resolver
+	   Dns-over-HTTPS                                                                    Listen(Local/http)Listen(Local/dns)
+	   DNSCrypt v2             
+	   --------------------->  jedisct1/Encrypted DNS Server ------------------->
+                                   Listen(TCP/UDP/8443)
 ```
 
 # Recommendation
 1. [knot-resolver](https://knot-resolver.cz) **Recommend** using upstream repository on debian
 2. Download.sh **Recommend** if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
+3. [jedisct1/Encrypted-dns-server](https://github.com/jedisct1/encrypted-dns-server) is recommended if you are looking for an easy way to start a DNSCrypt server
+4. [Mozilla ssl-config](https://ssl-config.mozilla.org/) is recommended if you are looking for a sample TLS/SSL configuration for your Server Software
 
 # Mirror / Fork
 [notabug.org](https://notabug.org/lottanorta/doh-dot-haproxy)

configuration/client/dnscrypt-proxy.toml

@@ -0,0 +1,27 @@
+# This Client Configuration are made for dnscrypt-proxy and Thanks ookangzheng for sample configuration files
+# Based on https://github.com/ookangzheng/blahdns/blob/master/client-conf/dnscrypt/dnscrypt-proxy.toml
+server_names = ['ProviderName', 'ProviderNamev6-Ifexisted']
+listen_addresses = ['127.0.0.1:53', '[::1]:53']
+max_clients = 250
+force_tcp = false
+timeout = 2000
+keepalive = 30
+
+# Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
+lb_strategy = 'fastest'
+fallback_resolver = '94.140.14.14:53'
+ignore_system_dns = false
+netprobe_timeout = 30
+cache = false
+cache_size = 512
+cache_min_ttl = 90
+cache_max_ttl = 1800
+cache_neg_min_ttl = 2
+cache_neg_max_ttl = 6
+
+[static]
+## Publickey: YOURPUBKEY
+[static.'ProviderName']
+stamp = 'sdns://YOUR-DNS-STAMPS'
+[static.'ProviderNamev6-Ifexisted']
+stamp = 'sdns://YOUR-DNS-STAMPS'

filters/allowlist.rpz

@@ -1,4 +1,6 @@
 *.gvt1.com CNAME rpz-passthru.
 *.play.googleapis.com CNAME rpz-passthru.
 exappupgrade.vivoglobal.com CNAME rpz-passthru.
-sysupgrade-api.vivoglobal.com CNAME rps-passthru.
+sysupgrade-api.vivoglobal.com CNAME rpz-passthru.
+keepass.info CNAME rpz-passthru.
+keepassdx.com CNAME rpz-passthru.