Differences with dnscrypt-proxy 1.x

Features	dnscrypt-proxy 1.x	dnscrypt-proxy 2.x
Status	Old PoC, barely maintained any more	Very new, but quickly evolving
Code quality	Big ugly mess	Readable, easy to work on
Reliability	Poor, due to completely broken handling of edge cases	Excellent
Security	Written in C, bundles patched versions from old branches of system libraries	Written in standard and portable Go
Dependencies	Specific versions of dnscrypt-proxy, libldns and libtool	None
Upstream connections using TCP	Catastrophic, requires client retries	Implemented as anyone would expect, works well with TOR
XChaCha20 support	Only if compiled with recent versions of libsodium	Yes, always available
Support of links with small MTU	Unreliable due to completely broken padding	Reliable, properly implemented
Support for multiple servers	Nonexistent	Yes, with automatic failover and load-balancing
Custom additions	C API, requires libldns for sanity	Simple Go structures using miekg/dns
AAAA blocking for IPv4-only networks	Yes	Yes
DNS caching	Yes, with ugly hacks for DNSSEC support	Yes, without ugly hacks
EDNS support	Broken with custom records	Yes
Asynchronous filters	Lol, no, filters block everything	Of course, thanks to Go
Session-local storage for extensions	Impossible	Yes
Multicore support	Nonexistent	Yes, thanks to Go
Efficient padding of queries	Couldn't be any worse	Yes
Multiple local sockets	Impossible	Of course. IPv4, IPv6, as many as you like
Automatically picks the fastest servers	Lol, it supports only one at a time, anyway	Yes, out of the box
Official, always up-to-date pre-built libraries	None	Yes, for many platforms. See below.
Automatically downloads and verifies servers lists	No. Requires custom scripts, cron jobs and dependencies (minisign)	Yes, built-in, including signature verification
Advanced expressions in blacklists (ads.example[0-9].com)	No	Yes
Forwarding with load balancing	No	Yes
Built-in system installer	Only on Windows	Install/uninstall/start/stop/restart as a service on Windows, Linux/(systemd,Upstart,SysV), and macOS/launchd
Built-in servers latency benchmark	No	Yes
Query type filter: only log a relevant set of query types	No	Yes
Support for the Windows Event Log	No	Yes
Log suspicious queries (leading to NXDOMAIN)	No	Yes
IP filtering	Yes, but can be bypassed due to a vulnerability	Yes, doesn't have the vulnerability from v1
Systemd support	Yes, but don't complain about it	Yes, but don't complain about it either
Stamps, as a simple way to provide server parameters	No	Yes
Supported protocols	DNSCrypt v1, DNSCrypt v2	DNSCrypt v1, DNSCrypt v2, DNS-over-HTTPS, Oblivious DNS-over-HTTPS, Anonymized DNSCrypt
Time-based access control	No	Yes, per domain, with multiple weekly schedules
Cloaking (like a HOSTS file for the network)	No	Yes, can also return IPs from other names & flatten CNAME records

In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"

to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :

sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)