diff --git a/net/dnscrypt-proxy/Makefile b/net/dnscrypt-proxy/Makefile
new file mode 100644
index 000000000..281b4e3f9
--- /dev/null
+++ b/net/dnscrypt-proxy/Makefile
@@ -0,0 +1,121 @@
+#
+# Copyright (C) 2009-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dnscrypt-proxy
+PKG_VERSION:=1.4.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://download.dnscrypt.org/dnscrypt-proxy
+PKG_MD5SUM:=c31d14d8de2123e9f2ddf26216577841
+PKG_CAT:=zcat
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+PKG_LICENSE:=ISC
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dnscrypt-proxy/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  DEPENDS:=+libsodium
+  URL:=http://dnscrypt.org/
+  MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+endef
+
+define Package/dnscrypt-proxy
+  $(call Package/dnscrypt-proxy/Default)
+  TITLE:=A tool for securing communications between a client and a DNS resolver
+endef
+
+define Package/dnscrypt-proxy/description
+  dnscrypt-proxy provides local service which can be used directly as your
+  local resolver or as a DNS forwarder, encrypting and authenticating requests
+  using the DNSCrypt protocol and passing them to an upstream server.
+  The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography
+  and is very similar to DNSCurve, but focuses on securing communications between
+  a client and its first-level resolver.
+endef
+
+define Package/hostip
+  $(call Package/dnscrypt-proxy/Default)
+  TITLE:=Resolver to IPv4 or IPv6 addresses
+endef
+
+define Package/hostip/description
+  The DNSCrypt proxy ships with a simple tool named hostip that resolves a name
+  to IPv4 or IPv6 addresses.
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+	--prefix=/usr \
+	--disable-ssp \
+	)
+endef
+
+TARGET_CFLAGS += \
+	-fomit-frame-pointer \
+	-fdata-sections \
+	-ffunction-sections
+
+TARGET_LDFLAGS += \
+	-Wl,-gc-sections
+
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS)" \
+	LDFLAGS="$(TARGET_LDFLAGS)"
+
+define Package/dnscrypt-proxy/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnscrypt-proxy $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/share/dnscrypt-proxy
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv $(1)/usr/share/dnscrypt-proxy/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/dnscrypt-proxy.init $(1)/etc/init.d/dnscrypt-proxy
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/dnscrypt-proxy.config $(1)/etc/config/dnscrypt-proxy
+endef
+
+define Package/dnscrypt-proxy/postinst
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+        echo "Enabling rc.d symlink for dnscrypt-proxy"
+        /etc/init.d/dnscrypt-proxy enable
+fi
+exit 0
+endef
+
+define Package/dnscrypt-proxy/prerm
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+        echo "Removing rc.d symlink for dnscrypt-proxy"
+        /etc/init.d/dnscrypt-proxy disable
+fi
+exit 0
+endef
+
+define Package/dnscrypt-proxy/conffiles
+  /etc/config/dnscrypt-proxy
+endef
+
+define Package/hostip/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/hostip $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,dnscrypt-proxy))
+$(eval $(call BuildPackage,hostip))
diff --git a/net/dnscrypt-proxy/files/dnscrypt-proxy.config b/net/dnscrypt-proxy/files/dnscrypt-proxy.config
new file mode 100644
index 000000000..d0dbc2d00
--- /dev/null
+++ b/net/dnscrypt-proxy/files/dnscrypt-proxy.config
@@ -0,0 +1,5 @@
+config dnscrypt-proxy
+	option address '127.0.0.1'
+	option port '5353'
+	# option resolver 'opendns'
+	# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
diff --git a/net/dnscrypt-proxy/files/dnscrypt-proxy.init b/net/dnscrypt-proxy/files/dnscrypt-proxy.init
new file mode 100644
index 000000000..24f29ae2c
--- /dev/null
+++ b/net/dnscrypt-proxy/files/dnscrypt-proxy.init
@@ -0,0 +1,27 @@
+#!/bin/sh /etc/rc.common
+
+START=50
+
+start_instance () {
+	local section="$1"
+	config_get address         "$section" 'address'
+	config_get port            "$section" 'port'
+	config_get resolver        "$section" 'resolver'
+	config_get resolvers_list  "$section" 'resolvers_list'
+
+	service_start /usr/sbin/dnscrypt-proxy -d \
+		-a ${address}:${port} \
+		-u nobody \
+		-L ${resolvers_list:-'/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'} \
+		-R ${resolver:-'opendns'}
+}
+
+start() {
+	config_load 'dnscrypt-proxy'
+	config_foreach start_instance 'dnscrypt-proxy'
+}
+
+stop() {
+	service_stop /usr/sbin/dnscrypt-proxy
+}
+