diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile
index 5412ecdc1..abb292b96 100644
--- a/net/dnsproxy/Makefile
+++ b/net/dnsproxy/Makefile
@@ -34,6 +34,7 @@ define Package/dnsproxy
   TITLE:=Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
   URL:=https://github.com/AdguardTeam/dnsproxy
   DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle
+  USERID:=dnsproxy=411:dnsproxy=411
 endef
 
 define Package/dnsproxy/description
@@ -42,5 +43,14 @@ define Package/dnsproxy/description
   work as a DNS-over-HTTPS, DNS-over-TLS or DNS-over-QUIC server.
 endef
 
+define Package/dnsproxy/install
+	$(call GoPackage/Package/Install/Bin,$(1))
+
+	$(INSTALL_DIR) $(1)/etc/config/
+	$(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) $(CURDIR)/files/dnsproxy.init $(1)/etc/init.d/dnsproxy
+endef
+
 $(eval $(call GoBinPackage,dnsproxy))
 $(eval $(call BuildPackage,dnsproxy))
diff --git a/net/dnsproxy/files/dnsproxy.config b/net/dnsproxy/files/dnsproxy.config
new file mode 100644
index 000000000..a9fa02028
--- /dev/null
+++ b/net/dnsproxy/files/dnsproxy.config
@@ -0,0 +1,41 @@
+
+# For documents, please see https://github.com/AdguardTeam/dnsproxy#usage
+
+config dnsproxy 'global'
+	option enabled '0'
+	option listen_addr '127.0.0.1'
+	option listen_port '5353'
+	option log_file ''
+	option all_servers '0'
+	option fastest_addr '0'
+	option insecure '0'
+	option ipv6_disabled '0'
+	option max_go_routines ''
+	option rate_limit ''
+	option refuse_any '0'
+	option udp_buf_size ''
+	option verbose '0'
+
+config dnsproxy 'bogus_nxdomain'
+	list ip_addr ''
+
+config dnsproxy 'cache'
+	option enabled '0'
+	option cache_optimistic '0'
+	option size '65535'
+	option min_ttl ''
+	option max_ttl ''
+
+config dnsproxy 'dns64'
+	option enabled '0'
+	option dns64_prefix '64:ff9b::'
+
+config dnsproxy 'edns'
+	option enabled '0'
+	option edns_addr ''
+
+config dnsproxy 'servers'
+	list bootstrap 'tls://8.8.8.8'
+	list fallback 'tls://9.9.9.9'
+	list upstream 'tls://1.1.1.1'
+
diff --git a/net/dnsproxy/files/dnsproxy.init b/net/dnsproxy/files/dnsproxy.init
new file mode 100644
index 000000000..9ac2751b3
--- /dev/null
+++ b/net/dnsproxy/files/dnsproxy.init
@@ -0,0 +1,115 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2021 Tianling Shen <cnsztl@immortalwrt.org>
+
+USE_PROCD=1
+START=90
+
+CONF="dnsproxy"
+PROG="/usr/bin/dnsproxy"
+
+is_enabled() {
+	local enabled
+	config_get enabled "$1" "$2" "0"
+	if [ "$enabled" -eq "1" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+is_empty() {
+	local empty
+	config_get empty "$1" "$2" $3
+	if [ -z "$empty" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+append_param() {
+	procd_append_param command "$1" $2
+}
+
+append_param_arg() {
+	local value
+	config_get value "$1" "$2" $4
+	[ -n "$value" ] && append_param "$3" "$value"
+}
+
+append_param_bool() {
+	is_enabled "$1" "$2" && append_param "--${2//_/-}"
+}
+
+load_config_arg() {
+	append_param_bool "$1" "all_servers"
+	append_param_bool "$1" "fastest_addr"
+	append_param_bool "$1" "insecure"
+	append_param_bool "$1" "ipv6_disabled"
+	append_param_bool "$1" "refuse_any"
+	append_param_bool "$1" "verbose"
+}
+
+load_config_list() {
+	is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
+
+	for i in "bootstrap" "fallback" "upstream"; do
+		is_empty "servers" "$i" || config_list_foreach "servers" "$i" "append_param '--$i'"
+	done
+}
+
+load_config_param() {
+	append_param_arg "global" "listen_addr" "--listen" "127.0.0.1"
+	append_param_arg "global" "listen_port" "--port" "5353"
+	append_param_arg "global" "log_file" "--output"
+	append_param_arg "global" "max_go_routines" "--max-go-routines"
+	append_param_arg "global" "rate_limit" "--ratelimit"
+	append_param_arg "global" "udp_buf_size" "--udp-buf-size"
+
+	is_enabled "cache" "enabled" && {
+		append_param "--cache"
+		append_param_bool "cache" "cache_optimistic"
+		append_param_arg "cache" "size" "--cache-size"
+		append_param_arg "cache" "min_ttl" "--cache-min-ttl"
+		append_param_arg "cache" "max_ttl" "--cache-max-ttl"
+	}
+
+	is_enabled "dns64" "enabled" && {
+		append_param "--dns64"
+		append_param_arg "dns64" "dns64_prefix" "--dns64-prefix"
+	}
+
+	is_enabled "edns" "enabled" && {
+		append_param "--edns"
+		append_param_arg "edns" "edns_addr" "--edns-addr"
+	}
+}
+
+start_service() {
+	config_load "$CONF"
+
+	is_enabled "global" "enabled" || exit 1
+
+	procd_open_instance "$CONF"
+	procd_set_param command "$PROG"
+
+	load_config_arg "global"
+	load_config_list
+	load_config_param
+
+	procd_set_param respawn
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_set_param user dnsproxy
+
+	procd_close_instance
+}
+
+reload_service() {
+	stop
+	start
+}
+
+service_triggers() {
+	procd_add_reload_trigger "$CONF"
+}