OpenDNS DNSCrypt, Increase Security By Encrypting DNS Traffic
Computer users face many dangers when they connect their computer to the Internet, from being attacked while visiting websites over malicious software to man in the middle attacks and traffic snooping.
The popular DNS provider OpenDNS has just announced that they have created another tool for users to protect themselves and their data from a range of DNS-based security threats and issues.
DNSCrypt basically does what SSL does for connections to websites. You may remember that https connections use encryption to block data snooping, for instance by users or administrators who are connected to the same computer network or have access to the network.
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
One example of a DNS-based attack is cache poisoning, allowing attackers to redirect network clients to alternate servers. A user wanting to visit the official PayPal website could be redirected to a fake site that still shows the official domain name of the site in the browser's address bar.
DNS Crypt has been released as a preview for Windows and Mac operating systems. It only works in conjunction with OpenDNS, which means that users need to change their computer's DNS provider to OpenDNS to make use of the new security feature. The software is not changing the way clients are accessing the Internet, or making modifications to the system that makes it incompatible with Internet services.
Here are the steps to get DNSCrypt working:
- Configure your Internet connection to use OpenDNS as the DNS provider.
- Install Dns Crypt on your system
That's it. DnsCrypt adds an icon to the Windows System Tray that indicates whether the operating system is protected by the feature. A double-click, orÂ a right-click and the selection of Open Control Center from the context menu, displays configuration options and a status screen where you can see if OpenDNS and DNSCrypt have been configured properly on the system.
You can use the configuration menu to disable either feature (it does not really make sense to disable OpenDNS only though), disable the fall back option to standard unencrypted traffic, or try the DNSCrypt over TCP 443 option should you run into firewall issues.
The source code of DNSCrypt has been made available on GitHub, so that it can be analyzed before the software is used on a system or in a network.
It needs to be considered that this is a preview release, and while we did not spot any issues running the service, it should still be seen as a beta version.
DNSCrypt can improve security further, especially in situations where you are not the person managing the computer network. If you connect to the Internet on airports, in hotels, or Internet Cafes, you may want to install and use the software to protect your system further from DNS-based attacks. (thanks Vineeth for the tip)
Update: Be aware that the program requires the Microsoft .Net Framework 3.5 to be installed on the system. You can check out our DNSCrypt configuration guide for Windows and our review of Simple DNSCrypt for Windows.Advertisement