How to configure DNSCrypt on Windows

Martin Brinkmann
May 17, 2014
Updated • Feb 19, 2018
Security
|
14

OpenDNS launched its encrypted DNS service DNSCrypt back in 2012 and has been offering it ever since. It protects DNS look-ups made by your system by encrypting them, similar to how your Internet traffic is encrypted when you connect to https websites.

The company released DNSCrypt to Github and others have started to implement the feature into third-party services.

DNS information is valuable as they offer a nearly complete account of your Internet activities including the domains and servers you connected to.

If you encrypt the traffic, third-parties listening in on your connection cannot access the information anymore.

It makes sense to use an encrypted DNS service. DNSCrypt is not the only service that offers this, but it is freely available and if you pick the right one, without connection logging as well.

While you can use OpenDNS for all of that, you may not want to use the service as your DNS provider. As mentioned earlier, there are alternatives that provide you with the same level of encryption.

While you can now go ahead and set it up by yourself, you may prefer an easier solution.

DNSCrypt Windows Service Manager

dnscrypt windows service manager

DNSCrypt Windows Service Manager is a free program for the Windows operating system that you can use to select a provider that supports it as well. In fact, it does list OpenDNS as one of the providers but others as well so that you can test several of them or simply pick the one you want right away.

The interface of the application is bare bones, but that is fine as it provides you with all important options. It displays all network adapters that it has discovered on start and whether the DNSCrypt Service is running or not.

All you have to do is pick one of the providers and click on the enable button to start the service and encrypting your DNS traffic.

You do get options to switch the protocol from UDP to TCP, and between IPv4 and IPv6. Note that clicking enable will install the dnscrypt-proxy service on your operating system. The service is removed again when you click on the disable button.

Since it is not permanent in nature, it is ideal for testing purposes. It is recommended that you research the providers that it makes available before you enable any of them.  Encryption won't help a bit if the provider itself records your DNS look ups and uses it for marketing purposes or selling it to third-party companies.

Closing Words

Encrypting your DNS traffic is definitely something that makes sense, especially if you are using public connections regularly or at times but also if you are not, for instance to protect your Internet activities from your ISP or network administrators.

It still makes sense to use a virtual private network on top of all that, especially on public networks or networks that you do not have full control over.

Update: The program is no longer maintained. Check out Simple DNSCrypt instead.

Summary
software image
Author Rating
1star1star1star1star1star
5 based on 1 votes
Software Name
DNSCrypt Windwos Service Manager
Operating System
Windows
Software Category
Networking
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Shabalala said on September 15, 2015 at 2:55 am
    Reply

    OpenDNS records your dns queries, and (same as Google) compiles a huge database of users surfing habits. Why would anyone want to connect to the OpenDNS server securely or otherwise. Your data is not secure! Ask any hacker how easy it is to get your data. Wise up people!

  2. John said on May 18, 2014 at 4:56 pm
    Reply

    Is there a reason to use this if I’ve already set my router to use opendns, seems redundant. right?

    1. Martin Brinkmann said on May 18, 2014 at 6:33 pm
      Reply

      Is not that only available for Mac and Windows systems right now as a standalone application? I suggest you contact OpenDNS to find out.

  3. Bob said on May 18, 2014 at 6:47 am
    Reply

    @Alex,
    Little behind with that verison my friend… TV is already up to 9.
    Ya might want to update there

  4. Alex Oreshkin said on May 18, 2014 at 6:34 am
    Reply

    Was unable to use Teamviewer 6 with DNSCrypt enabled.

  5. Ray said on May 18, 2014 at 2:26 am
    Reply

    Came across another DNSCrypt app:
    https://github.com/Noxwizard/dnscrypt-winclient

    Looks a little more user-friendly. Also, the readme lists more servers.

  6. Ray said on May 18, 2014 at 1:13 am
    Reply

    Cool, I have been using OpenDNS for awhile now. Good to know that there is increased protection with DNSCrypt.

    Going to use this now. I might think about switching to OpenNIC for my DNS as well.

    Thanks for writing this blog post, Martin!

  7. PhoneyVirus said on May 18, 2014 at 12:13 am
    Reply

    As much as I like to install this application I can’t, why system needs a fresh installation and I don’t have time. Think I’m going back to the Virtual PC so I can play around with these cool applications.

    Thanks for the little Tutorial Martin

    PhoneyVirus

  8. Dave said on May 17, 2014 at 9:54 pm
    Reply

    This is freeking awesome!

    I wonder if I can install something on my router so that all my devices can use DNSCrypt…

    1. Tom Hawack said on May 17, 2014 at 11:20 pm
      Reply

      The developer of DNSCrypt Windows Service Manager, Simon Clausen, on his site mentioned on this article, http://simonclausen.dk/projects/dnscrypt-winservicemgr/ , has a comment section and answers promptly to all questions.

  9. Tom Hawack said on May 17, 2014 at 5:44 pm
    Reply

    Works flawlessly, a great front-end for dnscrypt. Handles everything.

    One thing worth being mentioned — of which the developer is aware — is that if you change the provider from default (dnssec.eu) to another of the list, calling back DNSCrypt Windows Service Manager will always display the default dnssec.eu even though the user has opted for another provider, BUT only on this display : Registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dnscrypt-proxy\Parameters will show the correct Provider under ProviderName.

    Encrypting DNS requests is an important link in Web security, need it be mentioned.
    Thanks for this article, Martin

    1. Ray said on May 18, 2014 at 1:14 am
      Reply

      Thanks for this info, Tom.

      Make sure to let Simon know about this minor bug.

      1. Tom Hawack said on May 18, 2014 at 8:50 am
        Reply

        Simon is aware of this minor bug, as I mentioned it, he had acknowledged it answering to a user’s comment on his page. That’s why I know he is. It is indeed only a minor bug but which can be misleading if unknown by the user.
        Hum… the user was guess who? :) I shouldn’t provide this top-secret information, I hope the National Soccer Association won’t be reading this!

    2. Martin Brinkmann said on May 17, 2014 at 6:03 pm
      Reply

      And thanks to you for the added information, useful!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.