How to configure DNSCrypt on Windows
OpenDNS launched its encrypted DNS service DNSCrypt back in 2012 and has been offering it ever since. It protects DNS look-ups made by your system by encrypting them, similar to how your Internet traffic is encrypted when you connect to https websites.
The company released DNSCrypt to Github and others have started to implement the feature into third-party services.
DNS information is valuable as they offer a nearly complete account of your Internet activities including the domains and servers you connected to.
If you encrypt the traffic, third-parties listening in on your connection cannot access the information anymore.
It makes sense to use an encrypted DNS service. DNSCrypt is not the only service that offers this, but it is freely available and if you pick the right one, without connection logging as well.
While you can use OpenDNS for all of that, you may not want to use the service as your DNS provider. As mentioned earlier, there are alternatives that provide you with the same level of encryption.
While you can now go ahead and set it up by yourself, you may prefer an easier solution.
DNSCrypt Windows Service Manager
DNSCrypt Windows Service Manager is a free program for the Windows operating system that you can use to select a provider that supports it as well. In fact, it does list OpenDNS as one of the providers but others as well so that you can test several of them or simply pick the one you want right away.
The interface of the application is bare bones, but that is fine as it provides you with all important options. It displays all network adapters that it has discovered on start and whether the DNSCrypt Service is running or not.
All you have to do is pick one of the providers and click on the enable button to start the service and encrypting your DNS traffic.
You do get options to switch the protocol from UDP to TCP, and between IPv4 and IPv6. Note that clicking enable will install the dnscrypt-proxy service on your operating system. The service is removed again when you click on the disable button.
Since it is not permanent in nature, it is ideal for testing purposes. It is recommended that you research the providers that it makes available before you enable any of them. Encryption won't help a bit if the provider itself records your DNS look ups and uses it for marketing purposes or selling it to third-party companies.
Closing Words
Encrypting your DNS traffic is definitely something that makes sense, especially if you are using public connections regularly or at times but also if you are not, for instance to protect your Internet activities from your ISP or network administrators.
It still makes sense to use a virtual private network on top of all that, especially on public networks or networks that you do not have full control over.
Update: The program is no longer maintained. Check out Simple DNSCrypt instead.
OpenDNS records your dns queries, and (same as Google) compiles a huge database of users surfing habits. Why would anyone want to connect to the OpenDNS server securely or otherwise. Your data is not secure! Ask any hacker how easy it is to get your data. Wise up people!
Is there a reason to use this if I’ve already set my router to use opendns, seems redundant. right?
Is not that only available for Mac and Windows systems right now as a standalone application? I suggest you contact OpenDNS to find out.
@Alex,
Little behind with that verison my friend… TV is already up to 9.
Ya might want to update there
Was unable to use Teamviewer 6 with DNSCrypt enabled.
Came across another DNSCrypt app:
https://github.com/Noxwizard/dnscrypt-winclient
Looks a little more user-friendly. Also, the readme lists more servers.
Cool, I have been using OpenDNS for awhile now. Good to know that there is increased protection with DNSCrypt.
Going to use this now. I might think about switching to OpenNIC for my DNS as well.
Thanks for writing this blog post, Martin!
As much as I like to install this application I can’t, why system needs a fresh installation and I don’t have time. Think I’m going back to the Virtual PC so I can play around with these cool applications.
Thanks for the little Tutorial Martin
PhoneyVirus
This is freeking awesome!
I wonder if I can install something on my router so that all my devices can use DNSCrypt…
The developer of DNSCrypt Windows Service Manager, Simon Clausen, on his site mentioned on this article, http://simonclausen.dk/projects/dnscrypt-winservicemgr/ , has a comment section and answers promptly to all questions.
Works flawlessly, a great front-end for dnscrypt. Handles everything.
One thing worth being mentioned — of which the developer is aware — is that if you change the provider from default (dnssec.eu) to another of the list, calling back DNSCrypt Windows Service Manager will always display the default dnssec.eu even though the user has opted for another provider, BUT only on this display : Registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dnscrypt-proxy\Parameters will show the correct Provider under ProviderName.
Encrypting DNS requests is an important link in Web security, need it be mentioned.
Thanks for this article, Martin
Thanks for this info, Tom.
Make sure to let Simon know about this minor bug.
Simon is aware of this minor bug, as I mentioned it, he had acknowledged it answering to a user’s comment on his page. That’s why I know he is. It is indeed only a minor bug but which can be misleading if unknown by the user.
Hum… the user was guess who? :) I shouldn’t provide this top-secret information, I hope the National Soccer Association won’t be reading this!
And thanks to you for the added information, useful!