For long OpenDNS has been our favorite DNS service, not just it helps in keeping PC secure by blocking malware spreading sites but also improves browsing experience on slow internet connection by fetching sites from its cache. OpenDNS actively blocks botnet, phishing websites and malware and now here is another step towards user protections from most sophisticated attacks such as man in middle attack and eavesdropping. OpenDNS has released a new tool for Windows and Mac users, DNSCrypt. Before we explain what is DNSCrypt you must know what is DNS. DNS aka Domain Name Server, is the basic building block of internet, every time when you open your browser and type website address your request is forwarded to DNS server who in turn sends back the actual IP address of website server. It is not just restricted to browsing website, it is also used even when you send instant message, emails or do anything online.
Until now DNS was believed to be most secure system but with Kaminsky Vulnerability, it exposed the underlying security issues associated with DNS protocol. This vulnerability had affected nearly all DNS server exists in this world.
Now in order to address and secure any such future security issues related to DNS protocol or server, OpenDNS has designed DNSCrypt, a tool which will turn our regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between OpenDNS users and DNS servers in OpenDNS data center.
Installing DNSCrypt is very simple and doesn’t require much work. OnceInstall it will auto start with Windows/Mac. You can access DNSCrypt control panel from system tray.
DNSCrypt also comes with OpenDNS setting so no longer need two different tool. You can enable/disable OpenDNS or DNSCrypt from control panel. Using DNSCrypt over SSL i.e TCP 443 will make your connection bit slower and it is advisable to use it only when you surf from open public networks.