Secure your Web transmissions with this Cloudeight Freeware Pick

By | July 19, 2013

DNSCrypt
Encrypts DNS transmissions to and from your computer
Windows XP, Windows Vista, Windows 7, Windows 8
32bit and 64bit systems
1.00 MB Download

Before we say another word…this is a preview release. That means it may have some bugs to work out. If you’re not comfortable installing betas or preview releases, you won’t be comfortable with this. We’ve installed and tested it and it is very easy-to-install and virtually sets everything up automatically. It could not be simpler to install or use.

We have recommended OPEN DNS before, but it’s rather complicated for Windows beginners to set up. Now comes a new product from OPEN DNS, which not only sets up OPEN DNS automatically but also installs and enables DNSCrypt automatically. What it does it turns network traffic to and from your computer into encrypted transmissions, kind of like HTTPS does — that’s the secure sever protocol like your bank and other sites use to block eavesdropping, hacking, and password sniffers from intercepting traffic between your computer and a secure server.

DNSCrypt encrypts traffic between you and OPEN DNS servers and therefore between you and whatever site or internet-connected service (Email for example) you’re using. It seems to us like this is a good precaution for users to take to prevent any snooping, eavesdropping, etc. But let us say again, if you’re using simple passwords or one password for everything, encrypting transmissions between you and other computers and servers, isn’t going to help you at all.

DNSCrypt is just a simple and easy way for you to increase your online security and privacy. It’s not going to protect you from malware and it’s not going to protect you from yourself.

Normally we’d be knee-slapping our way through this, chortling and making you smile…but the developer of DNSCrypt has a lot of important information we’d like to impart — info that can help you understand better what DNSCrypt is and what it does. You have to decide if you’d like to increase your online privacy and security. I installed it today and check my Internet connection speed and found it to be as fast or faster after installing DNSCrypt. So if your worried about it affecting your blazing speed, don’t. See?

Cloudeight InfoAve
This is about what I average. I’m paying for 10Mbps, only getting 9. You think my ISP cares?

Here’s DNSCrypt’s Control Center

Cloudeight InfoAve

And now, here are some important words from the developer of DNSCrypt:

“…In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub.

DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.

1. In plain English, what is DNSCrypt?
DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.

2. How can I use DNSCrypt today?
DNSCrypt is immediately available as a technology preview. It should work, shouldn’t cause problems, but we’re still making iterative changes regularly. You can download a version for Mac or Windows from the links above.
Tips:
If you have a firewall or other middleware mangling your packets, you should try enabling DNSCrypt with TCP over port 443. This will make most firewalls think it’s HTTPS traffic and leave it alone.

If you prefer reliability over security, enable fallback to insecure DNS. If you can’t reach us, we’ll try using your DHCP-assigned or previously configured DNS servers. This is a security risk though.

3. What about DNSSEC? Does this eliminate the need for DNSSEC?
No. DNSCrypt and DNSSEC are complementary. DNSSEC does a number of things. First, it provides authentication. (Is the DNS record I’m getting a response for coming from the owner of the domain name I’m asking about or has it been tampered with?) Second, DNSSEC provides a chain of trust to help establish confidence that the answers you’re getting are verifiable. But unfortunately, DNSSEC doesn’t actually provide encryption for DNS records, even those signed by DNSSEC. Even if everyone in the world used DNSSEC, the need to encrypt all DNS traffic would not go away. Moreover, DNSSEC today represents a near-zero percentage of overall domain names and an increasingly smaller percentage of DNS records each day as the Internet grows.

That said, DNSSEC and DNSCrypt can work perfectly together. They aren’t conflicting in any way. Think of DNSCrypt as a wrapper around all DNS traffic and DNSSEC as a way of signing and providing validation for a subset of those records. There are benefits to DNSSEC that DNSCrypt isn’t trying to address. In fact, we hope DNSSEC adoption grows so that people can have more confidence in the entire DNS infrastructure, not just the link between our customers and OpenDNS.

4. Is this using SSL? What’s the crypto and what’s the design?
We are not using SSL. While we make the analogy that DNSCrypt is like SSL in that it wraps all DNS traffic with encryption the same way SSL wraps all HTTP traffic, it’s not the crypto library being used. We’re using elliptical-curve cryptography, in particular the Curve25519 eliptical (sic) curve. The design goals are similar to those described in the DNSCurve forwarder design…”

You can read more about and / or download DNSCrypt from the DNSCrypt home page.

One thought on “Secure your Web transmissions with this Cloudeight Freeware Pick

  1. Jeannie

    Ok, you got me curious. However I am not computer geek and after starting to read about this you lost me completely. Is this safe to use and if this is encrypted, is the stuff I receive readable to these old eyes of mind? Thanks for the info. JS

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *