DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security.
DNSCrypt works by encrypting all DNS traffic between the user and OpenDNS, preventing any spoofing, spying, or man-in-the-middle attacks.
Encrypting DNS traffic protects against two important threats:
· prevents man-in-the-middle attacks which can cause malicious DNS responses to be used to trick you into visiting a dangerous website or send traffic to an unintended third party.
· prevents snooping by your ISP or any other intermediary who might want to sniff your DNS traffic to see what domains you are resolving.
When using a public hotspot, an untrusted network, or generally any Internet connection you don't control, it's wise to use DNSCrypt to protect your DNS traffic from tampering and snooping.
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
It doesn't require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers.
· The service is not configured to maintain state between reboots, it will default to off. That is only for early releases. Eventually we will have it maintain state between reboots.
· If you have a firewall or other middleware mangling your packets, try enabling DNSCrypt with TCP over port 443.
· If you prefer reliability over security, enable fallback to insecure DNS.
What's New in This Release: [ read full changelog ]
· dnscrypt-proxy has been updated to 1.1.0-final.
· The uninstaller is now bundled with the preference pane.
· Static default DNS resolvers can now be used instead of having them provided by a DHCP server.
· Advanced parental controls.
· Logging: outgoing queries can now be logged and displayed in real time.
· OpenDNS networks settings lock-in: use your own network settings no matter what actual network you are connected to. Now, you can stay protected from botnets, malware, phishing, and block unwanted content, even when using public Wi-Fi hotspots.
· IP-based blocking: DNS responses containing IP addresses present in a user-defined set of addresses can be blocked.
· Pattern-based name blocking: block domain names matching suffixes, prefixes and substrings.
· A list of exceptions that should bypass DNSCrypt and be resolved by a local server can be now specified.