Welcome Guest.   Make a donation to an author on the site October 21, 2014, 02:08:45 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2013! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 3 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Encrypted DNS queries via OpenDNS dnscrypt for Windows / linux / BSD / iOS / OSX  (Read 11893 times)
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: March 19, 2012, 07:59:09 PM »

OpenDNS has been working on a new encrypted DNS service for the past 6 months or so. They've kept fairly quiet about it, though it has been mentioned on Slashdot and elsewhere. At first there were only OS X, BSD, and Linux clients available. However, a Windows client is now available for download at their GitHub repository. I am not sure if it is considered 'final' or not. I just noticed it was there, tried it out - and it works Wink.

Why encrypt my DNS queries?

Even if you use HTTPS on every site you visit, your DNS queries are painfully obvious to anyone. Whether it is your ISP, or a local sniffer, if you want privacy, your DNS queries are a glaring hole in it. In some cases, encrypted DNS queries may get you around site blockers/firewalls too (though not all cases).

More at http://thepileof.blogspot...dns-with-windows-via.html  ...
Logged
Renegade
Charter Member
***
Posts: 11,615



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: March 19, 2012, 08:03:10 PM »

Beautiful!

I wonder how long it will be before OpenDNS is designated as a terrorist organization though... Sad

Like, privacy is a clear indicator! They must be in league with... <transmission cut />

Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: March 19, 2012, 08:09:29 PM »

LOL ... the even better news is that soon we'll have this integrated into third-party router firmwares, and maybe even come stock with some router firmwares. That will allow seamless, and painless, integration with your whole network. Myself, I'm in the process of using an older router set up as an experimental encrypted DNS server. I'll send the patch to OpenWrt when I'm done, then we can go from there.

I've been using it for DNS queries on my development PC for a while now, works GREAT.

Whether OpenDNS is declared a terrorist organization, who knows ;p. They have been strangely quiet about all this.
Logged
nosh
Supporting Member
**
Posts: 1,388


View Profile Give some DonationCredits to this forum member
« Reply #3 on: March 19, 2012, 10:21:59 PM »

Quote
Beautiful!

+1, thanks for posting about this!
Logged
Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: March 21, 2012, 03:23:37 PM »

OpenDNS's official announcement of DNSCrypt for Windows was on March 13th:

http://blog.opendns.com/2...ers-dnscrypt-for-windows/

EDIT: They've moved the blog entry here: http://blog.opendns.com/2...ers-dnscrypt-for-windows/
« Last Edit: March 30, 2012, 02:16:44 AM by Deozaan » Logged

40hz
Supporting Member
**
Posts: 10,722



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: March 21, 2012, 04:05:06 PM »

Ok. That looks very good. Just applied. (Liked the quiz. Fun!) Thmbsup
Logged

Don't you see? It's turtles all the way down!
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: March 21, 2012, 08:03:47 PM »

There's no need to apply for it... you can 'just use it'. Yea, they put that beta test application there, but the code is 'up', pre-built for you.
Logged
40hz
Supporting Member
**
Posts: 10,722



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: March 21, 2012, 09:14:30 PM »

@db90h - found it! Thx. smiley
Logged

Don't you see? It's turtles all the way down!
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: March 21, 2012, 10:42:40 PM »

Steve Gibson actually mentioned this, me, and my blog post on this and the mod_status 'vulnerability' on big servers in his last Security Now podcast. Doing what I can to save the Internet, lol ;p.

I noticed OpenDNS has extended capabilities you can turn on or off. You can choose to have it log your DNS queries, so you can see what sites everyone in your household is visiting, for instance.. block sites.. or you can have it not log ANYTHING, and it says it throws away all DNS queries. Of course, I opted for the latter, for privacy. That said, I'm not too concerned about anyone knowing what sites I visit, but I still like my privacy. At least this way you've got your DNS separate from your ISP or Google, and encrypted to protect from Sniffers. For these features you must sign up for an account, which also offers a DNS client to update your dynamic IP address at home (so it can track you if your IP address changes).

Don't bother signing up at all (even for their normal service) and you're probably most private, as their DNS servers (plaintext and encrypted) are open no matter what.
Logged
IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: March 28, 2012, 04:30:38 PM »

Cross-posted to this thread. SORRY! - and thanks for pointing it out to @Deozan.
OpenDNS's latest newsletter makes a call for application ß-testers:
Quote
DNSCrypt for Windows: After weeks of searching for the perfect candidate to build DNSCrypt for Windows, our own Senior Software Engineer Geoff Townsend took on the challenge. In a matter of days he had the client ready and we recently announced a call-for-beta-testers-dnscrypt-for-windows/]call for beta testers[/u]! It won't be long before everyone can use the revolutionary DNSCrypt. Stay tuned here for updates on the full release.

The link takes you to an OpenDNS blog entry that has an application form (the form uses Google docs forms).

I had been skeptical that this would occur, but maybe I misjudged the thing:
The OpenDNS experiment to offer PC-to-DNS node encryption - added to existing node-to-node encryption, and currently only available in ß on Mac, not Windows - must be scaring the pants off the Establishment. Anarchy must not be tolerated. Regulation will be necessitated.
This OpenDNS venture could be quietly shut down as it "Didn't work very well", or something. Or maybe the encryption keys will be stored by a government department - same difference.
Anyway, here's hoping.

DNSCrypt sure looks useful. FYI there's already another thread with some discussion about this:
http://www.donationcoder....m/index.php?topic=30362.0
Ah! Thanks for that @Deozan - I knew it had been discussed, but I had not read the rest of the thread where you provide the link.
Nor was I aware that - from the thread you link to - you could already get your hands on the ß Windows code, without being an offcial ß tester.
I shall cross-post this to the link you give.

So, this thread can be closed.
But I can't find the code at at the link given by @Deozan - http://blog.opendns.com/2012/03/13/call-for-beta-testers-dnscrypt-for-windows/
 - it says "Sorry, the page you tried was not found.", so it must have been taken down.

Could someone send me a link to a copy of the file please?
(Thanks.)
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: March 28, 2012, 04:46:09 PM »

How does this actually work then?

So you use OpenDNS-Secure to look up a website IP but when you visit the website the IP address you are going to is still clear??? Surely anyone who wants to can just do a reverse look up to find where you were going (or if is is your ISP reporting back to Big Brother lust look up the IP at their own DNS server!!!)

Am I missing the point?

Or is OpenDNS acting as an Anonymizer type service and all the traffic goes through there server so your ISP only sees you going to OpenDNS ???

Can someone explain?
Logged

db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: March 29, 2012, 05:31:46 AM »

So you use OpenDNS-Secure to look up a website IP but when you visit the website the IP address you are going to is still clear??? Surely anyone who wants to can just do a reverse look up to find where you were going (or if is is your ISP reporting back to Big Brother lust look up the IP at their own DNS server!!!)

Short of using an SSH Tunnel, the IP address would remain clear.

MOSTLY, the biggest deal is that DNS queries is a method that ISPs and corporations can easily use to track (or block) your behavior. Now, that easy mechanism isn't so easy.
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #12 on: March 29, 2012, 06:29:50 AM »

So because the DNS lookup is taken away from the ISP it makes it harder for them to block your surfing because they would have block IP addresses rather than block access to the domain name? Is that the point?

Surely ISPs that want to block sites can just use their own DNS server to setup IP blocking so it won't make it any easier to get to blocked sites - or are we relying on ISPs to be lazy?
Logged

Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: March 30, 2012, 02:11:30 AM »

But I can't find the code at at the link given by @Deozan - http://blog.opendns.com/2012/03/13/call-for-beta-testers-dnscrypt-for-windows/
 - it says "Sorry, the page you tried was not found.", so it must have been taken down.

Could someone send me a link to a copy of the file please?
(Thanks.)

Strange. They moved it to the 19th instead of the 13th.

http://blog.opendns.com/2...ers-dnscrypt-for-windows/

But that just has a form to fill out to apply to be a beta tester. If you just want the files, read db90h's guide. It has lots of information.

And just to make it easy, here's a direct link to the DNSCrypt download page: https://github.com/opendn.../dnscrypt-proxy/downloads
Logged

IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #14 on: March 30, 2012, 02:42:38 AM »

...They moved it to the 19th instead of the 13th....
...And just to make it easy, here's a direct link to the DNSCrypt download page: https://github.com/opendn.../dnscrypt-proxy/downloads
Thanks for the link. After posing the Q, I then did some fossicking about, and had already found the github page and downloaded the file.
I don't understand why they moved the post.
Logged
Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: March 30, 2012, 03:13:49 AM »

I don't understand why they moved the post.

My guess (and this is only a guess!) is that they started writing it as a draft on the 13th and didn't actually make it public until the 19th. But it was published under the original creation date, which made it hidden as "old news." So they re-posted it to the 19th as "new news."

That's the best I can come up with.
Logged

IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #16 on: March 30, 2012, 03:46:19 AM »

OIC. Thank goodness! It's not the Spanish Inquisition then.
Logged
IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #17 on: May 16, 2012, 04:24:40 AM »

OpenDNS Unveils DNSCrypt for Windows
Quote
Version 0.0.4 Official Beta Release
Updated: Wed, 9 May 2012
Official release of DNSCrypt for Windows.
I downloaded and installed it.
It installs a treat (no problems). (Small file that achieves so much.)
Here's the GUI - very simple:


« Last Edit: May 16, 2012, 07:52:50 PM by IainB; Reason: Modified screenshot. » Logged
Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: May 16, 2012, 04:28:18 AM »

The GUI sure makes it a lot easier to use. Thmbsup
Logged

IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #19 on: May 16, 2012, 04:32:21 AM »

The GUI sure makes it a lot easier to use. Thmbsup
Sure does. Installing it and using it is simplicity itself.     Thmbsup
That's how it should be too, IMHO.
Logged
Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #20 on: May 16, 2012, 09:48:48 PM »

I noticed one big problem with DNSCrypt: When I restart my computer, it requires admin permissions via UAC before it will run. This means that if I'm not there to click OK and grant permissions, then my computer can't connect to the internet.
Logged

IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #21 on: May 17, 2012, 12:12:11 AM »

I noticed one big problem with DNSCrypt: When I restart my computer, it requires admin permissions via UAC before it will run. This means that if I'm not there to click OK and grant permissions, then my computer can't connect to the internet.
That's odd. Doesn't seem to happen on a PC with Win7-64bit Home Premium. Seems to be completely transparent.
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #22 on: May 17, 2012, 03:44:51 AM »

It does on mine too - but then it doesn't seem to start with Windows without me putting the shortcut into the Startup folder.

Workaround is to add a scheduled task to start it on login and set the task permissions to administrator.
Logged

Deozaan
Charter Member
***
Posts: 6,415



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: May 17, 2012, 06:01:37 AM »

It does on mine too - but then it doesn't seem to start with Windows without me putting the shortcut into the Startup folder.

I guess I checked the box for "Start DNSScrypt when Windows starts" or something similar? It's in the Startup folder for me, and I know I didn't put it there after installation.
Logged

IainB
Supporting Member
**
Posts: 4,789


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #24 on: May 17, 2012, 06:20:15 AM »

I guess I checked the box for "Start DNSScrypt when Windows starts" or something similar? It's in the Startup folder for me, and I know I didn't put it there after installation.
Ah, that might explain why others didn't get DNS Crypt starting on reboot/startup - they maybe hadn't ticked that option.
I didn't think to ask that question, having assumed that people would have ticked that option on install.
That's actually something to give feedback on to OpenDNS about DNS Crypt. It would be good if it were an option shown in the GUI under "General" (say).
There are two parts that need to be started - one is a Service, and the other is a client process.
(You also have to have configured your router for OpenDNS too, of course.)
Logged
Pages: [1] 2 3 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.048s | Server load: 0.07 ]