(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
Currently, I gather that:
- DNS Crypt would need to be installed and running on each client device.
- The routers would need to be configured to use OpenDNS.
- The encryption takes place between the client and the Open DNS node.
- In a chain of Client-->Router-->ISP node-->OpenDNS node, components inbetween the first and last links would thus just see encrypted traffic.
When in use, this technology would presumably defeat/frustrate:
(a) corporate scanning/sniffing of Internet traffic for security access/control purposes.
(b) ISPs statutory obligations to scan/sniff (censor) public Internet traffic (e.g., for the RIAA/MAFIAA).
(c) any other third-party scanning/sniffing of Internet traffic.
As it says in a screenshot above:
This software (v: 0.0.4) encrypts DNS packets
between your computer and OpenDNS. This
prevents man-in-the-middle attacks and snooping
of DNS traffic by ISPs or others.
By the way, a new version of DNS Crypt (v.0.0.5) has now been released (see bottom of screenshot below):Screenshot taken using Alt+PrtSc command in Screenhot Captor.