Welcome Guest.   Make a donation to an author on the site May 23, 2013, 09:12:11 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
+  DonationCoder.com Forum
|-+  Main Area and Open Discussion
| |-+  Living Room
| | |-+  Encrypted DNS queries via OpenDNS dnscrypt for Windows / linux / BSD / iOS / OSX
Pages: Prev 1 [2]   Go Down
« previous next »
  Reply  |  New Topic  |  Print  
Author Topic: Encrypted DNS queries via OpenDNS dnscrypt for Windows / linux / BSD / iOS / OSX  (Read 5508 times)
Stoic Joker
Honorary Member
**
Posts: 3,980



View Profile WWW Give some DonationCredits to this forum member
« Reply #25 on: May 17, 2012, 06:29:25 AM »
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
Logged
IainB
Supporting Member
**
Posts: 3,161


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #26 on: May 18, 2012, 04:10:47 PM »
Quote from: Stoic Joker on May 17, 2012, 06:29:25 AM
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
Currently, I gather that:
  • DNS Crypt would need to be installed and running on each client device.
  • The routers would need to be configured to use OpenDNS.
  • The encryption takes place between the client and the Open DNS node.
  • In a chain of Client-->Router-->ISP node-->OpenDNS node, components inbetween the first and last links would thus just see encrypted traffic.
When in use, this technology would presumably defeat/frustrate:
(a) corporate scanning/sniffing of Internet traffic for security access/control purposes.
(b) ISPs statutory obligations to scan/sniff (censor) public Internet traffic (e.g., for the RIAA/MAFIAA).
(c) any other third-party scanning/sniffing of Internet traffic.

Bother.

As it says in a screenshot above:
Quote
This software (v: 0.0.4) encrypts DNS packets
between your computer and OpenDNS. This
prevents man-in-the-middle attacks and snooping
of DNS traffic by ISPs or others.

By the way, a new version of DNS Crypt (v.0.0.5) has now been released (see bottom of screenshot below):


Screenshot taken using Alt+PrtSc command in Screenhot Captor.    Thmbsup
« Last Edit: May 18, 2012, 04:29:23 PM by IainB; Reason: Minor edits. » Logged
Deozaan
Charter Member
***
Posts: 5,667



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #27 on: May 18, 2012, 04:43:27 PM »
Quote from: IainB on May 18, 2012, 04:10:47 PM
Screenshot taken using Alt+PrtSc command in Screenhot Captor.    Thmbsup

If you like Alt+PrintScreen you should try Ctrl+PrintScreen. Thmbsup
Logged


[ may-june 2013 ad experiment; click here to learn more about donationcoder.com ]

Stoic Joker
Honorary Member
**
Posts: 3,980



View Profile WWW Give some DonationCredits to this forum member
« Reply #28 on: May 18, 2012, 05:04:10 PM »
Quote from: IainB on May 18, 2012, 04:10:47 PM
Quote from: Stoic Joker on May 17, 2012, 06:29:25 AM
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
Currently, I gather that:
  • DNS Crypt would need to be installed and running on each client device.
  • The routers would need to be configured to use OpenDNS.
  • The encryption takes place between the client and the Open DNS node.
  • In a chain of Client-->Router-->ISP node-->OpenDNS node, components inbetween the first and last links would thus just see encrypted traffic.

Right, therein lying the problem. In a domain, DNS must be handled only by the internal domains DNS server (usually the DC in small shops). Which makes the question: Will the DNS Crypt ("client") software play nice with the MS DNS server service, and only encrypt the forwarded (external domain) requests?
Logged
IainB
Supporting Member
**
Posts: 3,161


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #29 on: May 18, 2012, 06:22:50 PM »
Probably worth repeating this as it might not be obvious to everyone:
Quote from: db90h on March 21, 2012, 10:42:40 PM
I noticed OpenDNS has extended capabilities you can turn on or off...etc.
Useful implications/points in @db90h's post:

Option #1: If you want to:
  • (a) have your DNS separate from your ISP or Google, and encrypted to protect from Sniffers.
  • (b) remain at your most private.
- then:
  • use OpenDNS (configured in your router).
  • install/run DNS Crypt on your client device (PC/laptop).

Option #2: If you also want to take advantage of other aspects of the OpenDNS service, then:
  • Sign up for an account (no charge for this or subsequently).
  • You can then choose to either have it log all your DNS queries, so you can see what sites everyone in your household is visiting (for instance, if you want to block some sites). For these features you have to sign up for the account, which also offers a DNS client (you install it on your PC) to update your dynamic IP address at home (so it can track you as your IP address dynamically changes).
  • OR you can have it not log anything (no record of DNS queries is thus maintained).
So, don't bother signing up at all (even for their normal service per Option #1) and you're probably most private, as their DNS servers (plaintext and encrypted) are open no matter what.
« Last Edit: May 18, 2012, 06:29:32 PM by IainB; Reason: Minor corrections. » Logged
IainB
Supporting Member
**
Posts: 3,161


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #30 on: May 18, 2012, 06:24:26 PM »
Quote from: Stoic Joker on May 18, 2012, 05:04:10 PM
Will the DNS Crypt ("client") software play nice with the MS DNS server service, and only encrypt the forwarded (external domain) requests?
Suck-it-and-see?
Logged
Stoic Joker
Honorary Member
**
Posts: 3,980



View Profile WWW Give some DonationCredits to this forum member
« Reply #31 on: May 18, 2012, 07:58:06 PM »
Quote from: IainB on May 18, 2012, 06:24:26 PM
Quote from: Stoic Joker on May 18, 2012, 05:04:10 PM
Will the DNS Crypt ("client") software play nice with the MS DNS server service, and only encrypt the forwarded (external domain) requests?
Suck-it-and-see?

Time is a factor - Between work and some recent family issues I have none - I was hoping someone else had taken a crack at it. I can't risk knocking my lab offline right now. *Sigh*

(on a brighter note...) The OpenDNS account UI is quite nice. I've been using it successfully for a few years to manage web filtering for client networks. Between UAC, MSE, & OpenDNS the bugg problem is pretty much licked.
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,814



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #32 on: May 19, 2012, 04:31:26 PM »
I have DNS Crypt running permanently and haven't noticed any web addresses that don't resolve properly - as far as I can tell it is totally transparent.
Logged
Things I like to do ... PlayOutdoors.co.uk ... Lairdswood.com ... and I support FGVI - Charity helping Visually Impaired Children in the Gambia
Pages: Prev 1 [2]   Go Up
  Reply  |  New Topic  |  Print  
« previous next »



[ may-june 2013 ad experiment; click here to learn more about donationcoder.com ]


 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.043s | Server load: 0.18 ]