ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Encrypted DNS queries via OpenDNS dnscrypt for Windows / linux / BSD / iOS / OSX

<< < (6/11) > >>

Stoic Joker:
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.

IainB:
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
-Stoic Joker (May 17, 2012, 06:29 AM)
--- End quote ---
Currently, I gather that:

* DNS Crypt would need to be installed and running on each client device.
* The routers would need to be configured to use OpenDNS.
* The encryption takes place between the client and the Open DNS node.
* In a chain of Client-->Router-->ISP node-->OpenDNS node, components inbetween the first and last links would thus just see encrypted traffic.When in use, this technology would presumably defeat/frustrate:
(a) corporate scanning/sniffing of Internet traffic for security access/control purposes.
(b) ISPs statutory obligations to scan/sniff (censor) public Internet traffic (e.g., for the RIAA/MAFIAA).
(c) any other third-party scanning/sniffing of Internet traffic.

Bother.

As it says in a screenshot above:
This software (v: 0.0.4) encrypts DNS packets
between your computer and OpenDNS. This
prevents man-in-the-middle attacks and snooping
of DNS traffic by ISPs or others.

--- End quote ---

By the way, a new version of DNS Crypt (v.0.0.5) has now been released (see bottom of screenshot below):


Screenshot taken using Alt+PrtSc command in Screenhot Captor.    :Thmbsup:

Deozaan:
Screenshot taken using Alt+PrtSc command in Screenhot Captor.    :Thmbsup:
-IainB (May 18, 2012, 04:10 PM)
--- End quote ---

If you like Alt+PrintScreen you should try Ctrl+PrintScreen. :Thmbsup:

Stoic Joker:
(Lacking the time to check) I'm wondering how well (/if) this would work inside a (DNS dependent) domain environment.
-Stoic Joker (May 17, 2012, 06:29 AM)
--- End quote ---
Currently, I gather that:

* DNS Crypt would need to be installed and running on each client device.
* The routers would need to be configured to use OpenDNS.
* The encryption takes place between the client and the Open DNS node.
* In a chain of Client-->Router-->ISP node-->OpenDNS node, components inbetween the first and last links would thus just see encrypted traffic.-IainB (May 18, 2012, 04:10 PM)
--- End quote ---

Right, therein lying the problem. In a domain, DNS must be handled only by the internal domains DNS server (usually the DC in small shops). Which makes the question: Will the DNS Crypt ("client") software play nice with the MS DNS server service, and only encrypt the forwarded (external domain) requests?

IainB:
Probably worth repeating this as it might not be obvious to everyone:
I noticed OpenDNS has extended capabilities you can turn on or off...etc.
-db90h (March 21, 2012, 10:42 PM)
--- End quote ---
Useful implications/points in @db90h's post:

Option #1: If you want to:

* (a) have your DNS separate from your ISP or Google, and encrypted to protect from Sniffers.
* (b) remain at your most private.- then:

* use OpenDNS (configured in your router).
* install/run DNS Crypt on your client device (PC/laptop).
Option #2: If you also want to take advantage of other aspects of the OpenDNS service, then:

* Sign up for an account (no charge for this or subsequently).
* You can then choose to either have it log all your DNS queries, so you can see what sites everyone in your household is visiting (for instance, if you want to block some sites). For these features you have to sign up for the account, which also offers a DNS client (you install it on your PC) to update your dynamic IP address at home (so it can track you as your IP address dynamically changes).
* OR you can have it not log anything (no record of DNS queries is thus maintained).So, don't bother signing up at all (even for their normal service per Option #1) and you're probably most private, as their DNS servers (plaintext and encrypted) are open no matter what.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version