DNSCrypt for Windows official release

[funkydude]

Quote:

The effect of DNSCrypt is immediate and adds significant privacy and security to your Internet connection, particularly when you’re accessing the Internet on a public WiFi network at a place like a coffee shop or airport. Today DNSCrypt is used by more than 10,000 people.

https://blog.opendns.com/2012/05/08/...s-has-arrived/

Download: https://www.opendns.com/technology/dnscrypt/

[funkydude]

It actually has a GUI now, far more user friendly It appears to install as a service.

This should be viable enough for installing on other PCs I reckon, will see how it goes.

[Victek123]

Quote:

Originally Posted by funkydude

It actually has a GUI now, far more user friendly It appears to install as a service.

Yes, simple GUI and very easy install. It changes the adapter DNS to the local host IP - 127.0.0.1 - to redirect requests. I'm surprised that Comodo Firewall didn't pop a warning. Fortunately Webroot Secure Anywhere did.

[ratchet]

Ive had my router DNS settings set for their servers for years. Should I install this prog or leave things alone?

[Victek123]

Quote:

Originally Posted by ratchet

Ive had my router DNS settings set for their servers for years. Should I install this prog or leave things alone?

FunkyDude meant to say "DNScrypt" which is a new service offered by OpenDNS. Look here:

http://www.wilderssecurity.com/showt...light=dnscrypt

[learningcurve]

Thanks for posting this info, funkydude.

Been using the windows beta with no problems and just downloaded the new release.

[funkydude]

Quote:

Originally Posted by Victek123

FunkyDude meant to say "DNScrypt"

Yup, sorry Asked a mod to fix it.

[Victek123]

Quote:

Originally Posted by funkydude

Yup, sorry Asked a mod to fix it.

Fixed! (also moved to the Privacy Technology forum )

I'm running the new DNScrypt windows client on two computers now. So far it has been flawless - no slowdowns or other anomalies. I'm not seeing any downside. It's a good addition to online security AFAICT.

Note: I'm getting a UAC prompt during bootup in Windows 7x64 with UAC set to Max (Always Notify). Is there a way to configure this so it doesn't trigger a prompt?

[funkydude]

Quote:

Originally Posted by Victek123

Note: I'm getting a UAC prompt during bootup in Windows 7x64 with UAC set to Max (Always Notify). Is there a way to configure this so it doesn't trigger a prompt?

That's one of the few issues I've noticed, I made a post about it on their forums.

[travelerRoute80]

Quote:

Originally Posted by funkydude

It actually has a GUI now, far more user friendly It appears to install as a service.

This should be viable enough for installing on other PCs I reckon, will see how it goes.

Do you have a screenshot ?

[Victek123]

Quote:

Originally Posted by travelerRoute80

Do you have a screenshot ?

Here's the main window:



This screen is of the Mac version, but the Windows version is essentially the same.

[klarm]

guys. I still don't get this fully.
I've been using OpenDNS for a while. I understand the need/usage of OpenDNS and DNSCrypt but I don't get it how to properly utilize it.

I have my home router set-up manually on OpenDNS so if I understand correctly I now only need to install DNSCrypt client on all the machines on this network and enable 2 options inside?
Are there some additional setting in OS (winXP and Win7) / each machine I need to set-up?

and can you please point me into direction how to fully understand what is DNSSEC and how to implement it?

thanks.

[Victek123]

Quote:

Originally Posted by klarm

guys. I still don't get this fully.
I've been using OpenDNS for a while. I understand the need/usage of OpenDNS and DNSCrypt but I don't get it how to properly utilize it.

I have my home router set-up manually on OpenDNS so if I understand correctly I now only need to install DNSCrypt client on all the machines on this network and enable 2 options inside?
Are there some additional setting in OS (winXP and Win7) / each machine I need to set-up?

When you install the DNScrypt client it uses OpenDNS by default (note the check in the box in the UI). I don't believe it's necessary to set OpenDNS servers in the router, but since you've already done it it shouldn't hurt. In the network adapter IPv4 DNS server settings any previous entries are replaced with 127.0.0.1 to redirect DNS requests to the DNScrypt service. In other words you install the client and you're done

Quote:

Originally Posted by klarm

and can you please point me into direction how to fully understand what is DNSSEC and how to implement it?

thanks.

You and me both. From what I've read there is already some support for DNSSEC in Windows 7, but I don't know what, if anything, needs to be done at this point to take advantage of it in our client OS's.

[klarm]

Quote:

Originally Posted by Victek123

When you install the DNScrypt client it uses OpenDNS by default (note the check in the box in the UI). I don't believe it's necessary to set OpenDNS servers in the router, but since you've already done it it shouldn't hurt. In the network adapter IPv4 DNS server settings any previous entries are replaced with 127.0.0.1 to redirect DNS requests to the DNScrypt service. In other words you install the client and you're done



You and me both. From what I've read there is already some support for DNSSEC in Windows 7, but I don't know what, if anything, needs to be done at this point to take advantage of it.

thank you for info.

[Keller]

Am I right in thinking that, when one connects to a VPN, making that initial connection requires a DNS request? After this - that is, once connected to a VPN - all DNS requests should be resolved over the VPN.

If this is correct, then is it also correct to say that DNSCrypt would be useful even for VPN users, to encrypt that initial DNS request that is made when connecting to a VPN?

[TyRidian]

I am thinking about using this, what is your opinion on this vs. Comodo Secure DNS?

[kupo]

Quote:

Originally Posted by RADEON0101

I am thinking about using this, what is your opinion on this vs. Comodo Secure DNS?

In terms of protection (malware sites, phishing, etc), just compare OpenDNS and Comodo Secure DNS. What DNSCrypt does is encrypt the connection between OpenDNS and you, preventing DNS poisoning. Currently, only OpenDNS is supported. It's up to other providers if they want to add support to this.
So, you really can't compare Comodo Secure DNS with this tool

[tlu]

Quote:

Originally Posted by skudo12

Currently, only OpenDNS is supported.

No, it seems that it works also with other DNS providers.

[Victek123]

Quote:

Originally Posted by Keller

Am I right in thinking that, when one connects to a VPN, making that initial connection requires a DNS request? After this - that is, once connected to a VPN - all DNS requests should be resolved over the VPN.

If this is correct, then is it also correct to say that DNSCrypt would be useful even for VPN users, to encrypt that initial DNS request that is made when connecting to a VPN?

That sounds right and would be desirable for the stealthy among us Actually I think DNScrypt is not made redundant by a VPN, because although the DNS requests are hidden (along with all the other traffic) by the VPN encryption between one's PC and the VPN provider the requests themselves would be made in the clear by the provider unless the provider was also encrypting DNS. Can anyone comment/confirm?

By the way, are others noticing that the DNScrypt client uses a fair bit of CPU? I'm hoping they can lighten it up going forward.

[funkydude]

Quote:

Originally Posted by Victek123

By the way, are others noticing that the DNScrypt client uses a fair bit of CPU? I'm hoping they can lighten it up going forward.

Nope, 0% here. It will probably depend on how many queries your machine is sending.

Quote:

Originally Posted by Keller

Am I right in thinking that, when one connects to a VPN, making that initial connection requires a DNS request? After this - that is, once connected to a VPN - all DNS requests should be resolved over the VPN.

Not if you connect to the VPN via an IP instead of a name.

[TyRidian]

I don't know what you guys consider light, but I find DNSCrypt to be a bit heavy on memory consumption. I don't want to get rid of it, because it is extremely beneficial to have. I just find it a bit heavy for my tastes.

[popcorn]

This is working well for me, however I prefer to use either openNIC DNS or the privacy foundations DNS servers.
Is there away to configure your own DNS thru DNScrypt ?
What are peoples opinion on OpenDNS as a provider when it comes to privacy ?

[funkydude]

Quote:

Originally Posted by funkydude

Nope, 0% here. It will probably depend on how many queries your machine is sending.

I take it back, I've seen it use an entire core at one point. No idea what's happening but the funny part is I preferred the alpha version, no issues with it at all just wasn't "user friendly".

[Hungry Man]

I haven't noticed any significant CPU increases. I'm surprised anyone is, must be a bug since I can't imagine this would take very much time at all.

[nuphorce]

What is the advantage of using DNSCrypt? If I connect directly to the Internet will it stop the ISP knowing what sites I am requesting?

If I use a DNSCrypt and a VPN will it stop my ISP seeing what VPN server I am connecting to?