OpenDNS dnscrypt now available for Windows

You would need to capture at the router, or at a hub between your computer and the router (which works as a tap). Although consumer routers typically don't capture packets, some can be flashed with OpenWRT or other firmware that can do that. For the hub approach, your best bet is an old 10Mbps hub. Modern switches (sometimes called hubs) won't work. See -http://wiki.wireshark.org/HubReference for details.

 

mirimir

Your advice greatly appreciated. Will read the link re: hubs.

Thanks to all at wilders for the effort to educate about security. Longtime reader.

Fyi, KIS now updates using dnscrypt - after new user profile and KIS reinstall. Prob was w/ my comp not KIS or dnscrypt.

 

Is anyone else noticing a slow down whist connected thru DNScrypt ?

 

DNSCrypt has nothing to do with your internet speed, you'll have to elaborate on what is "slowing down" for you, e.g. youtube videos, general downloads or DNS lookups themselves.

 

Lookups just seem generally slower, obviously cached items are the same,
I always use a VPN so I figure the "benefit" of 'crypted DNS is negligible although I do follow the more the merrier approach when it comes to security/privacy so would like to utilize further encryption. I know DNScrypt shouldnt affect my speeds hence my post, I was wondering if it was possibly due to this still been in beta.
Any advice appreciated

 

DNSCrypt will definitely increase lookup time due to the addition of encryption, so more data will need to be transmitted to make the DNS request. However, I can't imagine this being much more than a few KBs. Noticing a significant slowdown is somewhat worrying, maybe it's more to do with the fact it it's a proxy and is conflicting with something on your system?

 

I started a post about DNS some of you may or may not of seen;

https://www.wilderssecurity.com/showthread.php?t=317807

I really looked into OpenDNS and the company behind this, along with many other experts in the field, and everyone said the same thing;

With OpenDNS we don't know the motives here and it's a proprietary system in many ways that you don't know what's going on with behind your backs.

Certainly OpenDNS has a name and looks big and reputable, but in all honesty I'd keep away...

A lot of the DNS professionals I spoke with told me, Dnssec-trigger is a better safer way to go about this;

http://nlnetlabs.nl/projects/dnssec-trigger/

Dnssec-trigger is in a newer state of development, but it's better looking at the moment and more promising, this is really where people should put their support into this project!

 

Being proprietary and/or trying to make money off of a product is not a bad thing.

 

Thanks for that link! Sounds quite interesting. I'm going to take a more in-depth look at it.

 

But the source code of DNSCrypt is available here, at least ...

Thanks, I will look into this.

 

Can you say more specifically what the concerns are? Do you have those same concerns for other alternate DNS services, such as Google DNS and Norton DNS?

 

Just in case that it hasn't been mentioned yet: dnscrypt-proxy should work not only with OpenDNS but also with other DNS providers according to this site:

Haven't tried that yet, though.

 

Sweet finally a GUI

 

I don't know what concerns there are. I'm pretty sure at least part of this is open source... and just because someone sells something does not mean it's bad. Even if it were closed source I don't see a huge issue.

 

When I have an OpenVPN connection (use AirVPN) in Windows XP, with a default installation of OpenVPN and Windows, will it be my ISP or the VPN provided resolving my DNS requests?

Is there any advantage to using DNSCrypt alongside a VPN? Would that hide anything additional from my ISP?

Are there any decent alternatives to OpenDNS servers that are more private? (in Eurpoean counties?)

 

New beta 0.0.5 is available. Release notes are not available yet in the client.

Update: 0.0.5 is supposed to reduce cpu usage and deal with the UAC prompt. I can confirm cpu usage is down, but I still need to reboot to check if the UAC prompt issue is fixed

Update 2: Windows 7 is still throwing a UAC prompt when DNScrypt loads during boot.