Just installed OpenDNS DNSCrypt for windows. I'm confused by an option that is automatically selected when you install DNSCrypt: "Fall back to insecure DNS"? What exactly is that? By the sound of it sounds like your dns queries are unencrypted. Is it misleading? Yet it says my status is "Protected". Can anyone clarify? Also i assume dns is usually sent with UDP Packets? There is an option "DNSCrypt over TCP / 443 (Slower)" which i assume just means DNS will be sent over SSL which would be sent over SSL but if DNSCrypt actually works and is encrypted why would you need it? For reference: Enable OpenDNS: Checked Enable DNSCrypt: Checked DNS over TCP / 443 (slower): Unchecked Fall back to insecure DNS: Checked Status shows "Protected" --which are all defaults.