DNS Encryption

[thewayne]

DNS, the Domain Name System, is a database lookup that translates a domain name entered into a browser or other program into an IP address. You type www.google.com, DNS does a lookup and finds that Google's IP address is 74.125.227.83. Simplifies things all around.

Usually your default DNS provider is configured by your ISP which looks upstream to heftier DNS servers for their information. You can configure your computer to use any DNS server that you like, but you could be potentially violating terms of service of your ISP or the other server.

The problem is that the DNS lookup process happens in plain text, meaning that you are potentially vulnerable to man-in-the-middle snooping and possible alteration. There have been a lot of effort over the last couple of years to make DNS more secure, including encryption. And now an encrypted DNS system is available!

The DNS service provider OpenDNS is providing encrypted lookups to its DNS servers for Mac clients. A Windows version is promised, and since the source code is available on GitHub, I'm sure a *nix version will be available soon.

http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html

Comments

[silveradept]

Shouldn't be too much longer, especially if the ISPs and the consumers start really getting fed up at the possibility of being sued for something they haven't actually done. Or if the United States decides it wants to go the route of other countries and start having invasive government snooping and Great Firewalls, whether through government action or SOPA.