We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
74,944 News Articles

OpenDNS releases tool to encrypt DNS requests

DNSCrypt will halt ISPs or other interlopers from seeing DNS requests

OpenDNS has released a preview of a tool that will encrypt DNS (Domain Name System) requests between a person's computer and the company's lookup service, potentially blocking malicious interceptions.

DNS requests are a fundamental part of how the Internet works. A DNS lookup translates a domain name into an IP address that can be called into a browser. ISPs provide DNS services to their customers, but OpenDNS runs its own lookup service that it says is speedier and provides better security protections.

As part of the design of the Internet, DNS requests are sent in clear text between a user and their DNS provider, wrote David Ulevitch, the founder and CEO of OpenDNS. That makes the DNS requests vulnerable to interception, such as a man-in-the-middle attack, he wrote.

If that occurred, an attacker could observe what domains are being resolved and in many cases what websites a person is visiting, he wrote.

"It happens all the time on insecure networks at coffee shops and even residences," Ulevitch wrote. "Some ISPs have even been accused of spying on their customers' activity."

The problem of plain-text DNS requests is not addressed by DNS Security Extensions (DNSSEC), a security protocol designed to protect the DNS (Domain Name System), Ulevitch wrote.

DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. The protocol is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website.

As indicated in its name, DNSCrypt encrypts those requests, which means if the traffic is intercepted, the hacker won't be able to see the content. The tool is free but is only for Mac OS X systems. The code is open source.

OpenDNS has a basic free service. The company makes money by showing advertisements alongside search results if someone enters an invalid domain name. It also has a premium services for businesses.

IDG UK Sites

Amazon 3D smartphone release date, price and spec: The hologram phone?

IDG UK Sites

You're never alone with a clone: How the App Store got taken over by copycats

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

Come together to learn: the secrets of the best design talks, conferences and courses