We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

OpenDNS releases tool to encrypt DNS requests

DNSCrypt will halt ISPs or other interlopers from seeing DNS requests

OpenDNS has released a preview of a tool that will encrypt DNS (Domain Name System) requests between a person's computer and the company's lookup service, potentially blocking malicious interceptions.

DNS requests are a fundamental part of how the Internet works. A DNS lookup translates a domain name into an IP address that can be called into a browser. ISPs provide DNS services to their customers, but OpenDNS runs its own lookup service that it says is speedier and provides better security protections.

As part of the design of the Internet, DNS requests are sent in clear text between a user and their DNS provider, wrote David Ulevitch, the founder and CEO of OpenDNS. That makes the DNS requests vulnerable to interception, such as a man-in-the-middle attack, he wrote.

If that occurred, an attacker could observe what domains are being resolved and in many cases what websites a person is visiting, he wrote.

"It happens all the time on insecure networks at coffee shops and even residences," Ulevitch wrote. "Some ISPs have even been accused of spying on their customers' activity."

The problem of plain-text DNS requests is not addressed by DNS Security Extensions (DNSSEC), a security protocol designed to protect the DNS (Domain Name System), Ulevitch wrote.

DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. The protocol is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website.

As indicated in its name, DNSCrypt encrypts those requests, which means if the traffic is intercepted, the hacker won't be able to see the content. The tool is free but is only for Mac OS X systems. The code is open source.

OpenDNS has a basic free service. The company makes money by showing advertisements alongside search results if someone enters an invalid domain name. It also has a premium services for businesses.


IDG UK Sites

How to get a gold Apple Watch for £329: Save £7,500+ with this cool upgrade kit

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Don't Hug Me I'm Scared 4 is another disturbing sequel to Becky & Joe's YouTube hit

IDG UK Sites

History of Apple: how Apple came to lead the tech industry