We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

OpenDNS releases tool to encrypt DNS requests

DNSCrypt will halt ISPs or other interlopers from seeing DNS requests

OpenDNS has released a preview of a tool that will encrypt DNS (Domain Name System) requests between a person's computer and the company's lookup service, potentially blocking malicious interceptions.

DNS requests are a fundamental part of how the Internet works. A DNS lookup translates a domain name into an IP address that can be called into a browser. ISPs provide DNS services to their customers, but OpenDNS runs its own lookup service that it says is speedier and provides better security protections.

As part of the design of the Internet, DNS requests are sent in clear text between a user and their DNS provider, wrote David Ulevitch, the founder and CEO of OpenDNS. That makes the DNS requests vulnerable to interception, such as a man-in-the-middle attack, he wrote.

If that occurred, an attacker could observe what domains are being resolved and in many cases what websites a person is visiting, he wrote.

"It happens all the time on insecure networks at coffee shops and even residences," Ulevitch wrote. "Some ISPs have even been accused of spying on their customers' activity."

The problem of plain-text DNS requests is not addressed by DNS Security Extensions (DNSSEC), a security protocol designed to protect the DNS (Domain Name System), Ulevitch wrote.

DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. The protocol is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website.

As indicated in its name, DNSCrypt encrypts those requests, which means if the traffic is intercepted, the hacker won't be able to see the content. The tool is free but is only for Mac OS X systems. The code is open source.

OpenDNS has a basic free service. The company makes money by showing advertisements alongside search results if someone enters an invalid domain name. It also has a premium services for businesses.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...