DNSCrypt and DNSSEC do different things. And they can perfectly work together.
DNSSEC: Communication in clear, but where the retrieved DNS records are signed by the source, allowing the end-user to ensure that the record hasn't been tampered with. Still, though, the DNS requests and responses are sent in clear, allowing ISP or fellow visitors at your wifi-spot to see what DNS-records you're asking for.
DNSCrypt: Encrypted requests from your computer to your DNS resolver server. This hides your requests and their responses from your ISP and from fellow visitors at Starbucks, which stops them from tampering with your replies or even collect statistics about what sites you're dealing with. But, you won't get any proof that OpenDNS didn't change anything in the reply. (However, I think it's ok to trust them, although if they still make "guesses" on typos, then I don't like their services, anyway.)
Personally, I use Google public DNS servers, so I can't enjoy DNSCrypt, yet. But it's a brilliant idea.
Discussion on:
View:
Show:
I've been using OpenDNS for years now. I've also had others use it to secure their environment. Reduce the chances of malware and phishing scams.
DNSCrypt could be interesting.
Note that the website says the DNSCRypt is in a "preview release" mode.
DNSCrypt could be interesting.
Note that the website says the DNSCRypt is in a "preview release" mode.
Interesting: Preview sounds as if they're thinking of including DNSCrypt in their paid package...
As in, when Patrick Lambert says "released", what this really means is "available". I wouldn't even call it beta testing at this point. That is, this is not a release in the software sense of "finished product".
The only thing OpenDNS really charges for is the filtering if you are not a residential user, or if you are a residential user and want a few extras.
DNSCrypt just uses plain old DNS. If you want filtering, you do the account signup thing.
The only thing OpenDNS really charges for is the filtering if you are not a residential user, or if you are a residential user and want a few extras.
DNSCrypt just uses plain old DNS. If you want filtering, you do the account signup thing.
[blockquote]you're basically trusting all your DNS traffic to a third party company. [/blockquote]
You would trust your ISP more? One of the reasons people use OpenDNS, if they aren't using filtering, is because they don't trust the ISP, or the ISP messes with DNS in ways the user does not appreciate. (Including not patching for the Kaminsky flaw even a year after the information was publicly released.)
OpenDNS may not be for everyone, but at least they give you options, they are transparent and reachable, and they are dedicated to internet freedom. If they are bad at serving DNS the way users want, they will fail, unlike ISPs - the market actually does have a check against their business.
You would trust your ISP more? One of the reasons people use OpenDNS, if they aren't using filtering, is because they don't trust the ISP, or the ISP messes with DNS in ways the user does not appreciate. (Including not patching for the Kaminsky flaw even a year after the information was publicly released.)
OpenDNS may not be for everyone, but at least they give you options, they are transparent and reachable, and they are dedicated to internet freedom. If they are bad at serving DNS the way users want, they will fail, unlike ISPs - the market actually does have a check against their business.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
