OpenDNS is a popular DNS provider used widely both in the server as in home desktop, one of the feature they provide to their customer is DNSCrypt, a security enhancement that should add protection against all DNS based attacks, such as cache poisoning.
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between OpenDNS customers and their DNS servers. The software is released as open source on GitHub.
At the moment this solution only works in conjunction with OpenDNS, which means that you need to change your computer’s DNS provider to OpenDNS to make use of the this security feature, that’s their business after all.
Let’s see in detail how to use it on Linux. Continue reading »