Note: DNSCrypt has been discontinued. Please see this article for alternative suggestions.
Encrypted DNS adds another layer of privacy and security to your Internet connection, especially if you’re worried about DNS leaks. Here’s how to configure encrypted DNS using DNSCrypt.
Your computer uses DNS queries to figure out the IP addresses of the servers that host the websites or other services you connect to. By default, DNS requests probably go to a DNS server hosted by your ISP. Anyone who can see your DNS requests — either by looking at the logs of your DNS server, or by eavesdropping on your Internet traffic — knows which sites you’re visiting.
Changing to a secure, third-party DNS service (click here for a list of free public DNS servers) can help add some security to your browsing. But even then, you’re not protected against eavesdroppers on the network.
Nor does using a VPN to encrypt your Internet traffic solve DNS privacy issues. That’s because VPNs can be subject to DNS “leaks,” which mean your browser doesn’t send DNS queries through encrypted channels even if the rest of your connection is encrypted.
DNSCrypt solves these problems. As the folks at OpenDNS promise, “In the same way th[at] SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.”
In other words, with DNSCrypt, even people who can intercept your DNS requests can’t read them, because they are encrypted. At the same time, the tool makes it much more difficult for a man-in-the-middle to pose as a legitimate DNS server in order to read your traffic.
Installing DNSCrypt varies depending on your operating system, but links to detailed instructions exist on the tool’s website. It supports virtually every operating system you can think of — including Android and iOS for mobile devices — and because DNS resolution is handled at the operating system level, DNSCrypt will work no matter which Web browser or other app you use to get online.
You may need to change your operating system’s default DNS server after installing DNSCrypt, if the installer doesn’t do it for you. For instructions on making this change under Windows, Mac OS X and Linux, click here.