Jump to content

How to Encrypt Your DNS for More Secure Browsing


Batu69

Recommended Posts

DNSCrypt-0.jpg

We’ve been touting the benefits of third-party DNS servers for a while now, but one additional benefit that might be of interest is the ability to encrypt all of your DNS requests, further protecting you from anybody spying on you in the middle.

DNSCrypt, from the great team at OpenDNS, is the simple solution that we’ll use to add encryption between your computer and the DNS server. It’s a lightweight solution that works on either Windows or Mac — sadly no mobile support so far.

What this tool is actually doing is creating an encrypted connection to any of the supported DNS servers, and then creating a local DNS proxy on your PC. So when you try to open howtogeek.com, your browser will send a regular DNS query to the 127.0.0.1 localhost address on port 53, and that request will then be forwarded through the encrypted connection to the DNS server.

Downloading for Windows

As with every program you use, you will need to start by downloading the installation package. Once you are on the page, simply click the “dnscrypt-proxy-win32-full-1.4.1.zip” link to download the files needed. If you see a newer version on the page, be sure to use that instead.

dnscrypt-1.png

Now, let’s create a folder on the desktop called DNSCrypt. You can create this folder anywhere you want to, but the desktop is easiest for the purposes of this demonstration. Extract all the files by opening the zip file and dragging them into the DNSCrypt folder or by right-clicking and specifying the desktop folder as the extract destination.

dnscrypt-2.png

Installing and Preparing your PC

Now you will need to open an elevated command prompt window by searching for “cmd”, right-clicking, and choosing “Run as Administrator”. Once you have your Elevated CMD window open, enter the following string. Remember that you will need to enter the path that corresponds with your “bin” folder.

cd “C:\Users\Owner\Desktop\DNSCrypt\bin”

dnscrypt-3.png

This command will tell command prompt to look in the “bin” folder where the EXE and CSV files are located.

Install the Proxy Service

Next, you will need to install the proxy service from DNSCrypt. Use the string below. You will can change the “opendns” section with a name from the CSV file, or you can update your CSV file by adding any of the public DNS resolvers that currently support DNSCrypt. You will also need to change the file path to correspond with the location of the csv file on your computer.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --test=0

dnscrypt-4.png

If your CMD window looks like the image above, you are on the right path and the proxy service has been successfully tested. If this doesn’t work, simply change the DNS resolver till you get one that works. Once it is successful, you can continue to install the proxy service by pressing the “Up” button and changing the “–test=0” to “–install” as shown below.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --install

dnscrypt-5.png

Once it is successfully installed, you will see the following:

[INFO] The dnscrypt-proxy service has been installed and started[INFO] The registry key used for this service is SYSTEM\CurrentControlSet\Services\dnscrypt-proxy\Parameters[INFO] Now, change your resolver settings to 127.0.0.1:53

Change your DNS Settings

Now you will need to change your DNS settings. Right-click on the network icon on the bottom right of your screen then click on “Open Network and Sharing Center.” It will be the 5 bars for a wireless connection or a small computer screen for wired connections. Once it is open, click on “Change adapter settings.”

dnscrypt-6.png

Right-click on the network connection that you want to edit and then select the “Properties” option.

dnscrypt-7.png

Select the TCP/IPv4 settings and then click on “Properties.”

dnscrypt-8.png

Change the Preferred DNS server to “127.0.0.1” then click “OK”.

dnscrypt-9.png

Now open the TCP/IPv6 settings and change the DNS settings to “::1”

img_548b191746195.png

Now, you have a completely secure and encrypted DNS connection set up. Have fun browsing the internet securely. Now that you have an encrypted DNS connection, you can also use QSDNS from Nirsoft to quickly change between your most frequently used DNS Servers.

Credit

Link to comment
Share on other sites


  • Replies 12
  • Views 2.4k
  • Created
  • Last Reply

You probably should expect more latency than your ISP DNS server though.

Best to not use the ISP DNS server in most cases. It's almost always inferior to something like Google or OpenDNS, and my ISP DNS redirects all bad names to their awful search page.

Personally, I use PrivateInternetAccess DNS servers which are encrypted due to the VPN.

Link to comment
Share on other sites


Best to not use the ISP DNS server in most cases. It's almost always inferior to something like Google or OpenDNS, and my ISP DNS redirects all bad names to their awful search page.

Personally, I use PrivateInternetAccess DNS servers which are encrypted due to the VPN.

I'm looking to migrate to the PIA. I've been using CyberGhost, and I have nothing to complain about, but I have read many good comments about the service provided by them, I want to take a chance. And the price is also the important factor. :rolleyes:

The PIA servers in Russia are working well? I ask because the CyberGhost servers in Russia never came back, and I never knew why. Have you ever tested their app for Android?

Link to comment
Share on other sites


"It’s a lightweight solution that works on either Windows or Mac — sadly no mobile support so far."

-> As stated by the real dnscrypt site (http://http://dnscrypt.org), it is available for iOS and Android: http://dnscrypt.org/#dnscrypt-ios

It is in recent Cyanogen.

On iOS, the device has to be jailbreak but it can change with iOS 9.

It is made by volunteers not by the opendns company which has only one of the DNS service compatible with it. The majority of DNS services for dnscrypt are run in the OpenNIC network which is not the same thing and they don't log.

PS site says "Please note that DNSCrypt is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn't prevent "DNS leaks", or third-party DNS resolvers from logging your activity."

http://dnscrypt.eu/ has a serious privacy policy too.

Link to comment
Share on other sites


Best to not use the ISP DNS server in most cases. It's almost always inferior to something like Google or OpenDNS, and my ISP DNS redirects all bad names to their awful search page.

Personally, I use PrivateInternetAccess DNS servers which are encrypted due to the VPN.

I'm looking to migrate to the PIA. I've been using CyberGhost, and I have nothing to complain about, but I have read many good comments about the service provided by them, I want to take a chance. And the price is also the important factor. :rolleyes:

The PIA servers in Russia are working well? I ask because the CyberGhost servers in Russia never came back, and I never knew why. Have you ever tested their app for Android?

I can't vouch for Russia, but the USA servers have been much better for me than CyberGhost, and P2P is allowed on all of them.

Link to comment
Share on other sites


"It’s a lightweight solution that works on either Windows or Mac — sadly no mobile support so far."

-> As stated by the real dnscrypt site (http://http://dnscrypt.org), it is available for iOS and Android: http://dnscrypt.org/#dnscrypt-ios

It is in recent Cyanogen.

On iOS, the device has to be jailbreak but it can change with iOS 9.

It is made by volunteers not by the opendns company which has only one of the DNS service compatible with it. The majority of DNS services for dnscrypt are run in the OpenNIC network which is not the same thing and they don't log.

PS site says "Please note that DNSCrypt is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn't prevent "DNS leaks", or third-party DNS resolvers from logging your activity."

http://dnscrypt.eu/ has a serious privacy policy too.

I'm really looking forward to iOS 9, possibly one of the nicest releases. They're really opening up the door.

We'll have native AdBlockers, VPNs and Network Modifications (so we can get Tor and anyone can make a VPN client. The OpenVPN one has quite a few limitations and isn't updated enough). They could probably make this DNS a VPN.

Also, you'll basically be able to sideload anything that doesn't need root/JB, as long as you have source. So that means XMBC/Kodi, Torrent Clients, and Emulators galore. All without a jailbreak.

Of course I'll always jailbreak, but the less mods I need/depend on, the better.

Link to comment
Share on other sites


but the" USA" servers have been much better for me, and P2P is allowed on all of them.

:blink: :duh:

Link to comment
Share on other sites


but the" USA" servers have been much better for me, and P2P is allowed on all of them.

:blink: :duh:

You are aware that they are a US company, right? That by that nature if there's a security issue by using a USA server, there's an issue with ALL their servers.

You are a fool if you think a VPN is NSA-proof, regardless of the provider.

PS: EU is the one with the data retention directives forcing VPNs to log, BTW.

Link to comment
Share on other sites


but the" USA" servers have been much better for me, and P2P is allowed on all of them.

:blink: :duh:

You are aware that they are a US company, right? That by that nature if there's a security issue by using a USA server, there's an issue with ALL their servers.

You are a fool if you think a VPN is NSA-proof, regardless of the provider.

PS: EU is the one with the data retention directives forcing VPNs to log, BTW.

fool is not necessary so I think it is you who view you be allow you to judge people just because they have a different opinion you

I believe no more in europe than in the US

It is to be safe from usa which seems stupid

not you

Edit

I prefer to believe the competent people.

Edward Snowden former NSA agent

Link to comment
Share on other sites


  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...