(Note: if OpenDNS is your default DNS resolver, then this option won’t make much of a difference).įor the highest security, check DNSCrypt Over TCP / 443 (slower) and uncheck Fall back to insecure DNS. For example, if OpenDNS cannot be reached, your computer will fall back to your default DNS server. The default settings (shown above) are optimized for speed and reliability. This is handy if you haven’t set up your router to use OpenDNS. You can simply check Enable OpenDNS and your computer will begin using OpenDNS.
Note that once you install DNSCrypt, you won’t have to alter your DNS settings for your network adapter in order to use OpenDNS anymore. Right-click the icon to open the Control Center for more info and options. It is available for both Mac and Windows and is a breeze to install-just launch the installer and follow the on-screen prompts.Īfter installation, you’ll see a green indicator in your system tray showing you that DNSCrypt is working.
In fact, the software is open source (you can view the source on GitHub).
However, I’m happy to report that my test for DNS leaks came up dry while connecting with OpenDNS on my Windows 8 computer.ĭNSCrypt is available for free as a Preview Release. According to the folks at, DNS leaks are most prevalent on Windows clients. You can test to see if you have a DNS leak by visiting while connected via OpenDNS. That is, even though you’ve set up your computer or router to connect to OpenDNS (or a VPN or alternate DNS server, such as Google DNS), something on your computer is still making requests to the default DNS server (usually your ISP’s). Basically, for this vulnerability to be present, you’d have to have a “ DNS leak” on your connection. The risk of someone eavesdropping on or spoofing a DNS in the “last mile” is very low. With DNSCrypt, hackers won’t be able to snoop on your DNS traffic anymore-nor will they be able to trick your computer into thinking that you’re communicating with a legit DNS server. That is, hackers could still snoop or divert your DNS traffic by intercepting it before it reaches your ISP. But this still leaves one relatively weak link in the chain: the “last mile” or, the portion of your Internet connection between your ISP and your computer. Once your request reaches the OpenDNS servers, you can be reasonably assured that you’re making a legitimate connection to the website you’re trying to reach. It does so by providing a better DNS server than the one your ISP provides by default. In a nutshell, OpenDNS improves your web browsing security by giving you greater assurance that the website you are connecting to is the one you intended to connect to. This is similar to, but not the same as, HTTPS encryption of web traffic (SSL/TLS). DNSCrypt is an additional service layered on top of OpenDNS that helps protect against vulnerabilities presented by “DNS leaks.” It does so by encrypting DNS traffic to ensure that it can’t be intercepted by a hacker or a man-in-the-middle.