DNS service provider OpenDNS has announced a preview release of a new open source tool to improve internet security: DNSCrypt encrypts all DNS traffic between a user's system and a DNS server. The tool is currently only available for the Mac, with a Windows version promised, and only works with OpenDNS's own DNS service.
Normally, DNS information is exchanged between client and server as plain text which makes it vulnerable to snooping or modification and man-in-the-middle attacks. By encrypting the exchange, OpenDNS hopes to make the "last mile" of DNS requests more secure.
DNS Security Extensions (DNSSEC) makes the process more secure by adding authentication to DNS communications, but does not encrypt the actual exchanges. David Ulevitch, the CEO of OpenDNS, says that DNSCrypt is designed to address that shortcoming, noting that it's an implementation of the DNSCurve forwarder concept.
The link for this article located at H Security is no longer available.