This open-source software for Mac and Linux does for DNS what SSL does for HTTP: It encrypts DNS traffic to prevent spoofing, snooping, and man-in-the-middle attacks.
Like most of the network protocols and systems in widespread use today, the Domain Name System (DNS) harbors significant security vulnerabilities. Though DNS provides a deceptively simple service -- translating human-friendly website addresses such as https://www.cnn.com/ into computer-friendly numerical IP addresses such as -- the system's integrity is a crucial cornerstone of Internet operations and trustworthiness.

One common attack on the DNS infrastructure is called "DNS spoofing." In this type of attack, also known as "DNS cache poisoning," an attacker tricks a DNS server into returning an incorrect IP address for a target website. For example, an attacker might perform cache poisoning on the DNS entry for a legitimate bank's website, thereby directing visitors to the hacker's fake look-a-like site in order to capture their login or banking details. This type of attack is difficult for users to detect, because the website address displayed in the user's web browser is not altered in any way. A single compromised DNS server at an Internet Service Provider can in this way affect potentially thousands of users.

The link for this article located at eSecurity Planet is no longer available.