DNS or Domain Name Server is a service that maps addressed (IP addresses) to URL of websites you open on your browser. While most websites are not currently going HTTPS to make sure all the data is secured, securing DNS takes it one step ahead. Even over HTTPS, it leaves some of the data unencrypted, which further lets a door open for the attackers through DNS Spoofing. During Spoofing, attackers on a local network can abuse this to conduct trivial attacks. Nowadays, a lot of malware is corrupting DNS. This is where DNSCrypt comes into the picture. In this post, I am talking about DNSCrypt, and how to use DNSCrypt on Windows PC.
What is DNSCrypt Protocol
It’s an open specification/protocol which authenticates communication and data transfer between a DNS client and a DNS resolver. This makes sure DNS spoofing is kept on the bay. This protocol uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
This was pioneered by the OpenBSD operating system circa 2008 systems. It makes sure to tunnel DNS over a secure channel greatly improve DNS security. According to them, most of the applications on Windows or any other platform heavily use DNS to connect with their resources on the server. However, since they are not secure, it can lead to leaked data.
They are also working on secure transport protocols such as DNS-over-HTTP/2.
How to use DNSCrypt on Windows PC
While available on all platforms including Android, and iOS, let’s talk about Windows 10 PC space. Many third-party applications are available – i.e. clients, that can be installed on the devices, and even on the router. These tools use multiple layers of DNS resolvers to make it extra secure.
One such software is Simple DNSCrypt which offers two layers of DNS security, locks the leaking VPN, badly configured DNS, corrects the mistyped URLs and speed up your browsing experience. It can also create logs, and block addresses, and domain.
You should know DNSCrypt is also available for Servers. Some of the known clients are DNSCrypt-Wrapper, Unbound by NLnetLabs, supports both DNS-over-TLS and DNSCrypt, dnsdist by PowerDNS, supports both DNS-over-TLS and DNSCrypt, DoH-proxy by Facebook, supports DNS-over-HTTP/2 (DoH) and rust-DoH supports DNS-over-HTTP/2 (DoH).
We have reviewed a lightweight DNSCrypt Windows client, in full detail, along with its installation on a Windows PC. Do check it out.
More information is available on dnscrypt.info.