The connection between the user and DNS-service can now be protected by an encrypted session to prevent man-in-the-middle attacks, spoofing, sniffing, or. In OpenDNS created an open source tool that protects endangered usually link.
OpenDNS today proposed the first version of the tool DNSCrypt, which was set up for your own DNS-service OpenDNS, and is also available to the public domain. David Yulevich, founder and CEO of OpenDNS, hopes that the technology to cope with the defense of what he calls the “last mile” in the DNS communication. The technology, he said, is similar to an SSL connection, only for DNS. It uses encryption based on elliptic curves to protect traffic between the user and the DNS.
It is not a substitute for the emerging technology of DNSSEC, which is digitally signed responses to ensure that the site really is the one for whom he claims, for example.
DNSCrypt could work with DNSSEC, as Yulevich said. ”Our technology complements the DNSSEC and all other services related to the protection of the DNS. But, in contrast to DNSSEC, which requires each unit of the chain to use DNSSEC, so that it works, DNSCrypt gives an instant benefit in terms of security and privacy of the DNS traffic between you and OpenDNS immediately after installation. ”
Communication between the user and DNS-service, especially in home networks and unprotected Wi-Fi networks are still compromised, which makes users vulnerable to man-in-the-middle and other malicious attacks, as well as the leakage of personal data.
At the moment only available DNSCrypt for the Macintosh, but, as he said Yulevich, he will move to other platforms when open source becomes available. ”I encourage developers to participate in DNSCrypt and use their skills to make the Internet a more private and secure place” – added Yulevich.