Wednesday, 10 June 2015

Encrypting DNS Traffic with DNSCrypt



The Domain Name System (DNS) is a pervasive component of our computing and Internet. We do not realize its existence even though we use it all the time. It acts like the phone book of the Internet where it translates computer hostnames that are readable by human to IP addresses. The DNS server stores DNS records of domain names. Hence, it is of importance to the user by locating services on the network.. It is a technology that like all other systems and also network protocols is vulnerable to attacks. You need to secure DNS because of its huge role and importance. 



The DNS is prone to attacks such as Cache poisoning where DNS attacks exploit vulnerabilities in the DNS security to add wrong addressing information to the caches. Because of it when you access the cache to go to a site you will instead find yourself on a different server controlled by attackers. Though, DDOS are not specific to the DNS, it is still vulnerable to the Distributed Denial of Service attack that results from the infrastructure of the DNS not being able to handle the amount of requests received. Another threat is of the Register Hijacking where attackers compromise the chosen registrar on your account and in the process gaining control of the domain name. This and other modes of threats mean that you have to prevent your servers against DNS attacks. The OpenDNS have come up with a software that serves to secure the protocol from future threats.

The security program provides an added security level solution on Windows and Mac where it is used as a form of DNS security. It encrypts the DNS by creating a connection that is encrypted to the DNS servers then it creates a DNS proxy in your computer. Therefore, when you try to access a site, the browser sends a DNS query to a local host address. Now, the request gets forwarded to a DNS server through the connection which is encrypted. The DNS information gives a complete account on the internet activity, the domains, and all the servers that you made the connection to hence are very valuable. By encrypting hence, making sure of a secure DNS, the spies who are in the middle of eavesdropping on your connection get blocked from accessing your information.

How to Get DNSCrypt?


The package is available free and can get downloaded from the official website. From the main site choose DNSCrypt Proxy ZIP package for Windows and download it. Configuring it on your computer is easy.

How to Install?


The software works where there are OpenDNS setting therefore before installing set the internet connection so that OpenDNS gets used as the provider. 

1. Once the internet settings get configured, from the downloaded package, extract the folder contained in it and put it in a drive on your computer and then rename it to “DNSCrypt.” 

2. Open the command prompt as an administrator 

3. When you have opened the command prompt, go to the folder named “bin” inside the folder that you extracted, that is the DNSCrypt folder. You can do it by providing the path to the drive and folder in which it gets stored. For example: c:\name\dnscrypt\bin.

4. Enter the command “DNSCrypt-proxy.exe which will install the program.

5. After executing, you should get a message to confirm the success along with information on the registry key used and settings on the DNS resolver that you have to change.

6. Press “Win + X” then choose “Network Connections” that will open the Network connection pane. For those using Windows 7 and Vista, go to “Network and Sharing Centre.”

7. Right-click on the network adapter then choose “properties,” this opens the properties window where you scroll down to “internet protocol version 4 (TCP/IPv4)” and select the Properties button.

8. Click on the button “use the following DNS server addresses” where you enter 127.0.0.1 localhost address as the preferred DNS. 

9. Once it is done click on the button “OK.”

Conclusion


Encryption of the DNS server is sensible and advisable more so if you are getting access to the internet through public connections. The virtual private network can be used as an additional measure when you use a public network and where you do not have full control of the network. The software does not reduce the speed of your browser and neither does it use many resources from your machine while it does its duty to give you a secure DNS.

No comments:

Post a Comment