When talking about security, DNS and encryption have become two major discussion points. Encryption is making the information being sent look random to anyone on the outside staring in, while the people sending and receiving the information can read and write in it just fine (the same way people might send secret coded messages). DNS basically is like a phone book for the Internet. When you type in an Internet address, that name is actually tied to an IP address, the individual number tied to each Internet connected device. Whoever provides your DNS, usually your Internet provider, looks up what IP address is connected to what you entered, and then directs you to the website. It’s the same principle as if you wanted to call a person or business. If you look up the name of the person or business in a phone book, you can find what their phone number is, call them, and exchange whatever business, pleasantries, or other reason you had to call them.
DNS has become more of a talking point lately, as recent malware attacks on multiple operating systems have resulted in changing your DNS addresses to lead you to malicious sites, designed only to steal your information and/or give you more malware. Other holes in the DNS process have caused concern for the process itself. But since DNS is such an integral part of the way we connect to the web, there’s not a way just to turn it off without disconnecting from the web. So the wonderful people at OpenDNS have created DNSCrypt to help with these security problems. DNSCrypt works to encrypt the traffic flowing between you, your DNS provider, and the website you are trying to contact. It works to prevent your
DNS traffic from being intercepted and maliciously changed. But wait! What if your DNS addresses have already been changed? DNSCrypt fixes that because it runs off of OpenDNS’s own DNS servers. Some people may be concerned about changing DNS servers, but DNSCrypt changes it automatically so that you don’t have to, and can change back automatically to your former DNS servers if something doesn’t work right. If you’re worried about OpenDNS’s security though, OpenDNS has award-winning security, and can even speed up your web browsing experience. To change your DNS to their servers is free, but they offer home and business plans for more efficient and even more secure use.
I have been using the program for about two weeks. With it booting up as a startup program, I noticed a small increase in my Mac’s startup time, but I have not noticed any decrease in the speed of my overall browsing. I can’t say how well it blocks DNS attacks (I tend not to go searching for sites that do that), but I trust OpenDNS and have used it for a while now. And OpenDNS has a nice menubar icon to let your know its status.
While DNSCrypt is going to be a great tool to use in anyone’s security arsenal, there are a few caveats I have with it. For one thing, the program is still in beta, so anyone worried about stability might want to stay away. I haven’t experienced any crashes with it, but I would still wait until the final version of the program before using it for corporate work. Another issue with the program is that when it initially starts up, encryption hasn’t been enabled. You have to manually enable encryption from within the app’s preference pane. OpenDNS acknowledges this and say that they are coming with an update soon to fix this. And as an ascetic touch, I wish the menubar icon would have a more Mac-like feel, rather than being a red, yellow, or green light in the menubar (but at least it’s easy to understand your status).
For those willing to try a beta program, and for those who want some extra security, check out DNSCrypt. You can download it at http://www.opendns.com/technology/dnscrypt/ for free. It runs on OS 10.5 and higher. If you have any questions, comments, or suggestions about this or any other topic, leave a comment below or email me at firstname.lastname@example.org You can also check me out on Facebook, Twitter, and YouTube by hitting the buttons on the top of your screen. You can also check out my Google Plus Page at https://plus.google.com/107817518299218190319. Thanks!