OpenDNS Releases DNS Encryption Tool - Slashdot

Slashdot

OpenDNS Releases DNS Encryption Tool 94

Posted by timothy on Thursday December 08, @10:34AM
from the do-nothing-secret dept.

wiredmikey writes "It's not news that some of the underlying foundations of the DNS protocol are inherently weak, especially what they call the "last mile" — or the part of the internet connection between the client and the ISP. To address this, OpenDNS has released a preview of DNSCrypt, a tool that enables encrypted DNS traffic, much in the same way SSL enables encrypted HTTP traffic. DNSCrypt will stop DNS replay, observation, and timing attacks, as well as Man-in-the-Middle attacks and resolver impersonation attacks. The tool, available already compiled for OS X, will also run on OpenBSD, NetBSD, Dragonfly BSD, FreeBSD, and Linux. There is no Windows client, which is odd considering a majority of the 30 million OpenDNS users run Microsoft's operating system."

This discussion has been archived. No new comments can be posted.

OpenDNS Releases DNS Encryption Tool

Search 94 Comments Log In/Create an Account

Comments Filter:

Not Odd (Score:5, Insightful)

by janeuner (815461) writes: on Thursday December 08, @10:43AM (#38302724)

Because the danger isn't poisoning the cache of an end user. The trouble comes when a site's DNS cache is poisoned, affecting hundreds or thousands of users.
Most of these DNS caches are run on a UNIX derivative.

Share
twitter facebook
Only OpenDNS can tamper with your results now! (Score:5, Insightful)

by monkeyhybrid (1677192) writes: <{steve} {at} {monkeyhybrid.com}> on Thursday December 08, @11:07AM (#38302948) Homepage

From Wikipedia [wikipedia.org]:-
If a domain cannot be found, the service redirects users to a search page with search results and advertising unless the user has paid for an upgraded service. Users can switch this off via the OpenDNS Control Panel, or specify another page to use for missing domains. This behavior is similar to that of many large ISPs who also redirect failed requests to their own servers containing advertising.

OpenDNS started resolving requests to Google.com. Some of the traffic is handled by OpenDNS typo-correcting service which corrects mistyped addresses and redirects keyword addresses to OpenDNS's search page, while the rest is transparently passed through to the intended recipient.

Also, a user's search request from the address bar of a browser that is configured to use the Google search engine (with a certain parameter configured) may be covertly redirected to a server owned by OpenDNS (which is within the OpenDNS Terms of Service).[24] Users can disable this behavior by logging in to their OpenDNS account and unchecking "OpenDNS proxy" option.

I'm sure they're no worse than other DNS providers and at least they do appear to have options to opt-out of the above behaviour, but if your DNS provider is fooling with your encrypted DNS requests, what's the point?

Share
twitter facebook
Re:Not odd that theres no Windows client (Score:3, Insightful)

by Dexter Herbivore (1322345) writes: on Thursday December 08, @11:11AM (#38302984) Journal

Yes, because a desire to play games and security are mutually exclusive. /end sarcasm

Parent Share
twitter facebook
Re:Encrypt the phonebook (Score:1, Insightful)

by Anonymous Coward writes: on Thursday December 08, @11:19AM (#38303056)

For me the important point isn't to hide addresses that are being looked up, but to determine the credibility and integrity of the response I receive. Encryption is about more than just hiding data.
Regarding the name, I'm not sure what you're complaining about. Where is it written that any entity that prefixes their name with "Open" needs to be an open source project. They are free to use.. If you want to pick on a misleading name, try NetZero...

Parent Share
twitter facebook
Re:Not odd that theres no Windows client (Score:4, Insightful)

by Anonymous Coward writes: on Thursday December 08, @11:20AM (#38303068)

Windows users don't give a shit about security, thats why they're running Windows.
YAY GAMES DURR
Linux users don't give a shit about getting work done, that's why they're running Linux.
YAY SPENDING FIFTY HOURS TWEAKING MY WINDOWING ENVIRONMENT DURR
Oh, what, that's flamebait, but apparently your comment is "Interesting"? Grow the fuck up. Windows is a hell of a lot more secure than it used to be, Linux and BSD have had their share of vulns as well, and the big threat stopped being the OS a long time ago, it's now shit like Adobe Reader. Oh, wait, this is Slashdot... I should be expecting a BSOD joke, followed by a Clippy joke, followed by a Microsoft Bob joke, because those are all about as topical...

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

477 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
392 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

Drive defensively. Buy a tank.