LOGO

Encrypt Your DNS: A Guide to Secure Browsing

December 10, 2014
Topics:FeaturesInstallationFiles
Encrypt Your DNS: A Guide to Secure Browsing

Enhancing DNS Security with Encryption

For some time, we have highlighted the advantages of utilizing third-party DNS servers. An additional benefit worth noting is the capacity to encrypt all DNS requests, providing increased protection against potential surveillance.

Understanding DNSCrypt

DNSCrypt, developed by the team at OpenDNS, offers a straightforward method for establishing encryption between your device and the DNS server. This is a lightweight application compatible with both Windows and macOS operating systems.

Currently, mobile support is unavailable.

How DNSCrypt Functions

The tool establishes a secure, encrypted connection to any of the DNS servers it supports.

It also creates a local DNS proxy directly on your computer.

When you attempt to access a website, such as howtogeek.com, your browser submits a standard DNS query to the localhost address (127.0.0.1) on port 53.

This request is then securely forwarded to the DNS server through the encrypted connection.

Benefits of Encrypted DNS

  • Increased Privacy: Prevents eavesdropping on your DNS requests.
  • Enhanced Security: Protects against DNS-based attacks.
  • Simple Implementation: DNSCrypt offers an easy-to-use solution.

By encrypting your DNS traffic, you add an extra layer of security and privacy to your online activities.

This method ensures that your DNS queries remain confidential during transmission.

Securing Your Connection: Downloading DNSCrypt for Windows

To begin enhancing your online security, the initial step involves obtaining the installation package. Navigate to the official download page and select the "dnscrypt-proxy-win32-full-1.4.1.zip" link to acquire the necessary files. Always prioritize utilizing the latest version available on the site if a more recent release exists.

Next, a dedicated folder will be created on your desktop, named DNSCrypt. While the location of this folder is flexible, the desktop provides convenient access for this guide. The contents of the downloaded zip file should then be extracted directly into this newly created DNSCrypt folder.

Extracting the Files

This can be accomplished by opening the zip archive and either dragging all the contained files into the DNSCrypt folder, or by right-clicking the zip file and selecting the desktop folder as the destination for extraction.

The extraction process will populate the DNSCrypt folder with the required components for configuring DNSCrypt-proxy on your Windows system. This prepares you for the next stage of securing your DNS queries.

Setting Up and Configuring Your Computer

The initial step involves launching an elevated command prompt. This can be achieved by searching for "cmd" within your system, then right-clicking the result and selecting "Run as Administrator".

With the Elevated CMD window now open, the subsequent action is to input a specific command string. Ensure you replace the placeholder with the correct path leading to your "bin" folder.

cd "C:\Users\Owner\Desktop\DNSCrypt\bin"

This instruction directs the command prompt to navigate to the "bin" folder. This is where the executable (.EXE) and comma-separated values (.CSV) files are stored.

By executing this command, you are effectively setting the working directory for subsequent operations. This ensures that any commands referencing files within the "bin" folder can be executed correctly.

The command prompt will now operate within the specified directory, allowing you to proceed with the next stages of the configuration process.

Setting Up the Proxy Service

The subsequent step involves installing the proxy service provided by DNSCrypt. Utilize the command string provided below for this purpose. The "opendns" designation can be substituted with a name sourced from the CSV file. Alternatively, the CSV file itself can be updated to include any public DNS resolvers that currently offer DNSCrypt support.

Remember to adjust the file path within the command to accurately reflect the location of the CSV file on your system.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --test=0

how-to-encrypt-your-dns-for-more-secure-browsing-4.jpg

A CMD window displaying output similar to the image above indicates successful testing of the proxy service. Should the initial attempt fail, simply iterate through different DNS resolvers until a functional one is identified.

Upon successful testing, proceed with the installation by pressing the "Up" button and modifying the command from "--test=0" to "--install", as illustrated below.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --install

how-to-encrypt-your-dns-for-more-secure-browsing-5.jpg

Successful installation will be confirmed by the following output:

[INFO] The dnscrypt-proxy service has been installed and started

[INFO] The registry key utilized for this service is SYSTEM\CurrentControlSet\Services\dnscrypt-proxy\Parameters

[INFO] Your resolver settings should now be changed to 127.0.0.1:53

Modifying Your DNS Configuration

The next step involves altering your DNS settings. Locate the network icon, typically found in the system tray at the bottom right corner of your screen, and right-click on it. From the context menu, select "Open Network and Sharing Center." This icon will appear as five bars for a wireless connection or a computer monitor for a wired connection.

Once the Network and Sharing Center is open, click on the option labeled "Change adapter settings."

how-to-encrypt-your-dns-for-more-secure-browsing-6.jpg

To proceed, right-click on the specific network connection you wish to configure and choose "Properties" from the resulting menu.

how-to-encrypt-your-dns-for-more-secure-browsing-7.jpg

Within the properties window, select "Internet Protocol Version 4 (TCP/IPv4)" and then click the "Properties" button.

how-to-encrypt-your-dns-for-more-secure-browsing-8.jpg

In the TCP/IPv4 properties, designate "127.0.0.1" as the Preferred DNS server and confirm your changes by clicking "OK."

how-to-encrypt-your-dns-for-more-secure-browsing-9.jpg

Next, access the settings for Internet Protocol Version 6 (TCP/IPv6) and modify the DNS configuration to utilize "::1".

how-to-encrypt-your-dns-for-more-secure-browsing-10.jpg

With these adjustments completed, a fully secure and encrypted DNS connection has been established. Enjoy a more secure browsing experience.

Furthermore, once you have an encrypted DNS connection, consider utilizing QSDNS from Nirsoft for swift switching between your frequently used DNS servers.

Additional Information

  • DNS Encryption enhances your online privacy.
  • Using "127.0.0.1" and "::1" directs DNS queries locally.
  • QSDNS provides a convenient way to manage multiple DNS settings.

Image Credit: Craig Sunter on Flickr

#DNS encryption#DNS security#secure browsing#online privacy#DNS over HTTPS#DNS over TLS