DNSCrypt | OpenDNS Background: The need for a better DNS security DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak — particularly in the “last mile.” There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we’ve always wanted to fix. Why DNSCrypt is so significant In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. Note: Looking for malware, botnet and phishing protection for laptops or iOS devices? Download Now: Frequently Asked Questions (FAQ): 1. 2.
Encrypt DNS Traffic In Ubuntu With DNSCrypt [Ubuntu PPA] This article was posted a while back but I've decided to repost it because there's a new PPA that you can use to install dnscrypt-proxy in Ubuntu (14.10, 14.04 and 12.04) and also, some parts of the article needed to be updated. DNSCrypt is a protocol for securing communications between a client and a DNS resolver, preventing spying, spoofing or man-in-the-middle attacks. To use it, you'll need a tool called dnscrypt-proxy, which "can be used directly as your local resolver or as a DNS forwarder, authenticating requests using the DNSCrypt protocol and passing them to an upstream server". Thanks to Pascal Mons (work based on Sergey "Shnatsel" Davidoff's initial PPA, which doesn't have packages for Ubuntu 14.04 or 14.10 right now), you can easily install it Ubuntu. His packages use 127.0.0.2 as the local IP address so it doesn't interfere with Ubuntu's default setup. 1. sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxy 2. 3.
Open Whisper Systems partners with WhatsApp to provide end-to-end encryption At Open Whisper Systems, our goal is to make private communication simple. For the past three years, we’ve been developing a modern, open source, strong encryption protocol for asynchronous messaging systems, designed to make seamless end-to-end encrypted messaging possible. Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default. Your messages may already be encrypted The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. This is still the beginning Get involved!
DNSCrypt Windows Service Manager - Simon Clausen Description This little program will assist in setting up DNSCrypt as a service, configure it and change network adapter DNS settings to use DNSCrypt. It is built on the idea behind dnscrypt-winclient and includes a few elements from this program. It includes the option to use TCP/UDP protocol, IPV4/IPV6 connectivity, choice of network adapter to configure, as well as configurations for currently available DNSCrypt providers. Read more about DNSCrypt here, here or here. Download Download a self-extracting zip here. Usage When DNSCrypt has been configured, you can close the program again. Planned features and known issues Copyright DNSCrypt Windows Service Manager is based on dnscrypt-winclient, originally developed and Copyright (c) 2012 by Patrick Webster: DNSCrypt Windows Service Manager includes a few elements from the original program. License
Here's a preliminary pet for DNSCrypt Here's a preliminary pet for DNSCrypt (note* this package requires libsodium, pet found here) for previous discussion about DNSCrypt see (this thread). This was compiled using the version of puppylinux called "precise" so it is a 32 bit binary. I have not tested this yet, I will be testing this in conjuction with "DNSCrypt Tools" (See thread) which will be part of my testing process. BIND BIND /ˈbaɪnd/, or named /ˈneɪmdiː/, is the most widely used Domain Name System (DNS) software on the Internet. On Unix-like operating systems it is the de facto standard. The software was originally designed at the University of California Berkeley (UCB) in the early 1980s. The name originates as an acronym of Berkeley Internet Name Domain, reflecting the application's use within UCB. The software consists, most prominently, of the DNS server component, called named, contracted for name daemon. In addition the suite contains various administration tools, and a DNS resolver interface library. Starting in 2009, the Internet Software Consortium (ISC) developed a new software suite, initially called BIND10. Database support BIND 10 planned to make the data store modular, so that a variety of databases may be connected. Security History Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley. See also
Intercepter-NG official site PostPosted: Sun 19 Apr 2015, 15:56 -- s243a attempts at compiling DNSCrypt Kismet DNSCrypt DNSCrypt encrypts and authenticates DNS traffic between user and DNS resolver. While IP traffic itself is unchanged, it prevents local spoofing of DNS queries, ensuring DNS responses are sent by the server of choice.  Installation Install the dnscrypt-proxy package. Configuration Select a resolver from /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv and edit dnscrypt-proxy.service, using the first column as the name of the resolver with the -R flag. [Service] ExecStart= ExecStart=/usr/bin/dnscrypt-proxy -R dnscrypt.eu-nl Tip: A potentially more up-to-date list is available directly on the upstream page. After selecting a dnscrypt resolver, modify the resolv.conf file and replace the current set of resolver addresses with address for localhost: nameserver 127.0.0.1 Other programs may overwrite this setting; see resolv.conf#Preserve DNS settings for details. Tips and tricks DNSCrypt as a forwarder for local DNS cache # systemctl edit dnscrypt-proxy.socket /etc/systemd/resolved.conf proxy-dnssec
p300 LAN/VPN P2P file sharing and messenger DNSCrypt - dnscrypt-autoinstall First, you should read this to have an understanding of what DNSCrypt-proxy offers you in terms of privacy and security. It is a good start : DNSCrypt is a protocol for securing communications between a client and a DNS resolver, preventing spying, spoofing or man-in-the-middle attacks. For installing on Mintpup and other Dog-based OS. You need PPA enabled. Here's the installation steps : $sudo add-apt-repository ppa:anton+/dnscrypt Then apt update and apt install dnscrypt-proxy .deb file available here for Xenial (16.04 - version 1.6.1 which is not the latest) : After installing DNSCrypt, you need to set your network connection DNS server to 127.0.0.2. To check if dnscrypt is working as it should be, visit this site and click standard test.