AuthorTopic: How to encrypt your DNS requests  (Read 5484 times)

Offline Palloy2

  • Global Moderator
  • Sous Chef
  • *****
  • Posts: 6113
    • View Profile
    • Palloy's Blog
How to encrypt your DNS requests
« on: February 08, 2017, 09:09:32 PM »
How to encrypt your DNS requests

The Domain Name System (DNS) is a network of servers that translates a Domain Name (like "") into the IP Address of the computer that currently hosts it [] . The system is designed to be as flexible as possible, to allow for changes in what computers are doing what job at any time.  It is supposed to be able to survive a nuclear war, but don't bet on it.

The Problem

As web surfers, every time we want to go to, the web browser must first do a DNS query to get the IP Address of the website, then send a web page request to that IP.  The question of which DNS server is talked to depends on how you have set up your computer, but the simplest choice is to use whatever your ISP decides for you.  This puts your ISP in the unique position to see every DNS look-up you do, and gives them the opportunity to screen those requests for naughty things like "", and to report you to NSA, or stick it in an archive so that NSA can ask in years to come.  They can even block you from going there, by reporting back "Server unknown".  This is what the Chinese do all the time, and what your President will probably do to you if he decides to stamp out "fake news" sites.

The solution

One way around this is to encrypt your DNS requests, so that they can't be understood by your ISP.  Unfortunately only a few DNS servers are capable of understanding encrypted DNS requests, but the OpenDNS servers do, so it helps maintain your privacy if you use those.

Instructions on how to choose to use OpenDNS servers

If you only have one computer, it will be its own "gateway" to the ISP.  But if you have several computers, you will also have a router that will act as the gateway for all the computers on your local network.  If you are in a major office environment, there may be a hierarchy of routers, and you won't have the credentials to make these changes.

So assuming you have your own router, you contact it with your web browser by entering its Local IP address.  This should be on a label stuck to the bottom of the router.  Mine has http://dlinkrouter , or .  The router (which has a little web server in it) will respond with a web page.  This is probably going to be a login page asking for the Admin username and password.  These were initially set to the default username and password, which will also be on the label stuck to the bottom of the router, but hopefully you have changed the password since then. So log in with the new password, stored in your Password Manager.

What you will then see is another web page, but these are all different for different routers, so I can't tell you exactly what it will look like.  For mine, click on Manual Set Up, and then uncheck the box marked "use ISP for DNS".  This will bring up two boxes for Primary DNS and Secondary DNS.  Set them to the IP Addresses and .  Save the settings.  Job done.

Instructions on how to encrypt your DNS requests

Go to (don't get DNSCrypt from anywhere else, as it might contain malware) and click on the button for your Operating System  - Windows/MacOS/Linux/Android/iOS.  Download the appropriate package and install it on each computer that you want to protect. It will sit quietly in the background watching for any requests for DNS, encrypting the request and decrypting the results, entirely automatically.  Job done.


Now what could be easier than that?  It's just a tiny bit more privacy, but if it were to really catch on, all DNS servers would adopt it, just like Google and Yahoo eventually started using encryption on email data in transit, and web page data in transit.  It also tells NSA to stop spying on people!

"The State is a body of armed men."


Related Topics

  Subject / Started by Replies Last post
4 Replies
Last post July 11, 2015, 09:40:51 PM
by roamer