DNSCrypt

DNSCrypt

dnscrypt.info

1

About this website

DNSCrypt is a network protocol that authenticates and encrypts DNS (Domain Name System) traffic between a client and a DNS resolver, preventing DNS spoofing, man-in-the-middle attacks, and DNS hijacking. Originally developed by OpenDNS (now part of Cisco) in 2011 by Frank Denis and Yecheng Fu, DNSCrypt was one of the first practical solutions to the fundamental security weakness of the DNS protocol: by default, DNS queries are sent in plaintext over UDP port 53, meaning anyone on the network path between the client and the resolver can read, modify, or block DNS queries and responses. DNSCrypt addresses this by encrypting DNS queries using elliptic-curve cryptography (X25519 for key exchange) and authenticated encryption (XSalsa20-Poly1305 or XChaCha20-Poly1305), and by authenticating the DNS resolver using its public key (ensuring the client is communicating with the genuine resolver, not an impostor). The protocol has been superseded in the standards track by DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), but DNSCrypt remains popular due to its simplicity, performance, and the quality of its reference implementation (dnscrypt-proxy). The dnscrypt-proxy client is a lightweight, cross-platform DNS proxy that supports DNSCrypt, DoH, and DoT, and provides additional features including: support for multiple upstream resolvers with automatic failover, DNS query logging and filtering (blocklists for ads, trackers, and malware domains), local DNS caching with configurable TTL, support for DNS-over-HTTPS via HTTP/2 and HTTP/3 (QUIC), forwarding to local DoH servers, cloaking (mapping specific domains to custom IP addresses), and forwarding queries to different resolvers based on domain patterns. As of 2026, dnscrypt-proxy has over 12,000 stars.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!