[dns-operations] Introducing DNSCrypt
David Ulevitch
david at opendns.com
Tue Dec 6 15:17:21 UTC 2011
Friends --
Today we introduced a preview of DNSCrypt (http://www.opendns.com/technology/dnscrypt). The goal of DNSCrypt is to provide encryption of all DNS traffic between stubs and resolvers, a growing and often overlooked problem that has bugged us for some time. TSIG was one consideration, but ultimately, we went for a simpler route for now. Our design follows much of the design outlined here: http://dnscurve.org/out-implement.html
It's lightweight, strives for UDP, and the code is being pushed to Github today so others can check it out.
It's complementary to DNSSEC, doesn't attempt to address verification or validation, but it does provide encryption which helps prevent snooping, replay, filtering and man-in-the-middle attacks. This is the first in a number of releases we have planned around security in the coming year and we're interested in feedback.
Check it out!
Thanks,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20111206/43cda2e9/attachment.html>
More information about the dns-operations
mailing list