New Means to Secure DNS Traffic Looks Promising | eWEEK Labs | eWeek

New Means to Secure DNS Traffic Looks Promising

New Means to Secure DNS Traffic Looks Promising
Écrit par
P. J. Connolly
P. J. Connolly
Dec 8, 2011
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

If I had to pick the most vulnerable part of the Internet, my choice would be DNS. It’s far too easy to spoof, and the main stakeholders have been fairly resistant to making changes to it that would make it more reliable and less subject to shenanigans. Even workable proposals such as DNSSEC have failed to gain the requisite traction, in part because they require a solution that can scale as well as DNS, without providing an infrastructure to make that scaling possible.

[WP_IMAGE]

Now OpenDNS has taken the wraps off of a tool that’s aimed at handling the “last mile problem” of DNS, between the end user and the DNS provider. (Disclaimer: we use OpenDNS, but not exclusively, and that’s all you need to know about that.) This tool encrypts DNS traffic; for now, it’s only available for Mac OS X, but being open source, it should be relatively easy to port to other platforms. Instead of replacing DNSSEC, which provides a signature-based authentication path for DNS resolvers, DNSCrypt obfuscates the traffic in a fashion similar to SSL, using elliptical-curve cryptography to wrap packets.

For now, DNSCrypt is a technology preview, and it is locked to the OpenDNS.com servers; hopefully, future development plans for it include the ability to implement encryption on one’s own DNS servers, in addition to the proposed extension of platform support.

Here’s why the “last mile” of DNS matters: it’s terribly insecure, given that until now, all DNS traffic has moved as clear text. That’s an incredibly huge vulnerability, given the ease of executing man-in-the-middle attacks that can redirect traffic from a known-good site to an impostor. I tend to be fairly paranoid about encrypting traffic on networks I manage – just ask my brother-in-law, who at Thanksgiving became somewhat ticked off at me for setting up WPA2 on my mother’s wireless network with a 63-character key – and this would fill a big gap in my security when I’m outside of my friendly confines.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.