Feeds

back to article OpenDNS puts crypto in beta

While the world slowly implements DNSSec in the backbone of the Internet, OpenDNS has put forward its solution to securing the user-side of DNS, with the preview version of a DNS encryption tool. DNSCrypt only works on Macs at the moment. According to OpenDNS, the idea is to encrypt all users’ DNS requests, preventing nasties …

COMMENTS

This topic is closed for new posts.
Thumb Up

As a bonus

It would stop those buggers who instantly register a domain name when you look to see if it is already taken and then attempt to gouge you.

0
1
Silver badge
Holmes

How?

2
0
Bronze badge

depends on whether opendns does that

because your dns query passing through the internet would leave no clue as to its actual requested contents.

1
1
Silver badge

DNS gougers, and general snoopers

Get yourself a dictionary file, have a script start randomly stringing domain names together and looking them up at a rate that won't get you in trouble with your ISP. The gougers will soon be stuffed even if they are only paying pennies on a domain name, and casual snoopers won't know what's real and what's not.

Same approach as using TrackMeNot: Why go under the radar when you can obliterate it with chaff?

0
0

Fix other issues first

I'd like them to fix other issues before worrying about encryption. It's trivially easy ( http://www.esrun.co.uk/blog/hijacking-an-opendns-user/ ) to hijack an openDNS user and have all their DNS queries put through your own account!

1
0
Thumb Down

@Stephen 2

This hack AFAICS is very very limited. Using OpenDNS and being a registered opendns user are very different, most people using openDNS will not be registered users, they are simply using OpenDNS DNS resolvers and so this “social hack” would not work for them. Add that most openDNS registered users (who are probably quite IT savvy in any case for using opendns) would not follow a (phishing) link sent from just anyone makes the scope if this hack as I can see it is very very small.

0
2

The hack doesn't require that the user has an openDNS account - it simply requires that they're using openDNS.

Remember that it doesn't have to be used as a targeted attack. You could just put the code up on any busy website and hit any openDNS user who happens to access the website.

2
0
FAIL

Bogus argument. 1 out of 3 schools in the USA use OpenDNS. It is often superimposed by administrators. Also, the hack described works regardless if you are a registered user or not, it only requires you to use OpenDNS's resolvers. The attacks only is required to be a registered user.

1
0
Silver badge
Meh

Blocking

"such as would be mandated by any government seeking to block citizens’ access to a particular class of Website, whether over concerns about decency or piracy"

Is that really what they are proposing? Just how hard would it be to pass on ip addresses of blocked sites down other channels (including old-fashioned paper samizdat)?

I'm starting to wonder, if DNS didn't already exist would we bother to invent it? We manage to use the telephone system fine with just numeric addresses. No global distributed directory, just various un-coordinated look-up tables with various degrees of localisation, specialisation and automation.

0
2
Anonymous Coward

problem >>>

dynamic IPs

0
0

DNS vs Telephones

I'd guess, given the chance, the telcos would love to (charge for) a phone equivalent to DNS

0
0
Happy

@Blocking

The telephone system in the form of phone directories, associates a name with a number. DNS does the same thing. A phone directory with just a list of numbers and no names is fairly useless.

0
0
This topic is closed for new posts.