how to install the best version of DNSCrypt?
I installed DNSCrypt 0.0.6 (updated 6 August 2012) very easily from the OpenDNS website. So that seems to have put 9 files into the directory called C:\Program Files (x86)\OpenDNS\DNSCrypt and it seems to be working, including the green status icon.
As I tried to educate myself, I learned that smart people are continuing to improve the program, and that newer versions exist at GitHub, but I did not find a Windows installer there.
I did download a newer version of of dnscrypt-proxy.exe and a file called hostip.exe. The instructions I followed told me to unzip those two files into another directory, open a DOS cmd window, and then type "dnscrypt-proxy --install"
but I received this: [ERROR] unable to install service
So I am not sure how to proceed now. Should I simply copy the newer dsnscrypt-proxy.exe file into the OpenDNS\DNSCrypt directory ?? Or is there a simple installer that I have missed at another website?
I know nothing about Linux, or OSX, and I am running Windows 7 Pro 64-bit on a Lenovo laptop that travels a lot, so security is important to me.
Thank you for OpenDNS, and for DNSCrypt, and my apologies for this newbie query if it is in the wrong place.
-
"open a DOS cmd window, and then type "dnscrypt-proxy --install"
but I received this: [ERROR] unable to install service"You must start the Command Prompt window in elevated mode (right-click and "Run as Administrator"). Non-admin command prompt windows act like for a regular user. Installing a service is strictly an administrator task.
Also, there is no "DOS" when running cmd.exe. Although it looks a bit like this, it isn't.
"So I am not sure how to proceed now."
Best is you uninstall your current DNSCrypt GUI to also clean up the registry and stuff. Then you may recreate the directory OpenDNS\DNSCrypt to store the two .exe files there. Then you run the install command from an elevated command prompt window.
If you had special settings in the old DNSCrypt GUI, you can have these also with the registry settings described in the README file.
https://github.com/opendns/dnscrypt-proxy/blob/master/README-WINDOWS.markdown"if it is in the wrong place." - You got it perfectly right!
-
Thank you rotblitz! That seemed to work fine, the installation did not generate any error message. Now, based on the instructions over on github say "Change your DNS settings to 127.0.0.1" -- how do I do that? Meanwhile, I can start the Windows Task Manager, and under the Services tab I can see dnscrypt-proxy PID 2336 is running. Yay. I am going to reboot and see if it starts in the background automatically. But is there another way to check that it is indeed running and operating properly? Thank you for your patience! -
You follow https://store.opendns.com/setup/computer/ but use 127.0.0.1 instead of the OpenDNS resolver addresses.
-
Thanks again. I think I am learning some interesting stuff about the internet. I tried to test what is going on as follows: 1. I opened a CMD window as Administrator, and navigated to the DNSCrypt directory 2. typed dnscrypt-proxy.exe –install and saw this response [INFO] the dnscrypt-proxy service and been installed and started 3. Exited from the CMD window, and made sure that I could surf the web normally 4. Opened another CMD window, and typed nslookup sears.com and saw this response Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: sears.com Address: 74.122.182.100 Now in this case, I assume that the OpenDNS address was supplied by my router (right?) 5. Without closing that CMD window, I went through the process at the link you provided (very carefully) and set my DNS to 127.0.0.1 6. Back in the CMD window, I again typed nslookup sears.com but this time I had a different response: 1.0.0.127.in-addr.arpa primary name server = localhost responsible mail addr = nobody.invalid serial = 1 refresh =600 retry = 1200 expire = 604800 default TTL = 10800 (root) ??? unknown type 41 ??? Server: UnKnown Address: 127.0.0.1 Non-authoritative answer: Name: sears.com Address: 74.122.182.100 So I don’t need to understand all of those items, but it seems to be working (hooray). One more question: will have to go through that process of manually setting my Wireless Connection DNS to 127.0.0.1 each time I connect with a new WiFi network? Thank you. -
sorry, I don't know why all the formatting got lost in the previous message.
Thanks again. I think I am learning some interesting stuff about the internet. I tried to test what is going on as follows:
1. I opened a CMD window as Administrator, and navigated to the DNSCrypt directory
2. typed dnscrypt-proxy.exe –install and saw this response
[INFO] the dnscrypt-proxy service and been installed and started
3. Exited from the CMD window, and made sure that I could surf the web normally
4. Opened another CMD window, and typed nslookup sears.com
and saw this response
Server: resolver1.opendns.com
Address: 208.67.222.222Non-authoritative answer:
Name: sears.com
Address: 74.122.182.100Now in this case, I assume that the OpenDNS address was supplied by my router (right?)
5. Without closing that CMD window, I went through the process at the link you provided (very carefully) and set my DNS to 127.0.0.1
6. Back in the CMD window, I again typed nslookup sears.com
but this time I had a different response:
1.0.0.127.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh =600
retry = 1200
expire = 604800
default TTL = 10800(root) ??? unknown type 41 ???
Server: UnKnown
Address: 127.0.0.1Non-authoritative answer:
Name: sears.com Address: 74.122.182.100
So I don’t need to understand all of those items, but it seems to be working (hooray).
One more question: will have to go through that process of manually setting my Wireless Connection DNS to 127.0.0.1 each time I connect with a new WiFi network? Thank you.
-
First of all, you did everything correct.
"Now in this case, I assume that the OpenDNS address was supplied by my router (right?)"
Either this, or you had configured it manually. This doesn't make a difference at the end. You did not go through the DNSCrypt proxy in this case, but sent your DNS lookups to OpenDNS directly: Server: resolver1.opendns.com - Address: 208.67.222.222.
"but this time I had a different response"
Yes, your DNS lookups now go to Server: UnKnown - Address: 127.0.0.1 where the DNSCrypt proxy is listening to service / forward your DNS lookups to OpenDNS.
Either way, the DNS lookup result is the same for sears.com: 74.122.182.100, as should be.
You can also verify that you're using DNSCrypt if you want:
nslookup -type=txt debug.opendns.com.
"will have to go through that process of manually setting my Wireless Connection DNS to 127.0.0.1 each time I connect with a new WiFi network?"
No, not if you're using the same WiFi/WLAN adapter.
Please note, this kind of OpenDNS is for networks you own, not necessarily for your devices in other networks. If the network admins (or even their ISP) want, they simply could block you from using a 3rd party DNS service like OpenDNS, so this would look like no internet connection at all. In this case you'll have to reconfigure the computer to obtain the network settings automatically. And then back to 127.0.0.1 when at home.
-
Excellent. So using DNSCrypt in this way can prevent man-in-the-middle attacks, and will hide DNS requests from my own ISP at home. Are you saying that it may be possible to use DNSCrypt with public WiFi (airport, library, cafe) depending upon how that public router & ISP is set up?
And finally, I presume that DNSCrypt would not apply at all when using a VPN, because the DNS service that is set at the server end of the VPN would prevail.
Thank you!
-
"Are you saying that it may be possible to use DNSCrypt with public WiFi (airport, library, cafe) depending upon how that public router & ISP is set up?"
Yes, this is meant. No matter, you should not run an Updater in other networks and therefore not register someone else's IP address with your home network. You would break content filtering for your home network, and you may impact other users in the guest network with being bound to your settings.
If you need some kind of content filtering in other networks, you'll have to use the OpenDNS FamilyShield addresses, i.e. you had to change the behaviour of the DNSCrypt Proxy to forward to a FamilyShield address by amending/introducing the related registry entry. By default it forwards to 208.67.220.220, but FamilyShield would be 208.67.222.123 or 208.67.220.123.
"And finally, I presume that DNSCrypt would not apply at all when using a VPN, because the DNS service that is set at the server end of the VPN would prevail."
Yes and no. If the VPN tunnel comes with a virtual connection (i.e. an own LAN connection as tunnel entry to your active connection), kind of OpenVPN technology, you certainly can configure this to use OpenDNS, also with DNSCrypt. But again, the public IP address of this connection is not yours, so don't run an Updater to register it with your home network.
In all other VPN cases the remotely configured DNS service (at the VPN server end) is being used.
-
I have a VPN running PPTP/SSTP , but have Open DNS IPs in my v4 properties, think i have disabled v6, i just upgraded to the GUI 0.0.6 and am getting 'current dns resolver: none available' ; according to what you've written above, it sounds like i should put the VPNs DNS Ip's into the v4 properties and not opendns's ? and /or how do i get the gui to work, apparently dns IS being resolved, maybe its defaulting to the VPN's, while i'm on VPN and to Open DNS when i'm not ? -
"i would if i knew how to cut and paste from a terminal"
I see, IT is not for you. Also from what you said else. :(
Right-click within the command prompt window, and select the related action from the context menu.
Or click the icon in the left upper corner to select from options."funny though i don't recall putting in the 127.0.0.1 i thought i had opendns ip numbers in ipv4 not 127.0.0.1"
No matter what you have put in, the DNSCrypt with GUI changed this to 127.0.0.1, else DNSCrypt would not work.
-
ROTBITZ, when I run DNSCrypt 0.0.6 i get current DNS resolver : none available (while VPN is connected) here is the ipconfig /all ; 0.0.5 did NOT have this issue, the wireless IF says 127.0.0.1 ....
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxx.rr.comPPP adapter VPN - 279057-SSTP:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN - 279057-SSTP
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.200.148.149(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : EnabledWireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : xxxxxxx.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapte
r
Physical Address. . . . . . . . . : 20-10-7A-
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.128(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, July 06, 2013 6:53:21 AM
Lease Expires . . . . . . . . . . : Thursday, July 11, 2013 7:56:30 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : A0-B3-CC-6B-FA-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{AA38D-5660-415B-A809-BFA69}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:c0c8:9495::c0(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{9923-7B1E-46BF-A703-4766389D42F5}:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : :200:5efe:192.200.148.149%17(Preferr
ed)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter isatap.xxxxx.rr.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : xxxxxx.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesC:\Windows\system32>route print
===========================================================================
Interface List
27...........................VPN - 279057-SSTP
12...20 10 7a 58 3e 7e ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
11...a0 b3 cc 6b fa 94 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.128 4250
0.0.0.0 0.0.0.0 On-link 192.200.148.149 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
192.168.1.0 255.255.255.0 On-link 192.168.1.128 4506
192.168.1.128 255.255.255.255 On-link 192.168.1.128 4506
192.168.1.255 255.255.255.255 On-link 192.168.1.128 4506
192.200.144.41 255.255.255.255 192.168.1.1 192.168.1.128 4251
192.200.148.149 255.255.255.255 On-link 192.200.148.149 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.1.128 4508
224.0.0.0 240.0.0.0 On-link 192.200.148.149 26
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.1.128 4506
255.255.255.255 255.255.255.255 On-link 192.200.148.149 281
===========================================================================
Persistent Routes:
NoneIPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 1030 2002::/16 On-link
15 286 2002:c0c8:9495::c0c8:9495/128
On-link
17 281 fe80::200:5efe:192.200.148.149/128
On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneC:\Windows\system32>
-
"when I run DNSCrypt 0.0.6"
Best is to get rid of the GUI and install the dnscrypt-proxy alone as acz did above. You shouldn't have to care about the GUI.
"the wireless IF says 127.0.0.1"
It does, indeed, as should be. But when using your VPN, a virtual ethernet adapter "PPP adapter VPN - 279057-SSTP" comes up, tunneling into your wireless connection. And there you have Google DNS (8.8.8.8 and 8.8.4.4) configured. Change this to 127.0.0.1, and it will possibly work also when using the VPN.
If it still does not work, or you have no DNS at all, you will have to configure a persistent route ("route add .....") to route out your DNS lookups through the 192.168.1.1 gateway on interface 192.168.1.128 only, so that the DNS traffic doesn't go through the VPN.
-
Rotblitz, you said this:
"No matter, you should not run an Updater in other networks and therefore not register someone else's IP address with your home network."
I certainly would never wish to alter any IP other than my own. In fact I do not even understand what you mean by "run an Updater",
could you please explain that part?My query was based upon the idea of sitting at a cafe, connecting first to the public router at the cafe (insecure), then setting my DNS to 127.0.0.1 by the instruction you gave earlier, which should insulate me from man-in-the-middle attacks. Finally, I should test if I can start up a commercial VPN service (even more secure). Or is there another way?
Thanks for education on this subject.
-
"In fact I do not even understand what you mean by "run an Updater", could you please explain that part?"
If you don't know what is meant, you certainly didn't install this small program offered by OpenDNS, called the OpenDNS Updater. It is to keep your changing IP address information updated for your network at OpenDNS, so that your DNS lookups can be associated with your settings.
"My query was based upon the idea of sitting at a cafe, connecting first to the public router at the cafe (insecure), then setting my DNS to 127.0.0.1 by the instruction you gave earlier, which should insulate me from man-in-the-middle attacks."
Beside the fact that you set your DNS to 127.0.0.1 because of DNSCrypt already, so no need to do it again, no, it doesn't protect you from man-in-the-middle attacks, because only your DNS traffic is encrypted then, not so the rest of your traffic, e.g. non-HTTPS web traffic, which is often the majority. OpenDNS is not a proxy and not a VPN service, but a DNS service, as can be easily seen from their name. So they can deal with your DNS traffic only.
"Finally, I should test if I can start up a commercial VPN service (even more secure). Or is there another way?"
You could of course use a VPN service to make all your traffic encrypted, not just your DNS traffic (as with DNSCrypt), if you are concerned enough about any attacks, and if you are willing to blindly trust the VPN service provider as well (because this could theoretically be and actually is a man-in-the-middle too). Whatever, with some more in-depth knowledge such efforts are often not needed. You can protect yourself easier and cheaper else.
And yes, the most secure currently known methods are VPNs and the likes, especially services like TOR and similar. However, for the most purposes HTTPS encrypted connections are sufficient unless you're a member of a secret service. ;-)
Another alternative, even easier, is to either not sit at a cafe, or to not go online when sitting at a cafe... ;-)
This is what real professionals do, really. -
i don't have a this file in the dir hostip.exe
--install here just says it's 'unrecognized option' as does dns-proxy.exe -help
2) i don't see how one 'uninstalls dnscrypyt' in win7, it's not in programs list , and there is no free standing uninstaller, Does it get 'installed' ?
"And there you have Google DNS (8.8.8.8 and 8.8.4.4) configured. Change this to 127.0.0.1"
........hmm, i'm not sure how google dns got into this, or where the config is coming from , i only know to change dns entries in the 'properties' of ipV4...
........is there a reason to use both dnscrypt and the vpn ? maybe i can just use opendns over the vpn , and dnscrypt off the vpn and/or how to config that way ?
-
Generally, you got the wrong order: first uninstall, then download and install. You can't install what you even haven't downloaded yet.
"i don't have a this file in the dir hostip.exe"
Yes, you didn't download it yet with the dnscrypt-proxy.
"--install here just says it's 'unrecognized option' as does dns-proxy.exe -help "
Yes, you didn't download this either. You still have the old version.
"i don't see how one 'uninstalls dnscrypyt' in win7, it's not in programs list , and there is no free standing uninstaller, Does it get 'installed' ?"
Good question, I don't know either. Well you had at least to disable auto-start of the old DNSCrypt.
- Go into the services control panel (services.msc), and stop the OpenDNSCrypt service and set it to "Manual" or "Disabled".
- Then go into the Startup folder, and set the file OpenDNSCrypt.lnk to hidden.
Then you follow https://github.com/opendns/dnscrypt-proxy/blob/master/README-WINDOWS.markdown
- I.e. you download the latest dnscrypt-proxy.exe (and hostip.exe), win32 in a ZIP archive, e.g. from http://download.dnscrypt.org/dnscrypt-proxy/
and extract it in e.g. the same folder where DNSCrypt resides now, thereby overwriting the existing dnscrypt-proxy.exe there. -
dnscrypt-proxy.exe --install - If not already done, in IPv4 properties change your DNS settings to
127.0.0.1
That should be it!
"hmm, i'm not sure how google dns got into this, or where the config is coming from , i only know to change dns entries in the 'properties' of ipV4..."
Yes, this is how any DNS resolver addresses comes to this place: someone entered those in the IPv4 properties. So replace them by 127.0.0.1 now to use DNSCrypt.
"........is there a reason to use both dnscrypt and the vpn ? maybe i can just use opendns over the vpn , and dnscrypt off the vpn and/or how to config that way ?"
Well, do you have a reason to use OpenDNS and/or DNSCrypt at all? If you have a good reason to use DNSCrypt without VPN, the same good reason would apply for DNSCrypt with VPN. Why not. And if you have the dnscrypt-proxy installed, why still use pure OpenDNS without DNSCrypt? It's not any more difficult or what. It really doesn't matter if you enter 208.67.222.222 and 208.67.220.220 or just 127.0.0.1, right? The latter is even quicker. You should know what you want to achieve, not me. You asked for it.
-
so did opendns write this dns-proxy ? or do you work for opendns? or just a supporter of the proxy ? ; i'm a bit confused, if all the github stuff, is official opendsn software? :)
it appears there is a proxy in the opendns crypt dir/folder, but your saying that is an 'older' one ? which does include an --install option
PS those google DNS numbers, are NOT in my ipV4 properties, i'm guessing they must be in the VPN's , I have asked them the same question and waiting to hear back ...
-
"so did opendns write this dns-proxy ?" - Yes.
"or do you work for opendns?" - No.
"or just a supporter of the proxy ?" - No, just a supporter of OpenDNS users seeking for help, being an OpenDNS user only like you.
"i'm a bit confused, if all the github stuff, is official opendsn software?" - Yes, but everything under https://github.com/opendns only.
"it appears there is a proxy in the opendns crypt dir/folder, but your saying that is an 'older' one ? which does include an --install option"
This is an older version, without the --install option, as you have clearly experienced: 'unrecognized option'
"those google DNS numbers, are NOT in my ipV4 properties, i'm guessing they must be in the VPN's"
No, they must be there, because for this interface "PPP adapter VPN - 279057-SSTP" DHCP is disabled. The only way they can come to there is that someone entered them manually.
-
dnscrypt is not a product but a protocol. And there are implementations of this protocol.
Github is a popular web site for sharing code.
I work for opendns and I wrote the protocol and a client implementing this protocol called dnscrypt-proxy.
This client is on Github, so that it's not a blackbox: everybody can review it, check that it doesn't contain an obvious backdoor, contribute, report bugs and suggest ideas. Github is a perfect place for that. There is also a server, also available on Github for the same reasons.
People wrote graphical user interfaces for the client. What they do is start dnscrypt-proxy, and change your DNS settings to 127.0.0.x when you click a button.
DNSCrypt-Winclient (also available on GitHub), DNSCrypt Win Client (GUI made by OpenDNS), GuizmoDNS (for iPhone), and the DNSCrypt OSX Client, all do the same thing. Firmwares for routers also provide web interfaces to it.They all are just optional front-ends to start and stop dnscrypt-proxy. And all of them are configured to use OpenDNS servers by default.
These user interfaces haven't been updated for a long time, with the exception of router firmwares. Some, like DNSCrypt-Winclient, don't ship their own copy of dnscrypt-proxy, which make it easier to update the proxy independently.
The OpenDNS user interface (both the one for Windows and the one for OSX) ship with their own copy. The OSX user interface ships with whatever was the current dnscrypt-proxy version when the user interface was built.
Version 0.0.5 of the OpenDNS user interface for Windows shipped with whatever was the current dnscrypt-proxy version at that time. And it was a long time ago, when dnscrypt-proxy was still in beta.
Version 0.0.6 of the user interface forgot to update dnscrypt-proxy itself, so it's still installing the same version as 0.0.5. This code was really only for beta testers. The interface changed to a stable one, the code has been rewritten from scratch since, and dnscrypt-proxy went out of beta 1 year ago.dnscrypt-proxy and dnscrypt-wrapper are still constantly being updated, both for performance and security. dnscrypt.org is the place to download the current version of the client proxy.
Github is where its source code is hosted, if you want to review it.
The protocol is going to change really soon for an overdue update in order to support perfect forward secrecy and the certificate verification system is going to change in order to automatically perform key updates. If you're still running a test version from 2 years ago, you won’t be able to take advantage of this.If you know how to change the DNS settings yourself, I'd recommend not using a user interface. All of them are still considered experimental and have known issues.
On Windows, start the proxy as a native Windows service as instructed by Rotblitz.
This is the most reliable and secure way to run it, and the easiest way to stay up to date. -
rotblitz: but didn't you say this before
"maybe its defaulting to the VPN's, while i'm on VPN and to Open DNS when i'm not ?"
Yes, this may well be. As I said, in all other VPN cases the remotely configured DNS service (at the VPN server end) is being used
so the google DNS could be coming from the VPNs side, I don't see anywhere I could change the VPN IF DNS settings myself in win 7 on the ethernet card v4 properties setting...
jedisct1: if i were to install the proxy, who would that keep me up to date, wouldn't i have to go and redownload it and install which each update ?
originally i was just using the dnscrypt 'beta' on my laptop, once in a while at sbux, when i go there, otherwise, my understanding is for home use, it is not important, but maybe i will start using it at home if it might be ?
-
i Was able to install the proxy and it started, but when I run the dns lookup i get this :
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\windows\system32>nslookup sears.com
Server: resolver1.opendns.com
Address: 208.67.222.222Non-authoritative answer:
Name: sears.com.joeISP.rr.com
Address: 67.215.65.132
C:\windows\system32>is that right ? the Name looks like is attached my providers domain to it ..
Post is closed for comments.
Comments
51 comments