Protecting your web traffic can be very easy: use https where you can, maybe install https everywhere to enforce that, use a VPN for an extra layer of security.
Meanwhile DNS gets so little attention that many people don’t even realise there’s an issue, even though DNS eavesdropping and spoofing are very real security concerns.
DNSCrypt is an open-source technology from the OpenDNS team which encrypts your DNS traffic, making it much more difficult for others to snoop on your activities or hijack your browsing with man-in-the-middle attacks.
The standard package is a command line tool which takes some thought and expertise to use, but Simple DNSCrypt is an open-source front end which keeps any configuration hassles to a minimum.
The program surprised us immediately, partly because the captions first appeared in German (choose English or an alternative language top-right), but second for its smart Modern UI interface, a definite improvement on the cluttered Windows 98-style dialogs you get in many low-level network tools.
It’s easy to use, too. A panel at the top of the dialog displays your network adapters, and all you have to do is click any where you’d like to use Simple DNSCrypt, look for the tick to appear, then click “Primary DNSCrypt Service” to enable it.
When we tried this, it worked immediately, no need to reboot, close and restart any applications.
We also noticed that NirSoft’s DNSQuerySniffer was able to intercept traffic with Simple DNSCrypt turned off, but found nothing at all once it was enabled.
It’s important to keep in mind that enabling DNSCrypt will change your DNS server (there’s no alternative, because you need a server that supports encrypted traffic). If you’ve already changed your DNS to improve performance, filter malicious sites or some other reason, that could be a problem.
Fortunately, Simple DNSCrypt does give you a choice of around 70 DNS servers located around the world, one or two with extra security features of their own (OpenDNS with FamilyShield). If browsing seems slower after enabling the service, try selecting a different resolver.
But if the system does work for you there are some interesting extras to explore, including an option to use your computer as a resolver for other local devices (smartphones, network PCs, more).
Simple DNSCrypt is an open-source application for Windows 7 and later.