I checked out DNSCrypt today, a new tool to help secure DNS resolution by encrypting the lookups from your machine to the DNS server.
The tool was developed by OpenDNS and is currently a preview release.
I just wanted to see the DNS traffic, so I performed a few lookups while capturing the packets…
Here is an example of a non-encrypted query:
And an encrypted query:
If you enable the lookups to traverse port 443, there will be tons of packets and I didn’t look at them.
One note worth mentioning — The client app creates a bunch of connections back to OpenDNS whenever you modify the settings.
This is some great technology and it is open-sourced. I’m assuming the networks who want total control of their users will just block the OpenDNS IP blocks to prevent users from encrypting their lookups.
You can fetch the source on GitHub — The entire Mac OS app is there!