Skip to content
DNSCrypt Protocol

DNSCrypt Protocol

DNSCrypt Protocol is an open standard that encrypts DNS traffic between a DNS client and DNS resolver to help prevent eavesdropping and manipulation of DNS data. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver.
Security & Privacy Encryption
dns encryption privacy
DNSCrypt Protocol screenshot
Features Reviews Alternatives

DNSCrypt Protocol

An open standard for encrypting DNS traffic between a DNS client and DNS resolver, preventing eavesdropping and manipulation of DNS data.

What is DNSCrypt Protocol?

The DNSCrypt Protocol is an open standard that provides encryption of DNS traffic between a DNS client and a DNS resolver. It was created to improve user privacy and security by preventing eavesdropping and manipulation of DNS data. Here's how DNSCrypt works:

- It utilizes cryptography (public-key and symmetric cryptography) to authenticate communications between the DNS client and DNS resolver. This ensures that the client is talking to the authentic chosen resolver.

- The communications channel between client and resolver is encrypted using the high-speed ChaCha20 and Poly1305 cryptographic algorithms. This prevents third-parties from accessing or tampering with DNS queries and responses as they travel across the network.

- DNSCrypt protocols add only 2 bytes of overhead per packet. This makes it very lightweight on network resources.

- It can detect and block various DNS spoofing and manipulation attacks including DNS cache poisoning, DNS spoofing, etc.

- Many DNS resolvers like Cleanbrowsing, Cisco OpenDNS, etc. offer support for the DNSCrypt protocol, allowing users to easily turn encryption on through their client software.

- The protocol uses a mechanism called 'DNS stamping' for authentication. The resolver signs each response with their unique key so the client can match it against the chosen resolver.

- Supports multiple encryption algorithms including XSalsa20-Poly1305, XChacha20-Poly1305, etc. to allow flexible tradeoff between speed and security.

Overall, DNSCrypt offers an easy way to encrypt DNS traffic and prevent unnecessary snooping and manipulation of DNS data on the network.

DNSCrypt Protocol Features

Features

  1. Encrypts DNS queries to prevent eavesdropping and manipulation
  2. Uses cryptographic signatures to verify responses originate from chosen resolver
  3. Open protocol that can be implemented in DNS clients and resolvers
  4. Supports DNS-over-HTTPS and DNS-over-TLS protocols
  5. Can use elliptical curve cryptography for encryption
  6. Designed to be easy to implement and require little computational overhead

Pricing

  • Open Source

Pros

Improves privacy and security of DNS traffic

Prevents DNS spoofing attacks

Lightweight and fast compared to VPNs

Compatible with common DNS protocols like DNS-over-HTTPS

Open source protocol with multiple implementations available

Cons

Requires support in DNS client and resolver to work

Cannot prevent tracking of DNS queries if resolver is untrusted

Extra latency compared to unencrypted DNS

Requires more configuration than basic DNS setup

Only encrypts DNS traffic, not other unencrypted protocols

Official Links

Official Website
https://dnscrypt.info

Reviews & Ratings

Login to Review
No reviews yet

Be the first to share your experience with DNSCrypt Protocol!

Login to Review

The Best DNSCrypt Protocol Alternatives

View all DNSCrypt Protocol alternatives with detailed comparison →

Top Security & Privacy and Encryption and other similar apps like DNSCrypt Protocol

Here are some alternatives to DNSCrypt Protocol:

NixNet DNS icon
NixNet DNS
CleanBrowsing icon
CleanBrowsing
Simple DNSCrypt icon
Simple DNSCrypt
Comodo Secure DNS icon
Comodo Secure DNS
OpenNIC icon
OpenNIC
DNScapy icon
DNScapy
Suggest an alternative ❐

NixNet DNS icon

NixNet DNS

NixNet DNS is an open source recursive DNS server with a focus on security, privacy, and performance. Some key features include:Support for encrypted DNS protocols like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) to prevent eavesdropping and manipulation of DNS data.Built-in anonymization capabilities like DNS proxying and spoofing to hide client IP...
NixNet DNS image
CleanBrowsing icon

CleanBrowsing

CleanBrowsing is a DNS-based web filtering service that allows blocking unwanted content. It works by rerouting DNS lookups through CleanBrowsing's servers, which contain block lists of websites in categories like ads, trackers, malware, phishing, pornography, proxy & VPNs, etc.CleanBrowsing provides different filtering profiles depending on the intended usage - homes,...
CleanBrowsing image
Simple DNSCrypt icon

Simple DNSCrypt

Simple DNSCrypt is an open-source encryption tool used to improve DNS security and privacy. It works by encrypting communications between a device and a DNS resolver, helping prevent eavesdropping and manipulation of DNS data. Simple DNSCrypt supports DNS-over-HTTPS and DNS-over-TLS protocols to encrypt DNS queries.Some key features of Simple DNSCrypt...
Simple DNSCrypt image
Comodo Secure DNS icon

Comodo Secure DNS

Comodo Secure DNS is a free Domain Name System (DNS) service offered by Comodo. It provides the core functionality of a DNS service - converting website names into IP addresses to connect your devices to internet services. However, Comodo Secure DNS routes your DNS queries through Comodo's proprietary Secure DNS...
Comodo Secure DNS image
OpenNIC icon

OpenNIC

OpenNIC is a non-profit organization that maintains an alternative Domain Name System (DNS) root server network outside the control of ICANN. The OpenNIC DNS allows internet users to voluntarily select an alternative set of root servers for DNS resolution and registration services.Some key benefits and features of the OpenNIC DNS...
OpenNIC image
DNScapy icon

DNScapy

DNScapy is a feature-rich DNS packet manipulation program and Python library for crafting, sending, sniffing, and analyzing DNS traffic. It builds on top of the Scapy packet manipulation framework to provide specialized support for creating, modifying, and dissecting DNS packets and protocols.Some key features and capabilities of DNScapy include:Generating and...
DNScapy image
SafeDNS icon

SafeDNS

SafeDNS is a DNS filtering and security service designed for home networks and families. It works by rerouting DNS requests through SafeDNS's servers, which contain a regularly updated database of websites categorized as inappropriate or dangerous.When enabled, SafeDNS will block access to sites containing content such as pornography, violence, gambling,...
SafeDNS image
Freenom World icon

Freenom World

Freenom World is a free domain registration service offered by Freenom Inc. It allows users to register domain names for free under several popular TLDs including .tk, .ml, .ga, .cf and .gq. Some key features of Freenom World:Users can search for and register available domain names instantly for freeNo fees...
Freenom World image
WebTitan DNS Web Filter icon

WebTitan DNS Web Filter

WebTitan DNS Web Filter is a powerful cloud-based DNS filtering solution designed to protect organizations against web-based threats and enable granular control over employee internet usage. It works by filtering domain name system (DNS) requests through a global cloud infrastructure, blocking access to malicious websites and restricting access to unwanted...
WebTitan DNS Web Filter image
DNS Redirector icon

DNS Redirector

DNS Redirector is a free and open-source software application that enables users to redirect DNS queries and responses. It works as a DNS proxy server running on the local machine that intercepts DNS requests and allows the user to provide custom IP address responses instead of the actual ones.Some key...
DNS Redirector image
OpenDNS DNSCrypt Proxy icon

OpenDNS DNSCrypt Proxy

OpenDNS DNSCrypt Proxy is a free, open source application that acts as a secure intermediary between a user's devices and OpenDNS's DNS resolvers. It works by encrypting DNS queries sent from a user's devices before forwarding them to OpenDNS resolvers that support the DNSCrypt protocol.Some key features of OpenDNS DNSCrypt...
OpenDNS DNSCrypt Proxy image
Blue Reef icon

Blue Reef

Blue Reef is an open-source, self-hosted web application that provides similar functionality to Trello for agile and kanban-style project management. Developed using React and Node.js, Blue Reef allows individuals and teams to create digital kanban boards for task and project tracking.Some key features of Blue Reef include:Creating unlimited boards, lists,...
Blue Reef image
DNSReactor icon

DNSReactor

DNSReactor is a comprehensive DNS management system aimed primarily at hosting providers, network administrators, and IT professionals. It provides extensive control and automation capabilities for managing DNS servers and zones across virtual, dedicated, and cloud infrastructure.Key features of DNSReactor include:Centralized dashboard for managing all DNS servers and zonesDomain registration and...
DNSReactor image
DNSCrypt Windows Service Manager icon

DNSCrypt Windows Service Manager

DNSCrypt Windows Service Manager is an easy-to-use graphical user interface for managing the open source DNSCrypt proxy service on Windows operating systems. It removes the need to manually install, configure and control the service from the Windows command prompt.Key features include:Installing the latest version of DNSCrypt with a single clickIntuitive...
DNSCrypt Windows Service Manager image
DNSCrypt Proxy Client icon

DNSCrypt Proxy Client

DNSCrypt Proxy Client is an open source client software application developed for Windows, MacOS, Linux, Android, and iOS that encrypts Domain Name System (DNS) traffic between a user's device and a DNS resolver. It helps prevent DNS spoofing, surveillance, and censorship by routing DNS queries through the DNSCrypt protocol to...
DNSCrypt Proxy Client image
SmartViper Public DNS icon

SmartViper Public DNS

SmartViper Public DNS is a free, recursive Domain Name System (DNS) resolver service offered by Viper Services. It serves as an alternative to using your Internet Service Provider's default DNS servers or other public DNS services like Google Public DNS or OpenDNS.Some key features of SmartViper Public DNS include:Ad blocking...
SmartViper Public DNS image

Related Software

Tunnelblick Tunnelblick
Bitwarden Bitwarden
1Password 1Password
Sandboxie Plus Sandboxie Plus
Auth0 Auth0
Tor Browser Tor Browser
OpenSSH OpenSSH
Hacker's Keyboard Hacker's Keyboard