Earlier this month, about one million Google users were hit by a phishing scam. These Google users granted permission to a seemingly real service called “Google Docs” to access their email account data. Moreover, granting permission to the nefariously named “Google Docs” (which had nothing to do with Google), users allowed hackers access to their personal information.
No doubt, phishing is best avoided by being skeptical of any random query for credentials. However, there are still ways hackers can leak your information for unwanted and invasive use.
Want to prevent this from happening to you? Taking advantage of a protocol like DNSCrypt will help. In any case, DNSCrypt authenticates and validates communication between a DNS client and a DNS resolver. Basically, using DNSCrypt helps to prevent DNS spoofing. But what are those? And what is DNS, even? Good questions.
What is DNS?
DNS stands for Domain Name System. The Domain Name System is a hierarchical decentralized naming system for devices and resources connected to the Internet. Furthermore, each device which connects to the Internet is given a specific Internet Protocol address. IP addresses display as a series of numbers. The Domain Name System serves as a phonebook, translating hostnames into IP addresses. For example, users trying to access Google type “www.google.com” into their web browsers, instead of the IP address 2001:4860:4860::8888. For more information on IP addresses, check out What is an IP Address.
What is a DNS Client?
From here on, we can move to DNS Clients. A DNS Client service resolves and caches hostnames. When a DNS Client service receives a request to resolve a hostname which is not in its cache, it queries an assigned DNS server for an IP address for the hostname. Here is where the DNS Resolver comes in. Then, once the DNS Client service receives the requested address from the DNS server, the DNS Resolver stores the name and address in the cache. Ultimately, this allows the DNS Client to resolve future requests without having to query the DNS server.
Furthermore, this process increases the efficiency of using a Domain Name System. Resolving and caching hostnames minimizes management time and allows for all of the clients on a network to have the same access.
How Does DNS Work in Routers?
Within the firmware of most routers, there is an area marked DNS.
Furthermore, in the DNS area, users have the option to select specific DNS servers. Devices connected to the router can go through the VPN if they are setup for DHCP. For this reason, if a device is set up for DHCP it looks to the router for DNS server information. Currently, most devices are set up for DHCP.
What is DNSCrypt?
Now that we know the in’s and out’s of DNS, we can move to DNSCrypt. In layman’s terms, DNSCrypt is a protocol which improves DNS Security.
To put it in more technical terms, DNSCrypt turns regular DNS traffic into encrypted DNS traffic. Ultimately, this works by using cryptographic signatures to verify responses are coming from the chosen DNS Resolver.
In turn, DNSCrypt helps to prevent DNS Spoofing. DNS Spoofing is also known as DNS Cache Poisoning. Furthermore, DNS Spoofing is a form of computer hacking where corrupt DNS data is introduced into the DNS resolver’s cache. Therefore, this causes the name server to return an incorrect IP address. Finally, DNS Spoofing allows for traffic to be diverted to an attacker’s computer.
TOP REASONS TO USE DNSCRYPT ON A ROUTER
- Guarding your network from phishing attempts
- Configure a single setup to protect all your connections.
- Preventing DNS Leaks and Cache Poisoning
- Stopping man-in-the-middle attacks
How Can I Use DNSCrypt?
If you would like to use DNSCrypt, most OpenNIC protocols utilize it. You can also download it directly from OpenDNS. However, if you would like to use DNSCrypt on the router level to secure your entire network with one setup, simply use a DD-WRT or Tomato router.
DNSCrypt is not an option in your stock Asus, Netgear or Linksys firmware. DD-WRT and Tomato are open source router firmware and being of increased importance, DNSCrypt is now available n the DNS setting options of these firmwares.
To set up DNSCrypt on a Tomato or DD-WRT router, simply enable it in the DNS settings.
Setup DNSCrypt in TomatoUSB Firmware
Setup DNSCrypt in DD-WRT Routers Firmware
Important note: Using these settings combined with a VPN service may cause interference. For this reason, investigate any other important setups you use before activating DNSCrypt.
Best Routers For DNSCrypt
In any case, DD-WRT and Tomato routers are able to work with DNSCrypt out of the box. However, if you want a powerful performance from a router, you are going to need a powerful processor.
Top DD-WRT DNSCrypt Router
- 1.7 GHz Dual Core Processor
- MU-MIMO Support
- QuadStream X4 Wireless Architecture
- Wireless-AC2600 Gigabit WiFi
Top Tomato DNSCrypt Router
- Top Tomato Router
- 6 External Antennas
- 1 GHz Broadcom Processor
First and foremost, there is not a dramatic performance difference for most users between DD-WRT and Tomato. Still, some users prefer Tomato, as it has a more user-friendly interface. However, if one is interested in putting together a repeater setup, DD-WRT is recommended. Consequently, when bandwidth monitoring is a priority, Tomato offers a superior performance to DD-WRT.