Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorpeterbuyze
    • CommentTimeMay 12th 2012
     permalink
    If you have DNSCrypt installed, is it necessary/recommendable to also install vpn software if you are using public hotspots?
    • CommentAuthorrotblitz
    • CommentTimeMay 12th 2012
     permalink
    The one is nothing to do with the other. Even more, if you're using a VPN, you don't use your local DNS settings, i.e. OpenDNS with or without DNSCrypt, but you're using the DNS service as configured at the remote end of the VPN.
    • CommentAuthorpeterbuyze
    • CommentTimeMay 12th 2012
     permalink
    So when using a public hotspot, which is the best way to ensure security?
    • CommentAuthorpeterbuyze
    • CommentTimeMay 12th 2012
     permalink
    DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. A VPN creates a secure, encrypted connection to all websites and services. So they both seem to offer the same type of security. DNSCrypt is a small piece of software, VPNs are much bigger. So can I rely on total security at a public hotspot with just DNSCrypt installed?
    • CommentAuthorrotblitz
    • CommentTimeMay 12th 2012
     permalink
    Not sure what your security requirements are. You may not be able to use a 3rd party DNS service or a VPN at a public hotspot at all if the admins of this don't want you using it. If you're afraid that a hacker could intrude into your device, you must ensure no ports are open. This is nothing to do with encryption or such.

    DNSCrypt encrypts your DNS traffic only, a VPN encrypts your whole traffic. So if you're afraid you get spyed at a hotspot, DNSCrypt alone cannot do much for you. Your web traffic will still be visible.
    • CommentAuthorloungehake
    • CommentTimeMay 13th 2012 edited
     permalink
    I tried DNSCrypt (DNSCryptWin-v0.0.4) on Windows XP Pro SP3. The result was considerable disappointment. I think that the download link should be clearly marked 'Alpha' as the behaviour of DNSCrypt was not up to what is expected of a Beta release which is normally understood to be a fairly advanced development, close to being suitable for final release.

    I'm sorry to carp at the work of volunteers who have vastly greater software skills than me. DNSCrypt prevented address resolution unless the fallback option was checked. It also would not uninstall so as to leave an intact working system. It was necessary to use System Restore to recover a working system. DNSCrypt used so much CPU time that the system was intolerably slow with much svchost.exe network traffic. Even when DNSCrypt was disabled, the blizzard of activity continued. I use Agnitum Outpost Firewall Pro 7.5.2 and this appeared to be hobbled by DNSCrypt to the extent that Outpost queried known good software which had previously been installed and given permission to perform various system affecting activities. This last issue seems to show how deeply DNSCrypt gets inside a system.

    I look forward to subsequent versions of DNSCrypt. I have learned that it is not to be installed on working systems, at least for the time being, as it appears to have the capacity to break systems in its present version.
    • CommentAuthorrotblitz
    • CommentTimeMay 13th 2012 edited
     permalink
    I run DNSCrypt also on a Windows XP SP3 - without any of those problems.
    It consumes a pretty much amount of RAM, some 60 MB alltogether, most by OpenDNSInterface.exe. The latter also consumes some 10% CPU time and much I/O traffic instantly for no obvious reason. Beside this, no problems.

    Btw, did you provide feedback to OpenDNS via the related form in the client?
  1.  permalink
    And yes, of course, don't beta test software if you want a finished, stable product. The Windows version in this case isn't as far along as the Unix-like versions.
    • CommentAuthorloungehake
    • CommentTimeMay 14th 2012
     permalink
    The download link should be accompanied by a prominent warning that DNSCrypt is NOT a finished product. I use removable disks so I can easily create a test copy of my regular system to safely trial software. I was caught out this time but System Restore came up trumps.

    I believe that my problems might be due to using Agnitum Outpost Firewall Pro (current 7.5.2 version). I will try DNSCrypt again with Outpost uninstalled first.
  2.  permalink
    Where did you find DNSCrypt? You didn't read what was written about it before installing and using it? See here: https://www.opendns.com/technology/dnscrypt/

    Also, the version number is a good indicator of product state for any bit of software remotely following convention.
    • CommentAuthorloungehake
    • CommentTimeMay 15th 2012
     permalink
    Well yes I did read it actually.

    However, I would like to say that on uninstalling DNSCrypt, the DNS server IP addresses in Control Panel network settings might need to be set again. That said, DNSCrypt does otherwise uninstall neatly and properly with no mess left behind.

    Pity DNSCrypt is such a resource hog and doesn't work, at least on my system. It's early days and I look forward to a sparkling zippy final release DNSCrypt.

This discussion has been inactive for longer than 30 days, and is thus closed.