Simple DNSCrypt



  • Simple DNSCrypt is a graphical front end for DNSCrypt (devised by OpenDNS), which helps protect from DNS Spoofing and other man in the middle attacks by encrypting DNS trafic between your computer and supported DNS servers.
    It is open source and can be downloaded from here.

    Further down the linked download page is an easy pictorial guide to setting up.

    The program is light on resources (consuming 5.3MB of memory on my Windows 8.1 machine).

    Once the program is installed and running it's worth flushing your DNS cache.

    To flush your DNS cache right click the command prompt and choose "run as administrator", type:

    ipconfig /flushdns
    

    and press the "Enter" key on your keyboard.

    You can test if the service is running as intended by visiting dnsleaktest.


  • Vivaldi Translator

    Big fan here. I have been using DNSCrypt for a long time (still have the older version on my XP box), and my only complain about the current builds of Simple DNSCrypt, is that after a reboot the service is always disabled so you have to start it again.
    Not sure if this is something Microsoft have done, but it is a pain.
    Due to this, it is worth adding a second resolver in the network interface IP4 settings so it can fallback to something useful like 1.1.1.1 or 9.9.9.9

    BTW. Simple DNSCrypt allocates more RAM than that. You are looking at the "Working set" not the "Private Bytes"
    0_1550099499711_SDNSCrypt.jpg
    (Sysinternals Process Explorer shows more useful info than Taskmanager)

    I did a post a while ago on DNSCrypt generally. I thought I did one specifically about Simple DNSCrypt but it seems not
    https://forum.vivaldi.net/topic/26459/secure-your-dns-lookups-with-dnscrypt

    If you want to test for DNS Spoofability you will have to wait a bit longer than normal using the GRC test. It keeps retrying until it finally sees no more new resolvers.
    1 DNS often has several IPs behind it, and Simple DNSCrypt by default will use a bank of over 30. This leads to interesting results once it finishes testing.
    https://www.grc.com/dns/dns.htm



  • @Dr-Flay said in Simple DNSCrypt:

    Big fan here. I have been using DNSCrypt for a long time (still have the older version on my XP box), and my only complain about the current builds of Simple DNSCrypt, is that after a reboot the service is always disabled so you have to start it again.

    With Simple DNSCrypt, if you face any issues upon restart, uninstall and then reinstall the program as administrator usually solves them.

    Due to this, it is worth adding a second resolver in the network interface IP4 settings so it can fallback to something useful like 1.1.1.1 or 9.9.9.9

    In SimpleDNS Crypt under Advanced Settings you can specify a fallback Resolver to your liking (I use 1.1.1.1:53).

    Regards
    Raed


  • Vivaldi Translator

    I have re-installed a couple of times already, though first time was due to finally getting an x64 version, then more recently when they had to redo from scratch.

    It is just the DNSCrypt service (available on its own) being disabled not Simple DNSCrypt.
    Manually setting it to delayed start can solve it.
    MS have locked down changing or disabling the windows DNS service, so I suspect they are to blame since those changes.
    It may also be due to me tightening the windows security settings from defaults.

    I am aware the GUI has a fallback option, but unfortunately it requires that the GUI is loaded, so does not work on the login screen, and if the service is not yet running it will also fail.
    Having 127.0.0.1 and 1.1.1.1 as your network device resolvers means that in the event DNSCrypt or Simple DNSCrypt are not functioning, the OS has its own fallback.
    A fallback for the fallback if you like 😁



  • DNSCrypt has been updated to version 2.0.21.

    To manually update Simple DnsCrypt installation, do the following:

    • Go to dnscrypt download page and grab the version for your operating system (for example download dnscrypt-proxy-win64-2.0.21.zip file if you are running a Windows 64 bit system, etc).

    • Extract dnscypt-proxy.exe file from the downloaded folder.

    • Stop Simple DnsCrypt service.

    • Open Simple DnsCrypt installation folder.

    • Open dnscrypt-proxy folder inside the DnsCrypt installation folder.

    • replace the existing dnscypt-proxy.exe inside the dnscrypt-proxy folder with newly downloaded and extracted file.

    • Restart Simple DnsCrypt service.

    Whenever DNSCrypt is updated, you can use the above method to manually update your Simple DnsCrypt installation.


  • Vivaldi Translator

    This is a very good tip as SimpleDNSCrypt often lags with the update.


  • Vivaldi Translator

    Version 2.0.22 was released yesterday.
    1 bugfix
    "The previous version had issues with the .org TLD when used in conjunction with dnsmasq."
    https://github.com/jedisct1/dnscrypt-proxy/releases



  • Simple DNSCrypt has been updated to version 0.6.4, the download links on its page have not been updated yet, but here are direct links to the latest version.

    x86: https://github.com/bitbeans/SimpleDnsCrypt/releases/download/0.6.4/SimpleDNSCrypt.msi
    x64: https://github.com/bitbeans/SimpleDnsCrypt/releases/download/0.6.4/SimpleDNSCrypt64.msi

    Change log for 0.6.4:
    Updated dnscrypt-proxy to 2.0.22
    Updated several languages
    Updated dependencies



  • DNSCrypt has been updated to version 2.0.23.
    Check a few posts above this one on how to manually update Simple DNSCrypt.



  • My computer usually never contacts Microsoft servers, I block all ips in the host, but at the moment I installed and ran Simple DnsCrypt, Microsoft servers started to talk a lot to my computer..



  • @varos
    DNS (DNSCrypt or any other ,method of Domain Name System, is simply what translates for you the URL you request into an IP address.
    The first port of call to find the IP of a URL you requested (or your operating system or installed programs have requested) is your HOSTS file, if there is no corresponding entry that matches your request, then the DNS service forwards the request to a predefined DNS server to resolve the requested URL into an IP, it does not make calls for itself.


  • Vivaldi Translator

    @varos Interesting.
    DNSCrypt should be using your HOSTS file.
    All the domains in it should fail if you ping them. If not, something is wrong.
    Try stopping the windows DNS service.

    If it continues you could try using the blocking feature of DNSCrypt. Make sure the tab is enabled in the SimpleDNSCrypt options, and add the domains there, or import a list.
    https://github.com/jedisct1/dnscrypt-proxy/wiki/Public-blacklists



  • DNSCrypt has been updated to version 2.0.26.

    To manually update your Simple DnsCrypt installation, do the following:

    • Go to dnscrypt download page and grab the version for your operating system (for example download dnscrypt-proxy-win64-2.0.26.zip file if you are running a Windows 64 bit system, etc).

    • Extract dnscypt-proxy.exe file from the downloaded folder.

    • Stop Simple DnsCrypt service.

    • Open Simple DnsCrypt installation folder.

    • Open dnscrypt-proxy folder inside the DnsCrypt installation folder.

    • Replace the existing dnscypt-proxy.exe inside the dnscrypt-proxy folder with newly downloaded and extracted file.

    • Restart Simple DnsCrypt service.


  • Vivaldi Translator

    DNSCrypt Proxy Version 2.0.27

    • The X25519 implementation was changed from using the Go standard implementation to using Cloudflare's CIRCL library. Unfortunately, CIRCL appears to be broken on big-endian systems. That change has been reverted.

    • All the dependencies have been updated.

    https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.27



  • DNSCrypt Proxy updated to version 2.0.29.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.