How to Encrypt Your DNS for More Secure Browsing

We’ve been touting the benefits of third-party DNS servers for a while now, but one additional benefit that might be of interest is the ability to encrypt all of your DNS requests, further protecting you from anybody spying on you in the middle.

DNSCrypt, from the great team at OpenDNS, is the simple solution that we’ll use to add encryption between your computer and the DNS server. It’s a lightweight solution that works on either Windows or Mac — sadly no mobile support so far.

What this tool is actually doing is creating an encrypted connection to any of the supported DNS servers, and then creating a local DNS proxy on your PC. So when you try to open howtogeek.com, your browser will send a regular DNS query to the 127.0.0.1 localhost address on port 53, and that request will then be forwarded through the encrypted connection to the DNS server.

Downloading for Windows

As with every program you use, you will need to start by downloading the installation package. Once you are on the page, simply click the “dnscrypt-proxy-win32-full-1.4.1.zip” link to download the files needed. If you see a newer version on the page, be sure to use that instead.

Now, let’s create a folder on the desktop called DNSCrypt. You can create this folder anywhere you want to, but the desktop is easiest for the purposes of this demonstration. Extract all the files by opening the zip file and dragging them into the DNSCrypt folder or by right-clicking and specifying the desktop folder as the extract destination.

Installing and Preparing your PC

Now you will need to open an elevated command prompt window by searching for “cmd”, right-clicking, and choosing “Run as Administrator”. Once you have your Elevated CMD window open, enter the following string. Remember that you will need to enter the path that corresponds with your “bin” folder.

cd “C:\Users\Owner\Desktop\DNSCrypt\bin”

This command will tell command prompt to look in the “bin” folder where the EXE and CSV files are located.

Install the Proxy Service

Next, you will need to install the proxy service from DNSCrypt. Use the string below. You will can change the “opendns” section with a name from the CSV file, or you can update your CSV file by adding any of the public DNS resolvers that currently support DNSCrypt.  You will also need to change the file path to correspond with the location of the csv file on your computer.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --test=0

If your CMD window looks like the image above, you are on the right path and the proxy service has been successfully tested. If this doesn’t work, simply change the DNS resolver till you get one that works. Once it is successful, you can continue to install the proxy service by pressing the “Up” button and changing the “–test=0” to “–install” as shown below.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="C:\Users\Owner\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv" --install

Once it is successfully installed, you will see the following:

[INFO] The dnscrypt-proxy service has been installed and started
[INFO] The registry key used for this service is SYSTEM\CurrentControlSet\Services\dnscrypt-proxy\Parameters
[INFO] Now, change your resolver settings to 127.0.0.1:53

Change your DNS Settings

Now you will need to change your DNS settings. Right-click on the network icon on the bottom right of your screen then click on “Open Network and Sharing Center.” It will be the 5 bars for a wireless connection or a small computer screen for wired connections. Once it is open, click on “Change adapter settings.”

Right-click on the network connection that you want to edit and then select the “Properties” option.

Select the TCP/IPv4 settings and then click on “Properties.”

Change the Preferred DNS server to “127.0.0.1” then click “OK”.

Now open the TCP/IPv6 settings and change the DNS settings to “127.0.0.1:53.”

Now, you have a completely secure and encrypted DNS connection set up. Have fun browsing the internet securely.  Now that you have an encrypted DNS connection, you can also use QSDNS from Nirsoft to quickly change between your most frequently used DNS Servers.