It uses public key cryptography to digitally “sign” DNS records for Websites to prevent tampering and cache poisoning. DNSSEC provides a way to verify that the server listed in the DNS record is actually the one the domain owner specified. “Even if everyone in the world used DNSSEC, the need to encrypt all DNS traffic would not go away,” the company wrote on the FAQ page for DNSCrypt. The company suggested that DNSCrypt is similar to Secure Sockets Layer in that it encrypts DNS traffic in the same way SSL wraps HTTP traffic. DNSCrypt would wrap DNS traffic and DNSSEC would sign and validate a subset of that traffic, according to the FAQ.Ĭurrently available only for Mac OS X, OpenDNS also released DNSCrypt’s source code.
0 kommentar(er)
