Advantages of encrypting DNS requests?

[Sunbed]

I’ve been using OpenDNS for a while now after I discovered it was my fastest DNS server. I get the regular OpenDNS newsletter and in the latest one they announced the release of DNSCrypt for Windows:

OpenDNS-Invented DNSCrypt, the game-changing technology that fundamentally fills a gaping hole in Internet security, is now available to Windows users. This release is monumental: The availability of DNSCrypt to Windows users means that millions of people around the world now have access to a revolutionary level of security and privacy. But be warned: this is a technology preview so there may still be bugs.

Before DNSCrypt was available, people using the public Wi-Fi in coffee shops, airports, hotel lobbies and other places were highly vulnerable because of a critical flaw in the DNS. Cyber criminals and even ISPs could see what you were doing online and spy, spoof or conduct man-in-the-middle attacks. DNSCrypt changes everything. Put simply, DNSCrypt hides the communication between your computer or tablet and our servers while you’re browsing the Web, giving you heightened privacy and security.

Now, my knowledge of the how the internet works isn’t that great so could someone please explain what the advantages and disadvantages of this would be? Am I right in thinking that the ISP would still see the IP you are connecting to? If so, what is the point?

I’m not particularly paranoid or anything, just want to know how it works.

Cheers.

 

[ots3go]

Your layer 3 protocol can't really be encrypted else routers wouldn't be able to route the traffic.

So aye, all IP information will still be freely available.

I guess it's to prevent a MITM attack between yourself and the DNS server. (They'd be able to see every DNS request you make thus knowing where you've been visiting or send you dodgy DNS replies.)

 

[oldbag]

AFAIK it means that everything you exchange between your machine and a website can be discovered by said website, but not by your ISP without decryption. So therefore your ISP won't be able to see what domain names you've resolved, if they go that far in the logging.

Or what ots said above!

 

[J.B]

Im currently 5k words into a 20k MSc dissertation on DNS security. Haven't written the part of DNSCrypt yet. It encrypts the DNS queries but nothing else so doesnt really hide what you are doing online, also just protects the connection between you and OpenDNS and no further resolution. As far as I can tell it doesn't really offer much advantage and is a bit of gimmick in most scenarios where your local network is reasonably trust worthy. They do make a valid point that if you were in a coffee shop or other public hotspot then hijacking DNS requests is one way or routing your traffic