Regular DNS is not encrypted. Although DNSSEC provides response authentication it does not provide encryption. DNSCrypt provides encryption for DNS similarly to how SSL/TLS does it for HTTP.

If your ISP is filtering Internet access based on domain names (e.g. as in this polish draft bill which introduces illegal pages register in article 15f) using DNSCrypt might be a way to make it impossible for them to snoop or tamper with internet addresses you are resolving.

DNSCrypt Poland provides free, non-logged and uncensored DNS encryption to anyone willing to use it. It is located in a Beyond Data Center in E24Cloud in Poznań.

Why?

When you visit any website, even if it’s an encrypted connection, your computer has to ask for an IP address corresponding to the web address. That query for the IP address is not encrypted and it allows any eavesdropping party to know what you’re visiting. That’s really powerful, because if someone knows you’re visiting a suicide hotline, they don’t really need to see the contents to infer what’s going on with you.

When you’re using DNSCrypt, all these name queries are impossible to see, therefore ensuring the privacy by preventing eavesdropping.

DNSCrypt was concieved by OpenDNS and while they run a very good service, you should have the ability to choose alternative providers. One advantage over OpenDNS is that if a domain doesn’t exist, we’ll tell you so by returning NXDOMAIN; OpenDNS returns valid A records which redirect browsers to their landing page. A feature, yes, but not exactly protocol compliant and “may break things”TM.

How?

To use DNSCrypt you need to install a program that works as a local proxy service. This service connects securely to the DNSCrypt enabled DNS server of your choice and then provides a local port on your computer, the OS can use to make DNS requests on.

There are many DNSCrypt servers around the world. DNSCrypt Poland is in network geography best for Polish users.

Debian, Ubuntu, Fedora, CentOS, Arch

If you are using any of the above you can use Simon Clausen’s “dnscrypt-autoinstall“. It will automatically install dependencies, DNSCrypt, setup your system to use the proxy and make it easy for you to choose which DNSCrypt service to use.

OpenWRT

black-roland maintains packages for OpenWRT and they have setup instructions. Please note the config changes required in dnsmasq.

Also note: To make use DNSCrypt Poland you have to uncomment the 2 lines in /etc/config/dnscrypt-proxy and set resolver to ‘soltysiak’ (use this name for now as this is just a legacy name that I had before renaming to DNSCrypt Poland):
# option resolver        'soltysiak'
# option resolvers_list  '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'

Windows

Use Simon Clausen’s very nice DNSCrypt Windows Service Manager to setup DNSCrypt with ease. My mom uses this.

More info

Please see the documentation at dnscrypt.org for more installation and usage instructions.

Security

This page is served via HTTPS to increase the difficulty of a malicious corruption of service details on delivery.

The validity of the details above can be double checked using DNSSEC: look up resolverX.dnscrypt.pl (A) to get the IP, pubkey.resolverX.dnscrypt.pl (TXT) to get the public key and 2.dnscrypt-cert.resolverX.dnscrypt.pl (TXT) for the provider cert. (Replace “X” with the number of the resolver in question)

When everything is set up you should go to dnsleaktest.com or a similar site to make sure that your DNS lookups are going through dnscrypt.pl.

About

DNSCrypt Poland is operated by me, Maciej Soltysiak. I am a RHEL-certified Poznan-based IT Professional working in a highly controlled, corporate environment. I have a great interest in privacy, security and modern cryptography solutions; that is why I am providing this service.

Resolver #1 is hosted in Poznan with E24Cloud. (disclaimer: this is an affiliate link, if I ever get any money out of this, I put it straight to funding the hosting)

I do not log any information that identifies the individual user. I do log some information in unbound for statistical purposes, but this info does not contain IP addresses of individual users and it is not possible to link queries to users.

Being completely free, this service is provided without any warranty and I renounce liability for any claim, damages or other liability arising from the use of this service.

Keep an eye out on this blog and the official twitter account @dnscryptpl and my own @maciejsoltysiak for more info. Have a look below on how to receive important updates and service status announcements.

Service Announcements

Please follow/see @dnscryptpl on Twitter for service announcements and other things relevant to the service.

Contact

Mail: support@dnscrypt.pl
Twitter: @dnscryptpl@maciejsoltysiak

Support

Please visit the support page to see how you can help maintain this service or simply say thanks.

My name is Maciej Sołtysiak, but people call me .
Here is my homepage: .
My Website WLKP and work as an Mr at .

4 Responses to “About”

  1. Quentin

    Thanks for contributing to the DNS privacy space! The more providers the better! Together as a community we can use people power to take back anonymity, privacy and security as much as we humanly can :).

  2. Maciej Soltysiak

    You are very welcome! I love the growth in DNSCrypt space. When I started this in Nov 2013 it was supposed to be only for me because there were no servers in Europe at the time. And now? Now there are a couple dozens in the world, many in Europe and we’re churning millions of queries privately and securely!

  3. Gabriel Serlenga

    I just wanted to thank you also for this invaluable resource!!.
    Your service is more comprehensive and complete then what is offered by opendns, dnscrypt.eu, and others. It has become second nature to me to setup ‘soltysiak dnscrypt-proxy’ as a forwarder for ‘dnsmasq’ configured as a local DNS query cache, on all the machines I administer. I hope you will be able to afford and maintain this important and necessary service, as we try to eliminate the ‘Achilles Heel’ of DNS, i.e. unencrypted queries that are not DNSSEC validated.

  4. Maciej Soltysiak

    That’s fantastic news and I appreciate you left this comment! It’s become a habit of mine too!
    In terms of financing the service, I do get partial support every 2 or 3 months, but I cover all the rest. So far, I’m comfortable, but ever since we broke the 50GB/month barrier the cost goes up a bit and is traffic-variable. Anyway, thanks again and all the best!
    Maciej

Leave a Reply