I've been using OpenDNS for about a year now, rather than the DNS servers provided by my ISP. It has a number of advantages, including cutting out some of the silly bugger games ISPs play. Among other things, I hate getting a page of advertisements whenever I mistype a URL. I use OpenDNS's “Home” subscription as I don't mind paying $10 a year to support them and get some extra configuration flexibility.

OpenDNS have released an early, Mac OS X only, version of a rather nice product, DNSCrypt. It's a freebie operating system-level application. What it does is to encrypt the DNS traffic between a user's computer and the OpenDNS DNS servers — what OpenDNS is referring to as the “last mile” by analogy with telephony.

Why is this such a nice thing? You can read about this on the OpenDNS web site, but basically it provides a barricade against lots of sophisticated hacking.

I downloaded DNSCrypt. It uses OS X’s package installer to install a preference pane which allows one to enable/disable DNSCrypt and change some settings. An important one is whether or not to “fall back” on regular DNS communications if there is a failure. Doing so means in the case of a failure you do not lose name resolution (e.g. "www.goold.net" resolving to an IP address), but you obviously lose the additional security provided by DNSCrypt. I'm not running in fall-back mode, so we will see what happens!

While the product is in the early stages, OpenDNS have elected to have DNSCrypt disabled on boot-up, meaning if you re-boot your Mac, you will need to go into system preferences and enable it. They have indicated there will be persistence across re-boots in a later release.

So far, I notice no change, which is a very good thing — having a process that occurs quietly behind the scenes to protect my computing environment is exactly what I want.