That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak — particularly in the “last mile.” The “last mile” is the portion of your Internet connection between your computer and your ISP. DNSCrypt is our way of securing the “last mile” of DNS traffic and resolving (no pun intended) an entire class of serious security concerns with the DNS protocol.
There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we’ve always wanted to fix. Today we can.
Why DNSCrypt is so significant
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub.
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.