Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

How to Test DNSCrypt?

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
kingping1
Posts: 8
Joined: Wed Apr 11, 2018 7:27 am

How to Test DNSCrypt?

Post by kingping1 » Sat May 12, 2018 11:32 pm

My question is how do we test wheter the DNScrypt is actually on and working as, I heard that the purpose of it is to Encrypt the DNS, but can someone please explain to me what this is for, as I thought that the VPN already encrypts ALL the traffic in the internet.

Also how do I check that the DNScrypt is actually working and encrypting dns?

Last Question - Is it safe to use a public hotel wifi to do like banking or financial info, WITH the crypostorm VPN, with/without the dnscrypt and everything on?

Thanks.

User avatar

parityboy
Site Admin
Posts: 1254
Joined: Wed Feb 05, 2014 3:47 am

Re: How to Test DNSCrypt?

Post by parityboy » Tue May 15, 2018 5:51 pm

@OP

To my shame I haven't actually installed DNSCrypt, so I can only answer your last question.

Your system will use the DNS server on the hotel LAN to resolve the FQDN of the exit node, but after the connection is made your system will use the Cryptostorm DNS server pushed to it by the exit node.

Additionally, all traffic (including all subsequent DNS traffic) will flow along the encrypted VPN tunnel, so the hotel network will only ever see encrypted VPN traffic.

So yes, your network connection will be secure. However, the rest of your system is a different matter entirely...

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: How to Test DNSCrypt?

Post by df » Wed May 23, 2018 11:04 pm

@kingping1
The VPN encrypts all traffic once you're connected to the VPN.
But before you connect, your system will resolve the DNS entries for CS nodes (i.e., windows-balancer.cryptostorm.nu, or windows-paris.cryptostorm.nu, etc. etc.)
Since that normally happens using the very-easy-to-manipulate DNS protocol, we offer DNSCrypt access to everyone so that pre-connect DNS is also encrypted/protected.

However, thanks to OpenVPN's PKI structure, even if you did use plain DNS and your hotspot was doing some DNS poisoning or whatever, the worse that could happen is they could DoS you to prevent you from accessing the VPN.
They would not be able to redirect you to a malicious VPN node of theirs, since our setup includes a CA certificate that's used to check the remote server's certificate.
Since they don't have our CA private key or the server private key, they can't pretend to be a CS VPN node.

Oh and as for checking that DNSCrypt is actually working, Wireshark would help with that :-)

Post Reply