OpenDNS launches encryption tool to secure domain lookups

A new free tool from OpenDNS promises to make domain name system (DNS) lookups, the conversion of a plain English domain name into a numeric Internet address, more secure. DNSCrypt prevents third parties from intercepting your DNS requests and rewriting them to point your browser, email client, or other software to malicious or fake sites. That may sound like a tedious bit of Internet plumbing, but it profoundly improves your security.

The software addresses a significant flaw in the way that software clients decide which Internet servers to trust. A client (like a web browser) and server create an encrypted connection with one another by relying on third parties, known as certificate authorities (CAs), to assure the client of the server's identity.

These CAs provide digital documents to a site operator that are bound to a domain name (techworld.com) or a specific host-domain combination (www.techworld.com). A client can validate a server's documents by checking their digital signatures against a list of trusted CAs. Those lists are built into operating systems (Mac OS X's can be viewed via Keychain Access) and some browsers (Firefox being the primary example).