We’ve talked about OpenDNS quite a bit over the years, noting that these guys know what geeks like: free, fast DNS lookups that smooth out the Internet’s rough edges and shave seconds off of many web tasks. Now OpenDNS is offering DNSCrypt, a service that completely encrypts your DNS sessions, ensuring that evil ha><0rZ can't see where you're headed on the web. The service also prevents man-in-the-middle DNS attacks. The service also automatically enables OpenDNS on your machine, thereby killing multiple birds with one multi-megabyte OS extension.
What does it do? Basically DNSCrypt wraps your DNS conversation in an SSL wrapper. Considering most DNS sessions are plaintext, this a huge deal. They've even made the source code available for free here so that independent security experts can test their claims.
From the website:
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.
The system has automatic failover to an unsecured state and can prevent folks from snooping on your DNS calls in a coffee shop or unsecured cyber cafe. Sadly, it’s not a full proxy so it won’t hide your browsing habits from local censors.
It’s available now for the Mac, and Linux/Windows versions are forthcoming.