DNSCrypt explained – it won’t replace a VPN!

DNSCrypt is a protocol for securing a single hop during a DNS lookup. It allows you to authenticate that the packet you received from the DNS server you connected to is the one that it sent, and also encrypts it over that single hop.  Sadly there several people spreading false facts about DNSCrypt.

Some router firmware even support DNSCrypt directly

Please note that DNSCrypt is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity. The TLS protocol, as used in HTTPS and HTTP2, also leaks websites host.

– DNSCrypt page

For all the attention that HTTPS gets, I’m amazed how little (relatively speaking) attention plaintext DNS gets. Let’s check it!