DNSCrypt
E835285
DNSCrypt is a security protocol that authenticates and encrypts DNS traffic between a user’s device and a DNS resolver to prevent spying, spoofing, and tampering.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNSCrypt canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T10024601 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DNSCrypt Context triple: [DNS over TLS, alternativeTo, DNSCrypt]
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over DTLS
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
-
C.
DNS over HTTPS
DNS over HTTPS is a protocol that sends DNS queries and responses over encrypted HTTPS connections to enhance privacy and security.
-
D.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
E.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DNSCrypt Target entity description: DNSCrypt is a security protocol that authenticates and encrypts DNS traffic between a user’s device and a DNS resolver to prevent spying, spoofing, and tampering.
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over DTLS
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
-
C.
DNS over HTTPS
DNS over HTTPS is a protocol that sends DNS queries and responses over encrypted HTTPS connections to enhance privacy and security.
-
D.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
E.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
- F. None of above. chosen
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
DNS privacy technology
ⓘ
security protocol ⓘ |
| authenticates | communication between client and DNS resolver ⓘ |
| canBeCombinedWith |
Tor
NERFINISHED
ⓘ
VPNs ⓘ |
| category |
DNS security extension
ⓘ
Internet security protocol ⓘ |
| competesWith |
DNS over HTTPS
NERFINISHED
ⓘ
DNS over QUIC NERFINISHED ⓘ DNS over TLS NERFINISHED ⓘ |
| designedFor |
end-user privacy
ⓘ
integrity of DNS responses ⓘ |
| developedBy |
Frank Denis
NERFINISHED
ⓘ
OpenDNS NERFINISHED ⓘ |
| doesNotProvide |
anonymity by itself
ⓘ
content encryption beyond DNS layer ⓘ |
| encrypts |
DNS queries
ⓘ
DNS responses ⓘ |
| hasComponent |
DNSCrypt client
ⓘ
DNSCrypt resolver NERFINISHED ⓘ |
| hasVersion |
DNSCrypt v1
NERFINISHED
ⓘ
DNSCrypt v2 NERFINISHED ⓘ |
| implementedIn |
dnscrypt-proxy
NERFINISHED
ⓘ
dnscrypt-wrapper ⓘ dnsdist ⓘ various router firmware distributions ⓘ |
| improvesOver | unencrypted DNS ⓘ |
| initialReleaseYear | 2011 ⓘ |
| isBackwardCompatibleWith | traditional DNS at resolver side ⓘ |
| isOpenStandard | false ⓘ |
| license | varies by implementation (dnscrypt-proxy is ISC-licensed) ⓘ |
| operatesOn |
port 443 (often, via DNSCrypt-over-HTTPS-like setups or tunneling)
ⓘ
port 53 (in some configurations) ⓘ |
| prevents |
DNS eavesdropping
ⓘ
DNS man-in-the-middle attacks ⓘ DNS spoofing ⓘ DNS tampering ⓘ |
| protects | DNS traffic ⓘ |
| requires |
client-side DNSCrypt software
ⓘ
supporting DNSCrypt resolver ⓘ |
| standardizedBy | none (not an IETF standard) ⓘ |
| supports |
TCP transport
ⓘ
UDP transport ⓘ |
| supportsFeature |
forward secrecy (in newer versions / configurations)
ⓘ
multiple encryption algorithms (depending on version) ⓘ resolver public key discovery via DNS stamps ⓘ |
| usedFor |
bypassing DNS-level censorship (depending on resolver)
ⓘ
protecting DNS traffic on untrusted networks ⓘ |
| uses |
asymmetric cryptography
ⓘ
public-key cryptography ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DNSCrypt Description of subject: DNSCrypt is a security protocol that authenticates and encrypts DNS traffic between a user’s device and a DNS resolver to prevent spying, spoofing, and tampering.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.