DNS provider OpenDNS has developed a new open-source tool that will encrypt all of the traffic between customers and the OpenDNS servers. The tool is designed to address the slew of techniques that enable attackers to eavesdrop on plain-text DNS traffic.

The tool, called DNSCrypt, is in an early form right now, but the company said it will be making regular iterative changes to it as needed. DNSCrypt uses elliptic-curve cryptography to encrypt the traffic between customer servers and the OpenDNS system.

"DNS has, unfortunately, always had some inherent weaknesses because it’s transported in plain text. DNSSEC has never attempted to address that (crazy, I know). Encrypting all DNS traffic means a fundamental change to the security of the system on the whole and a strong improvement. It’s not the only solution, and there’s still an important place for verification and validation of domains like DNSSEC provides, but it’s a very strong first step," OpenDNS CEO David Ulevitch said in a blog post.