Winston hijacks all unencrypted DNS, upgrades it to encrypted DNS through Cloudflare. DNS entries are cached for 60 minutes by default.

The default is to always encrypt traffic, but if both providers go down Winston will fail over to unencrypted to allow you to continue to use the Internet.

Today, users are not able to change the DNS encryption, themselves, but we are discussing allowing it in the future.

To find out more about what type of encryption Winston uses click here.