The idea behind DNScrypt in specific, and secure DNS in general, is that it prevents "man in the middle" attacks from taking place.
The domain name system is not, as it is currently implemented, secure. Let's say that Alice wants to go to
www.gmail.com to check her email. Her computer sends out a request to her ISP's name server. The name server, which is basically just a big telephone book, tells her "www.gmail.com is living at IP address 74.125.224.119" and her browser merrily goes off to 74.125.224.119.
Now, suppose Bob wanted to steer her wrong. He could plant malware on her computer, or intercept her transmissions on her network, so that instead of going to her ISP's name servers, the DNS request was instead diverted to a hostile name server that he controls. His name server looks for any request for
www.gmail.com and instead of returning 74.125.224.119, it returns 77.88.5.0, an IP address for a server in Russia that he owns.
So Alice types
www.gmail.com into her address bar, but she is not connected to Google's servers. She's connected to a server that Bob runs in Russia. From this point, there are a lot of things he can do. He can put up a fake login page and steal Alice's username and password. He can put up a fake Gmail page and feed Alice false emails that he wants her to see. If he forges a Gmail security certificate, which happened a while ago when hackers broke into a CA called DigiNotar and made themselves phony but authentic-seeming Gmail security certificates, he can connect Alice through to the real Gmail and read everything she reads and everything she writes.
The idea behind DNScrypt is that all your computer's name server requests are encrypted and routed to secure name servers. If someone attempts to intercept your name server requests and alter the results, they can't. They can't see what Web sites you're looking up because the name of the site is encrypted, and they can't substitute their own phony IP address because the answer is encrypted too.
This idea has been around for years, but nobody's really doing it yet. In order for it to be effective without using special DNS software, everyone would have to change over at once...it does no good if you make encrypting the name server queries optional, because then a bad guy could still set up a phony name server and just have it set to refuse encrypted requests, and the browser would try again with an unencrypted request.
My guess is that it's available for Mac OS X first because OS X is Unix. Nearly all the world's name servers run on Unix. The OpenDNS name servers run Unix; it's easy (well, relatively speaking) to write Unix name server clients and servers that implement encryption. It makes sense that you'd want to test the client in a Unix configuration before you started making it available to Windows.
