How to install CurveDNS

CurveDNS is relatively easy to build and install, but requires a little reflection since it forwards packets to your real server (e.g. tinydns, NSD, PowerDNS, BIND, or other). This means CurveDNS and your authoritative server can't reside on the same IP address and port combination. This is easy to handle.

Choosing your setup

Let's say CurveDNS listens on 192.0.2.10. It will forward to $TARGET_IP and $TARGET_PORT as chosen by you, in the CurveDNS configuration. Some common options are:

  1. CurveDNS on 192.0.2.10 port 53, authoritative server on 192.0.2.10 port 5353.
  2. CurveDNS on 192.0.2.10 port 53, authoritative server on 192.0.2.11 port 53.
  3. CurveDNS on 192.0.2.10 port 53, authoritative server on localhost port 53.
  4. CurveDNS on 192.0.2.10 port 53, authoritative server on localhost port 5353.

Binary Packages

CurveDNS is available in FreeBSD from dns/curvedns. Do: pkg install curvedns

Get and verify CurveDNS source

    wget https://dnscurve.io/software/curvedns-0.87.tar.gz

    # optionally verify signature with OpenBSD signify:
    wget https://dnscurve.io/signify/dnscurve-io-public.key
    wget https://dnscurve.io/software/curvedns-0.87.tar.gz.sig
    signify -V -x curvedns-0.87.tar.gz.sig -p dnscurve-io-public.key -m curvedns-0.87.tar.gz

Alternatively, CurveDNS is available at Github.

Prerequisites

CurveDNS requires libev (not to be confused with libevent), which is typically supplied by your OS package management system. If not, it's easy to install.

If libev is unavailable in your binary package system: 

    wget http://dist.schmorp.de/libev/libev-4.33.tar.gz
    (SHA256 = 507eb7b8d1015fbec5b935f34ebed15bf346bed04a11ab82b8eee848c4205aea)
    wget http://dist.schmorp.de/signing-key.pub
    wget http://dist.schmorp.de/libev/libev-4.33.tar.gz.sig
    signify -V -p signing-key.pub -m libev-4.33.tar.gz # signature check, using signify
    tar zxf libev-4.33.tar.gz
    cd libev-4.33
    sh autogen.sh
    ./configure
    make
    sudo make install

Building and Installing CurveDNS

    tar zxf curvedns-0.87.tar.gz
    cd curvedns-0.87

    # Only if using OpenBSD, apply the following trivial patch:
    wget https://dnscurve.io/software/openbsd-curvedns.patch
    patch < openbsd-curvedns.patch

    # Recommended chroot patch:
    wget https://dnscurve.io/software/curve-chroot.diff
    patch < curve-chroot.diff

    # Note: NaCl takes a while to build
    ./configure.nacl
    ./configure.curvedns
    make

    # install
    install curvedns curvedns-keygen /usr/local/bin

Configure CurveDNS

The author's website has excellent CurveDNS documentation. This page will soon be updated with condensed instructions.