How to install CurveDNS

CurveDNS is relatively easy to build and install, but requires a little reflection since it forwards packets to your real server (e.g. tinydns, NSD, PowerDNS, BIND, or other). This means CurveDNS and your authoritative server can't reside on the same IP address and port combination. This is easy to handle.

Choosing your setup

Let's say CurveDNS listens on It will forward to $TARGET_IP and $TARGET_PORT as chosen by you, in the CurveDNS configuration. Some common options are:

  1. CurveDNS on port 53, authoritative server on port 5353.
  2. CurveDNS on port 53, authoritative server on port 53.
  3. CurveDNS on port 53, authoritative server on localhost port 53.
  4. CurveDNS on port 53, authoritative server on localhost port 5353.

Binary Packages

CurveDNS is available in FreeBSD from dns/curvedns. Do: pkg install curvedns

Get and verify CurveDNS source


    # optionally verify signature with OpenBSD signify:
    signify -V -x curvedns-0.87.tar.gz.sig -p dnscurve-io-public.key -m curvedns-0.87.tar.gz

Alternatively, CurveDNS is available at Github.


CurveDNS requires libev (not to be confused with libevent), which is typically supplied by your OS package management system. If not, it's easy to install.

If libev is unavailable in your binary package system:

    (SHA256 = 507eb7b8d1015fbec5b935f34ebed15bf346bed04a11ab82b8eee848c4205aea)
    signify -V -p -m libev-4.33.tar.gz # signature check, using signify
    tar zxf libev-4.33.tar.gz
    cd libev-4.33
    sudo make install

Building and Installing CurveDNS

    tar zxf curvedns-0.87.tar.gz
    cd curvedns-0.87

    # Only if using OpenBSD, apply the following trivial patch:
    patch < openbsd-curvedns.patch

    # Recommended chroot patch:
    patch < curve-chroot.diff

    # Note: NaCl takes a while to build

    # install
    install curvedns curvedns-keygen /usr/local/bin

Configure CurveDNS

The author's website has excellent CurveDNS documentation. This page will soon be updated with condensed instructions.