DNSCurve.io

DNSCurve Software

There are three main production DNSCurve packages: CurveDNS, dqcache, and djbdnscurve6.

CurveDNS: authoritative forwarder

CurveDNS listens on port 53 and forwards queries to/from an authoritative server such as tinydns, NSD, Knot, or BIND. This way you can get DNSCurve support without having to change DNS servers. CurveDNS supports IPv4 and IPv6. Install and deploy CurveDNS.

dqcache: recursive DNSCurve resolver

dqcache is a recursive resolver with excellent DNSCurve support including streamlined and TXT queries, fallback to TXT (needed sometimes when using hotel wifi or a captive portal), server and DNSCurve key pinning, and some resistance to traffic analysis. A new DNS lookup tool, dq, is also included. dqcache supports IPv4 and IPv6.

Of note, dqcache is written by Jan Mojžíš, the same author as TinySSH and the sntrup4591761x25519-sha512@tinyssh.org post-quantum key exchange method adopted by OpenSSH, among other projects. Install and deploy dqcache.

djbdnscurve6: recursive DNSCurve resolver

djbdnscurve6 is an alternative to dqcache with similar origins, but taking a different path forward. I know less about it.

Future versions of djbdnscurve6 will include native DNSCurve support for tinydns, which is very exciting!

Of note, djbdnscurve6 is written by the same author as s/qmail, qlibs, and other packages. Install and deploy djbdnscurve6.