curvedns - high-speed high-security elliptic-curve
cryptography DNS server
curvedns listening_IPs listening_port
target_DNS_server_IP target_DNS_server_port
curvedns(8) is a daemon that implements the DNSCurve protocol
acting as a forwarder to an authoritative DNS server. The daemon is started
with four mandatory command line arguments:
- ○
- listening_IPs: The IP addresses on which CurveDNS should listen. If
you have more IP addresses, separate them by a comma (,). Notice both IPv4
and IPv6 addresses can be used. Valid inputs are for example: 192.168.0.1
and fe80::1,10.3.11.86 If you want CurveDNS to listen on all IP addresses
use 0.0.0.0 (for IPv4 hosts) or :: (for IPv6 hosts).
- ○
- listening_port: The port number on which CurveDNS should listen. If
you want to use a port number beneath 1024, you must be root -
nevertheless, CurveDNS will eventually drop the root privileges once it
has done all the tasks that need root.
- ○
- target_DNS_server_IP: This is the IP address of the authoritative
name server we are forwarding non-DNSCurve queries to. This can be either
an IPv4 or IPv6 address.
- ○
- target_DNS_server_port: The port number of the authoritative name
server we are forwarding for. Usually this will be 53.
-
curvedns(8) does not use a configuration files. Instead all
remaining configuration uses environment variables. Mandatory environment
variables:
- ○
- CURVEDNS_PRIVATE_KEY: the hexadecimal representation of the
server's private (secret) key.
-
Optional environment variables:
- ○
- CURVEDNS_INTERNAL_TIMEOUT: number of seconds when to consider the
target server has timeout (default: 1.2)
- ○
- CURVEDNS_UDP_TRIES: total number of tries towards the target server
before we drop the query (default: 2)
- ○
- CURVEDNS_TCP_NUMBER: number of simultaneous TCP connections that
are allowed (default: 25)
- ○
- CURVEDNS_TCP_TIMEOUT: number of seconds before the TCP session to
the client times out (default: 60.0)
- ○
- CURVEDNS_SHARED_SECRETS: number of shared secrets that can be
cached (default: 5000)
- Depending on your query load and the number of clients, increasing the
number of cached shared secrets can improve performance. It is a good idea
to temporarily set the debug level (see next option) to debug when you
alter this value. Using this level, curvedns will log the amount of memory
it reserved for the shared secret cache during startup. In this way you
can check whether this will suit your system's physical memory
boundaries.
- ○
- CURVEDNS_DEBUG: the debug level to control what events to log
(default : 2)
- Available debug levels: 1 (fatal), 2 (error), 3 (warning), 4 (info), 5
(debug)
- ○
- CURVEDNS_SOURCE_IP: the IP address CurveDNS will use as source IP
address when it forwards the query to the authoritative name server
(default: let kernel decide).
-
- ○
- man (1) curvedns-keygen
- ○
- Installation and configuration from github
https://github.com/curvedns/curvedns/blob/master/INSTALL.md
-
Stephane Neveu stefneveu@gmail.com