DNSCurve Software

Updated: October 24, 2021

Here's a list of DNSCurve servers, tools, and other software. DNSCurve is a fully backwards-compatable extension to DNS that adds link-level authenticated encryption. Most implementations use NaCl, libsodium, or slownacl for cryptographic operations.

Please also see DNSCurve.io for more DNSCurve information.

Authoritative DNS

• CurveDNS — a DNSCurve Forwarding Name Server in C
• pymdscurve — an authoritative DNSCurve server in Python
• odns — Onion DNS Forward, in C++

Recursive DNS

• dqcache — Recursive DNS/DNSCurve server ^{also on github!}
• djbdns dnscurve patch — adds DNSCurve support to dnscache, in C
  • SHA256: 7efc54bd1981d0eb920de02b97f9b152c57e6add8023c9b82566358
  • (dnscurve.io mirror)
• dnspythoncurve — recursive DNSCurve resolver in Python
• spiral — DNSCurve & CurveCP for Twisted Python. Currently implements recursive service.

Libraries

• nonce — a simple DNSCurve nonce management library
• librdns — Asynchronous DNS resolver
• ocaml-dnscurve — An implementation of the DNSCurve protocol
• dnscurve-python — Implementation of DNSCurve in python

Services

• OpenDNS provides 3rd party recursive DNS service, supporting DNSCrypt

Other

• dq — a command-line tool to debug DNS/DNScurve
• curveprotect — a suite that supports DNSCurve, CurveCP, and DNSCrypt
• PyDNSCacheCurve — non-recursive lookups in Python
• dnscurve-tools — some DNSCurve tools
• Adam Langley's DNSCurve repo on github
• Matthew Dempsky's DNSCurve repo on github

Miscellaneous

• Dan Bernstein: "An attacker who spends a billion dollars on special-purpose chips to attack Curve25519, using the best attacks available today, has about 1 chance in 1000000000000000000000000000 of breaking Curve25519 after a year of computation."
• Ian Grigg: "In the past, things like TLS, PGP, IPSec and others encouraged you to slice and dice the various algorithms as a sort of alphabet soup mix. Disaster. What we got for that favour was code bloat, insecurity at the edges, continual arguments as to what is good & bad, focus on numbers & acronyms, distraction from user security, entire projects that rate your skills in cryptoscrabble, committeeitus, upgrade nightmares, pontification ... Cryptoplumbing shouldn't be like eating spagetti soup with a toothpick. There should be One Cipher Suite and that should do for everyone, everytime. There should be no way for users to stuff things up by tweaking a dial they read about in some slashdot tweakabit article while on the train to work... Picking curve25519xsalsa20poly1305 is good enough for that One True CipherSuite motive alone... It's an innovation! Adopt it."

DNSCurve Timeline

• 2008-08-22: DNSCurve is announced by Dan Bernstein.
• 2009-06-02: DNSCurve patch for dnscache is released by Matthew Dempsky.
• 2009-07-06: pymdscurve & dnspythoncurve are announced by Joao Paulo R Vita, Gustavo Padovan, and Rodrigo Tjader.
• 2010-02-23: OpenDNS adopts DNSCurve.
• 2010-02-26: DNSCurve RFC draft-dempsky-dnscurve-01 is published.
• 2010-12-28: CurveDNS 0.87 is released by Harm van Tilborg, with help from ON2IT.net.
• 2011-02-21: The most recent NaCl is released.
• 2011-05-12: curveprotect is announced by Jan Mojžíš.
• 2013-06-05: Edward Snowden / NSA disclosures begin.
• 2013-11-16: dq is announced by Jan Mojžíš.
• 2014-02-10: librdns gains DNSCurve support, by Vsevolod Stakhov.
• 2014-10-26: dqcache debut with DNSCurve support
• 2014-11-07: Edward Snowden states that he uses encrypted DNS.
• 2015-01-28: cryptostorm.is adds DNSCrypt-aware resolvers to its network.
• 2015-03-17: DNSCurve Community site announced.
• 2015-07-19: Edward Snowden again says DNS queries should be encrypted.
• 2018-09-30: djbdnscurve6 is announced.
• 2019-02-00: BuddyNS launches DNSCurve support.
• 2021-10-20: Native DNSCurve support in tinydns, in djbdnscurve6

"Powered by DNSCurve"