IANIX adopts DNSCurve

Original Date: January 23, 2012
Updated: August 26, 2020

IANIX is happy to announce the adoption of DNSCurve, part of the larger CurveCP project — one of the most exciting technologies in years. For an introduction to DNSCurve and CurveCP, see the above links or the following presentation from Dan Bernstein at 27C3, "High-speed high-security cryptography: encrypting and authenticating the whole Internet."

To enable DNSCurve protection in the resolver, use dnscache with Matthew Dempsky's DNSCurve patch. Alternatively, IANIX now uses dqcache, a full recursive resolver with full DNSCurve support. Otherwise, contact your vendor or ISP and ask them to support DNSCurve.

To enable DNSCurve protection on an authoritative server, one can use the CurveDNS forwarder with the following CurveDNS chroot patch in front of an existing setup. Using a forwarder allows an administrator to continue using the original DNS server software.

IANIX intends to deploy DNSCurve and CurveCP wherever appropriate.