Proposed solution for increasing DNS privacy using elliptic curve cryptography
DNS over HTTPS
Communication protocol
Developer(s)
Daniel J. Bernstein
Introduction
2009; 15 years ago (2009)[1]
OSI layer
Application layer
Website
dnscurve.org
DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.
DNSCurve claims advantages over previous DNS services of:[1]
Confidentiality—usual DNS requests and responses are not encrypted, and broadcast to any attacker.
Integrity—usual DNS has some protection, but with patience and sniffing attackers can forge DNS records; this is prevented by DNSCurve cryptographic authentication.
Availability—usual DNS has no protection against denial of service (DoS) by a sniffing attacker sending a few forged packets per second. DNSCurve recognizes and discards forged DNS packets, providing some protection, though SMTP, HTTP, HTTPS, are also vulnerable to DoS.
^ ab"Introduction to DNSCurve". DNSCurve. 22 June 2009. Retrieved 16 March 2016.
DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between...
or locally installed DNS servers. OpenDNS has adopted and supports the DNSCurve secure protocol. OpenDNS provides the following recursive nameserver addresses...
for Comments (RFC). Public recursive name server DNS over HTTPS DNSCrypt DNSCurve Henderson, Karl; April, Tim; Livingood, Jason (2020-02-14). "Authoritative...
System Security Extensions (DNSSEC) Elliptic curve cryptography Curve25519 DNSCurve Biggs, John (6 December 2011). "DNSCrypt Encrypts Your DNS Traffic Because...
(DNSSEC) modify DNS to add support for cryptographically signed responses. DNSCurve has been proposed as an alternative to DNSSEC. Other extensions, such as...
"would offer real security benefits to UK citizens". DNS over TLS DNSCrypt DNSCurve EDNS Client Subnet Chirgwin, Richard (14 Dec 2017). "IETF protects privacy...
Initiative of the Internet community and the Dutch government DNSCrypt DNSCurve Extension Mechanisms for DNS (EDNS) TSIG Resource Public Key Infrastructure...
gss-api and TKEY to distribute keys automatically in gss-api mode. The DNSCurve proposal has many similarities to TSIG. List of DNS record types Abley...