DNSCurve: Usable security for DNS
Introduction
DNS users:
Why DNSCurve?
Installing DNSCurve
DNS data managers:
Why DNSCurve?
Installing DNSCurve
DNS implementors:
Caches
Forwarders
Protocol designers:
Cryptography
DNS integration
Attackers:
Forgery
Negative forgery
Replays
Query espionage
Database espionage
+ nsec3walker
CPU flooding
Amplification
+ dnssecamp

Comparison of DNSSEC and DNSCurve

This page was a comparison between DNSSEC and DNSCurve. Most of the information on this page has now been split into separate pages discussing various attacks in much more detail, and discussing the impact of DNSSEC and DNSCurve upon those attacks.

The following issues are not yet covered on separate pages: Neither DNSSEC nor DNSCurve protects DNS data against an attacker controlling parent computers. DNSSEC, unlike DNSCurve, does protect DNS data against an attacker controlling the administrator's DNS servers, if the administrator generates keys and signatures on a separate computer that has not been compromised. DNSSEC, unlike DNSCurve, requires parents to extend their web interface, database, registrar-registry protocol, etc. Partial deployment of DNSCurve provides much more protection than partial deployment of DNSSEC.

Version

This is version 2009.06.24 of the dnssec.html web page.