DNSCurve: Usable security for DNS

DNSCurve for top-level domains

DNSCurve is extremely fast and does not require signatures to be generated or stored in advance. DNSCurve is suitable for the largest, busiest DNS servers on the Internet, including the .com servers. The .com administrators can install DNSCurve forwarders the same way that other administrators do, preventing forgeries of packets sent from their servers.

The list of .com server names and IP addresses currently takes 453 bytes in a 512-byte UDP DNS packet. Adding twelve different DNSCurve public keys would expand the list to a kilobyte. It is better to condense the list of twelve server names to (e.g.) three server names, each with one DNSCurve public key and four IP addresses. Cryptographic note: Servers sharing a key must use separate nonces; for example, the first of four servers can use top bits 100, the second can use top bits 101, the third can use top bits 110, and the fourth can use top bits 111.

The root DNS servers can also be protected with DNSCurve. Once a cache knows DNSCurve server names for the root servers, its packets to and from those servers are protected, so it securely learns the DNSCurve server names for .com and other top-level domains, so its packets to and from the .com servers are protected, so it securely learns the DNSCurve server names for nytimes.com, etc.

Because the root zone is small and changes slowly, ISPs can periodically download copies of the root zone, and serve those copies through their own local DNSCurve-protected servers; this also reduces the load on the root servers and noticeably reduces the frequency of big DNS lookup delays for users. Third parties can also operate DNSCurve-protected copies of the root as a public service.