DNSCurve is a proposed secure protocol for the

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...

(DNS), designed by Daniel J. Bernstein.

Description

DNSCurve uses

Curve25519 In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of t ...

elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provid ...

to establish keys used by

Salsa20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

, paired with the

message authentication code In cryptography, a message authentication code (MAC), sometimes known as a ''tag'', is a short piece of information used for authenticating a message. In other words, to confirm that the message came from the stated sender (its authenticity) and ...

(MAC) function

Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a key shared b ...

, to encrypt and authenticate DNS packets between resolvers and authoritative servers. Public keys for remote authoritative servers are placed in NS records, so recursive resolvers know whether the server supports DNSCurve. Keys begin with the magic string uz5 and are followed by a 51-byte Base32 encoding of the server's 255-bit public key. E.g., in

BIND BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name daemon''), performs both of the main DNS server roles, acting as an authoritative ...

format: example.com. IN NS uz5bcx1nh80x1r17q653jf3guywz7cmyh5jv0qjz0unm56lq7rpj8l.example.com. The resolver then sends to the server a packet containing its DNSCurve public key, a 96-bit

nonce Nonce may refer to: * Cryptographic nonce, a number or bit string used only once, in security engineering * Nonce word, a word used to meet a need that is not expected to recur * The Nonce, American rap duo * Nonce orders, an architectural term * ...

, and a cryptographic box containing the query. The cryptographic box is created using the resolver's private key, the server's public key, and the nonce. The response from the server contains a different 96-bit nonce and its own cryptographic box containing the answer to the query. The cryptographic tools used in DNSCurve are the same used in CurveCP, a UDP-based protocol which is similar to TCP but uses elliptic-curve cryptography to encrypt and authenticate data. An analogy is that while

DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...

is like signing a webpage with

Pretty Good Privacy Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partition ...

(PGP), CurveCP and DNSCurve are like encrypting and authenticating the channel using

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(TLS). Just as PGP-signed webpages can be sent over an encrypted channel using SSL, DNSSEC data can be protected using DNSCurve. DNSCurve claims advantages over previous DNS services of: * Confidentiality—usual DNS requests and responses are not encrypted, and broadcast to any attacker. * Integrity—usual DNS has some protection, but with patience and sniffing attackers can forge DNS records; this is prevented by DNSCurve cryptographic authentication. *Availability—usual DNS has no protection against

denial of service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

(DoS) by a sniffing attacker sending a few forged packets per second. DNSCurve recognizes and discards forged DNS packets, providing some protection, though SMTP, HTTP, HTTPS, are also vulnerable to DoS.

Security

DNSCurve uses 256-bit elliptic-curve cryptography, which

NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...

estimates to be roughly equivalent to 3072-bit RSA. ECRYPT reports a similar equivalence. It uses per-query public-key crypto (like SSH and SSL), and 96-bit nonces to protect against replay attacks. Adam Langley, security officer at Google, says "With very high probability, no one will ever solve a single instance of Curve25519 without a large, quantum computer."

Speed

Adam Langley has posted speed tests on his personal website showing Curve25519, used by DNSCurve, to be the fastest among elliptic curves tested. According to the U.S.

National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...

(NSA), elliptic curve cryptography offers vastly superior performance over RSA and Diffie–Hellman at a geometric rate as key sizes increase.

Implementations

DNSCurve first gained recursive support in dnscache via a patch by Matthew Dempsky. Dempsky also has a

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, cont ...

repository which includes Python DNS lookup tools and a forwarder in C. Adam Langley has a GitHub repository as well. There is an authoritative forwarder called CurveDNS which allows DNS administrators to protect existing installations without patching. OpenDNS has released DNSCrypt to protect the channel between OpenDNS's users and its recursive resolvers. Jan Mojžíš has released curveprotect, a software suite which implements DNSCurve and CurveCP protection for common services like DNS, SSH, HTTP, and SMTP.

Deployment

OpenDNS OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbre ...

, which has 50 million users, announced support for DNSCurve on its recursive resolvers on February 23, 2010. Then on December 6, 2011, OpenDNS announced a new tool, called

DNSCrypt DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers. It was originally designed by Frank Denis and Yecheng Fu. Although multiple free and ope ...

. DNSCrypt protects the channel between OpenDNS and its users. No equally large authoritative DNS providers have yet deployed DNSCurve.

Notes

External links

Official websiteDNSCurve.io: a community for DNSCurve usersHigh-speed cryptography and DNSCurve
a June 2009 presentation by the author
DNSCurve: Usable security for DNS
an August 2008 presentation by the author
draft-dempsky-dnscurve-01
Proposed standard "DNSCurve: Link-Level Security for the Domain Name System", sent by M. Dempsky (from

) to

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements an ...

(updated in February 2010)
OpenDNS adopts DNSCurve
official OpenDNS blog entry
CurveDNS
DNSCurve forwarding name server
NaCl
Networking and Cryptography library {{DEFAULTSORT:Dnscurve Domain Name System Elliptic curve cryptography