bionic (8) curvedns.8.gz

Provided by: curvedns_0.87-4build1_amd64 bug

NAME
       curvedns - high-speed high-security elliptic-curve cryptography DNS server


SYNOPSIS
       curvedns listening_IPs listening_port target_DNS_server_IP target_DNS_server_port


DESCRIPTION
       curvedns(8)  is  a daemon that implements the DNSCurve protocol acting as a forwarder to an authoritative
       DNS server. The daemon is started with four mandatory command line arguments:

       •   listening_IPs: The IP addresses on which CurveDNS should listen.  If  you  have  more  IP  addresses,
           separate  them  by a comma (,). Notice both IPv4 and IPv6 addresses can be used. Valid inputs are for
           example: 192.168.0.1 and fe80::1,10.3.11.86 If you want CurveDNS to listen on all  IP  addresses  use
           0.0.0.0 (for IPv4 hosts) or :: (for IPv6 hosts).

       •   listening_port:  The  port  number  on which CurveDNS should listen. If you want to use a port number
           beneath 1024, you must be root - nevertheless, CurveDNS will eventually drop the root privileges once
           it has done all the tasks that need root.

       •   target_DNS_server_IP:  This  is  the  IP  address  of the authoritative name server we are forwarding
           non-DNSCurve queries to. This can be either an IPv4 or IPv6 address.

       •   target_DNS_server_port: The port number of the authoritative  name  server  we  are  forwarding  for.
           Usually this will be 53.


ENVIRONMENT VARIABLES
       curvedns(8)  does  not  use  a  configuration files. Instead all remaining configuration uses environment
       variables. Mandatory environment variables:

       •   CURVEDNS_PRIVATE_KEY: the hexadecimal representation of the server´s private (secret) key.

       Optional environment variables:

       •   CURVEDNS_INTERNAL_TIMEOUT: number of seconds when to consider the target server has timeout (default:
           1.2)

       •   CURVEDNS_UDP_TRIES:  total  number  of  tries  towards  the  target  server  before we drop the query
           (default: 2)

       •   CURVEDNS_TCP_NUMBER: number of simultaneous TCP connections that are allowed (default: 25)

       •   CURVEDNS_TCP_TIMEOUT: number of seconds before the TCP session to  the  client  times  out  (default:
           60.0)

       •   CURVEDNS_SHARED_SECRETS: number of shared secrets that can be cached (default: 5000)

           Depending  on  your  query  load  and  the  number of clients, increasing the number of cached shared
           secrets can improve performance. It is a good idea to temporarily  set  the  debug  level  (see  next
           option)  to debug when you alter this value. Using this level, curvedns will log the amount of memory
           it reserved for the shared secret cache during startup. In this way you can check whether  this  will
           suit your system´s physical memory boundaries.

       •   CURVEDNS_DEBUG: the debug level to control what events to log (default : 2)

           Available debug levels: 1 (fatal), 2 (error), 3 (warning), 4 (info), 5 (debug)

       •   CURVEDNS_SOURCE_IP:  the IP address CurveDNS will use as source IP address when it forwards the query
           to the authoritative name server (default: let kernel decide).


SEE ALSO
       •   man (1) curvedns-keygen

       •   Installation               and                configuration                from                github
           https://github.com/curvedns/curvedns/blob/master/INSTALL.md


MANPAGE AUTHOR
       Stephane Neveu stefneveu@gmail.com

                                                  January 2018                                       CURVEDNS(8)