Provided by: curvedns_0.87-6_amd64 bug


       curvedns - high-speed high-security elliptic-curve cryptography DNS server


       curvedns listening_IPs listening_port target_DNS_server_IP target_DNS_server_port


       curvedns(8)  is a daemon that implements the DNSCurve protocol acting as a forwarder to an
       authoritative DNS  server.  The  daemon  is  started  with  four  mandatory  command  line

       ○   listening_IPs:  The  IP addresses on which CurveDNS should listen. If you have more IP
           addresses, separate them by a comma (,). Notice both IPv4 and IPv6  addresses  can  be
           used.  Valid  inputs  are  for example: and fe80::1, If you want
           CurveDNS to listen on all IP addresses use (for IPv4 hosts) or  ::  (for  IPv6

       ○   listening_port:  The port number on which CurveDNS should listen. If you want to use a
           port number beneath 1024, you must be root - nevertheless,  CurveDNS  will  eventually
           drop the root privileges once it has done all the tasks that need root.

       ○   target_DNS_server_IP:  This  is the IP address of the authoritative name server we are
           forwarding non-DNSCurve queries to. This can be either an IPv4 or IPv6 address.

       ○   target_DNS_server_port: The port number  of  the  authoritative  name  server  we  are
           forwarding for. Usually this will be 53.


       curvedns(8)  does  not use a configuration files. Instead all remaining configuration uses
       environment variables. Mandatory environment variables:

       ○   CURVEDNS_PRIVATE_KEY: the hexadecimal representation of the server's private  (secret)

       Optional environment variables:

       ○   CURVEDNS_INTERNAL_TIMEOUT:  number  of  seconds when to consider the target server has
           timeout (default: 1.2)

       ○   CURVEDNS_UDP_TRIES: total number of tries towards the target server before we drop the
           query (default: 2)

       ○   CURVEDNS_TCP_NUMBER: number of simultaneous TCP connections that are allowed (default:

       ○   CURVEDNS_TCP_TIMEOUT: number of seconds before the TCP session to the client times out
           (default: 60.0)

       ○   CURVEDNS_SHARED_SECRETS: number of shared secrets that can be cached (default: 5000)

           Depending  on  your  query  load  and  the number of clients, increasing the number of
           cached shared secrets can improve performance. It is a good idea  to  temporarily  set
           the  debug  level  (see  next  option)  to debug when you alter this value. Using this
           level, curvedns will log the amount of memory it reserved for the shared secret  cache
           during  startup.  In  this  way  you  can  check  whether this will suit your system's
           physical memory boundaries.

       ○   CURVEDNS_DEBUG: the debug level to control what events to log (default : 2)

           Available debug levels: 1 (fatal), 2 (error), 3 (warning), 4 (info), 5 (debug)

       ○   CURVEDNS_SOURCE_IP: the IP address CurveDNS will use as  source  IP  address  when  it
           forwards the query to the authoritative name server (default: let kernel decide).


       ○   man (1) curvedns-keygen

       ○   Installation            and            configuration            from            github


       Stephane Neveu

                                          February 2021                               CURVEDNS(8)