-
-
Notifications
You must be signed in to change notification settings - Fork 2
curvedns.8
curvedns - A DNSCurve-capable forwarding DNS server
curvedns listen-ips listen-port target-ip target-port
curvedns acts as a forwarding DNS server sitting in front of an authoritative nameserver. It handles DNSCurve encryption when requested by the client, unwrapping requests and wrapping responses. Both unwrapped and unencrypted requests are forwarded to the authoritative nameserver. Its responses are forwarded to the client, with a proper encryption wrapper when requested.
curvedns requires four command line arguments when run:
listen-ips is a comma-separated list of IP addresses on which curvedns should listen.
listen-port is the port number on which it should listen for each of the given addresses.
target-ip and target-port specify where incoming requests should be forwarded, i. e. the IP address and port number of the authoritative nameserver.
curvedns writes log messages to STDERR.
curvedns also expects a number of environment variables. One of CURVEDNS_PRIVATE_KEY* is required. UID and GID are mandatory. The rest is optional.
CURVEDNS_PRIVATE_KEY
the hexadecimal representation of the server’s private (secret) key.
Putting the private key into an environment variable is not
recommended!
CURVEDNS_PRIVATE_KEY_FILE
the name of a file from which to read the hexadecimal representation of
the server's private key.
CURVEDNS_PRIVATE_KEY_FD
the number of a file descriptor from which to read the hexadecimal
representation of the server's private key.
UID
the user id of the user we are switching to when we have done all root
specific actions.
GID
the group id of this same user.
CURVEDNS_INTERNAL_TIMEOUT
number of seconds when to consider the target server has timeout
(default: 1.2).
CURVEDNS_UDP_TRIES
total number of tries towards the target server before we drop the query
(default: 2).
CURVEDNS_TCP_NUMBER
number of simultaneous TCP connections that are allowed (default: 25).
CURVEDNS_TCP_TIMEOUT
number of seconds before the TCP session to the client times out
(default: 60.0).
CURVEDNS_SHARED_SECRETS
number of shared secrets that can be cached (default: 5000).
CURVEDNS_DEBUG
what information should be shown, i.e. the debug level. The number
represents the debug level;
1: fatal
2: error
3: warning
4: info
5: debug
Less means receiving less information from CurveDNS (default: 2).
CURVEDNS_SOURCE_IP
the IP address CurveDNS will use as source IP address when it will
forward the query to the authoritative name server (default: let kernel
pick).
Putting secret information like cryptographic private keys into a process' environment is considered a security risk. The use of the CURVEDNS_PRIVATE_KEY environment variable is therefore strongly discouraged.
curvedns was created by the CurveDNS Project.
This man page was written by Peter Conrad <conrad@quisquis.de>.
curvedns-keygen(8) http://curvedns.on2it.net/ http://www.dnscurve.org/