Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

DNSCurve solves the issues of securing the channel (solves privacy, not authenticity like DNSSEC attempted), unfortunately it wasn't standardized and didn't get wide adoption.


It's never going to get wide adoption now that DoH has become a de facto standard.


The place where DoH is common is the place with no network effect. Anyone can use anything from DoH to DNSCurve to OpenVPN to secure the path between the client and the recursive DNS server, and can do so regardless of what anybody else uses for that.

The thing we're still missing is something to secure the path between the recursive and authoritative nameservers, which is the thing DNSCurve is actually better at and is also not the thing DoH is commonly used for. Moreover, "adoption" is basically code in this context. You could have widespread adoption of DNSCurve just by adding support for it to the handful of open source DNS servers in widespread use.


DNSCurve does make some requirements around the naming of DNS servers, as the name is used to provide the keys. Making:

    uz5xgm1kx1zj8xsh51zp315k0rw7dcsgyxqh2sl7g8tjg25ltcvhyw.nytimes.com.
Be the required the name of your DNS server is a bit offputting. You can always CNAME it though for better ergonomics.

(example is from: https://dnscurve.org/out-install.html)


This is basically irrelevant, normal people don't interact with the names of authoritative DNS servers.


Operations people frequently pick based on ergonomics. The bad ergonomics and having to learn new tools is a frequently cited reason why IPv6 is seeing lesser adoption.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: