DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.
DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.
DNSCurve claims advantages over previous DNS services of: Confidentiality—conventional DNS requests and responses are not encrypted, so are readable to everyone along the path of transmission. Integrity—conventional DNS has some protection, but with patience and sniffing attackers can forge DNS records; this is prevented by DNSCurve cryptographic authentication. Availability—conventional DNS has no protection against denial of service (DoS) by a sniffing attacker sending a few forged packets per second. DNSCurve recognizes and discards forged DNS packets, providing some protection, though SMTP, HTTP, HTTPS, are also vulnerable to DoS.
Discovered by embedding cosine similarity (sentence-transformers MiniLM, 384-dim).