Bug 153881 - new port: dns/curvedns Forwarding NS that adds DNSCurve
Summary: new port: dns/curvedns Forwarding NS that adds DNSCurve
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-11 02:50 UTC by Leo Vandewoestijne
Modified: 2011-03-04 13:45 UTC (History)
0 users

See Also:


Attachments
file.shar (6.61 KB, text/plain)
2011-01-11 02:50 UTC, Leo Vandewoestijne
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Leo Vandewoestijne 2011-01-11 02:50:06 UTC
CurveDNS is a forwarder nameserver that adds DNSCurve to DNS,
and the first publicly released forwarding implementation
that implements the DNSCurve protocol.

It is a project of Harm van Tilburg (TU Eindhoven).
Jeroen Scheerder and Lieuwe Jan Koning.
=> http://curvedns.on2it.net/about

DNSCurve is a security protocol superior to DNSSEC, but
addressing different and more known vulnerabilities in the DNS.
Besides that it's far more practical to deploy.
It was designed D.J.Bernstein, notable for qmail and tinydns.
=> http://dnscurve.org/

The protocol was described in an RFC-draft by Matthew Dempsky.
=> http://tools.ietf.org/html/draft-dempsky-dnscurve-01

Because the public key part of the FQDN of the authoritive
nameserver, it's pretty much compatible with each tested TLD.
=> http://dns-lab.com/pub/dnscurve/registry-compatibility.lasso

So also mind it can add a considerable portion of security to
internal networks to.


Technically DNSCurve and DNSSEC can co-exist without problem,
in reality it seems to make ego's clash problematicly.


Articles:

DJB exposing DNSSEC is relative:
=> http://cr.yp.to/talks/2009.08.10/slides.pdf

Paul Vixie 'striking' back:
=> http://www.isc.org/community/blog/201002/whither-dnscurve
 
Heated discussion:
=> http://www.cricketondns.com/post.cfm/dnssec-vs-dnscurve

OpenDNS adopts DNSCurve:
=> http://blog.opendns.com/2010/02/23/opendns-dnscurve/

Fix: Please use enclosed .shar file to replicate.

Patch attached with submission follows:
Comment 1 Martin Wilke freebsd_committer freebsd_triage 2011-01-28 05:06:42 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Martin Wilke freebsd_committer freebsd_triage 2011-02-12 09:32:31 UTC
State Changed
From-To: open->feedback

howdy this port dosen't respect PREFIX and LOCALBASE, please reread the 
porterhandbook and resend the patch to me. thx
Comment 3 Martin Wilke freebsd_committer freebsd_triage 2011-03-04 13:45:35 UTC
State Changed
From-To: feedback->open

found attachment in my mails
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2011-03-04 13:45:50 UTC
State Changed
From-To: open->closed

New port added, with minor changes. Thanks!