openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File curvedns.8 of Package curvedns

.TH curvedns 8 2011-12-15

.SH NAME
curvedns \- A DNSCurve-capable forwarding DNS server

.SH SYNOPSIS
.B curvedns
.I listen-ips listen-port target-ip target-port

.SH DESCRIPTION
.B curvedns
acts as a forwarding DNS server sitting in front of an authoritative
nameserver. It handles DNSCurve encryption when requested by the client,
unwrapping requests and wrapping responses. Both unwrapped and unencrypted
requests are forwarded to the authoritative nameserver. Its responses are
forwarded to the client, with a proper encryption wrapper when requested.
.P
.B curvedns
requires four command line arguments when run:
.P
.I listen-ips
is a comma-separated list of IP addresses on which curvedns should listen.
.P
.I listen-port
is the port number on which it should listen for each of the given addresses.
.P
.I target-ip
and
.I target-port
specify where incoming requests should be forwarded, i. e. the IP address and
port number of the authoritative nameserver.
.P
.B curvedns
writes log messages to STDERR.

.SH "ENVIRONMENT VARIABLES"
.B curvedns
also expects a number of environment variables. One of
.BR CURVEDNS_PRIVATE_KEY *
is required.
.B UID
and
.B GID
are mandatory. The rest is optional.
.IP CURVEDNS_PRIVATE_KEY
the hexadecimal representation of the server’s private (secret) key.
.br
.B Putting the private key into an environment variable is not recommended!
.IP CURVEDNS_PRIVATE_KEY_FILE
the name of a file from which to read the hexadecimal representation of the
server's private key.
.IP CURVEDNS_PRIVATE_KEY_FD
the number of a file descriptor from which to read the hexadecimal
representation of the server's private key.
.IP UID
the user id of the user we are switching to when we have done all root
specific actions.
.IP GID
the group id of this same user.
.IP CURVEDNS_INTERNAL_TIMEOUT
number of seconds when to consider the target server has timeout (default:
1.2).
.IP CURVEDNS_UDP_TRIES
total number of tries towards the target server before we drop the query
(default: 2).
.IP CURVEDNS_TCP_NUMBER
number of simultaneous TCP connections that are allowed (default: 25).
.IP CURVEDNS_TCP_TIMEOUT
number of seconds before the TCP session to the client times out (default:
60.0).
.IP CURVEDNS_SHARED_SECRETS
number of shared secrets that can be cached (default: 5000).
.IP CURVEDNS_DEBUG
what information should be shown, i.e. the debug level. The number represents
the debug level;
.br
1: fatal
.br
2: error
.br
3: warning
.br
4: info
.br
5: debug
.br
Less means receiving less information from CurveDNS (default: 2).
.IP CURVEDNS_SOURCE_IP
the IP address CurveDNS will use as source IP address when it will forward the
query to the authoritative name server (default: let kernel pick).

.SH NOTES
Putting secret information like cryptographic private keys into a process'
environment is considered a security risk. The use of the
.B CURVEDNS_PRIVATE_KEY
environment variable is therefore strongly discouraged.

.SH AUTHORS
.B curvedns
was created by the CurveDNS Project.
.P
This man page was written by Peter Conrad <conrad@quisquis.de>.

.SH SEE ALSO
curvedns-keygen(8)
.br
http://curvedns.on2it.net/
.br
http://www.dnscurve.org/

Places

File curvedns.8 of Package curvedns

Places