curveprotect software (experimental)

DNSCurve type. TXT DNScurve -- The TXT format has the advantage of passing smoothly through existing firewalls that enforce format constraints on outgoing DNS packets. In this case is zone name served in TXT query and it's reducing confidentiality.

Root zone and arpa zone mirror -- It is synchronized daily from http://www.internic.net/domain/. It's eliminating unprotected DNS queries to root and arpa servers and reduces lookup delays. It has no extra configuration options. You can check last successful download or see downloaded data.

Setting DNSCurve anchor -- User is allowed to configure anchor with DNSCurve keys for various DNS subtrees: e.g., an anchor that specifies DNS servers and DNSCurve keys for mojzis.com, immunizing the mojzis.com and *.mojzis.com lookups against outages and forgeries of .com. It is strongly recommended for DNS zones where parent doesn't have DNSCurve support.

Setting DNS anchor -- It's similar to DNSCurve anchor, but uses unprotected DNS queries. In practice, can be used for local (non-public) DNS zones where DNS servers doesn't have DNSCurve support. Use with caution.

DNS zone mirror using AXFR download -- It's eliminating unprotected DNS queries to downloaded DNS zone, but the AXFR transfer itself is not protected against forgery. In practice, can be used for local (non-public) DNS zones where DNS servers doesn't have DNSCurve support, but does have AXFR transfer enabled. Use with caution.

DNS zone mirror using HTTP/HTTPCurve download -- User can download DNS zone using HTTP or HTTPCurve protocol and signed with crypto_sign_ed25519. For experimentation at this time.