Basic summary: DNSSEC adds new DNS records in order to provide end-to-end security; DNSCurve adds protocol level security instead, but does so in a far more cryptographically sound way.<p>Personally I'm not happy with either solution. Getting the cryptography right is important, but end-to-end security is also important -- the ideal outcome here would be if a new DNSSEC2 was created which used djb's curve25519 instead of RSA1024, but I don't think this is very likely to happen any time soon.