But most people will not deploy a local dns{sec|curve} cache daemon, and use their ISP/OpenDNS/Google DNS instead, and caching is possible at this level instead, isn't it?
If each client endpoint were using a dns cache for classic DNS, the increase in traffic would also be a "concern", no?
Neither DNSSEC or DNSCurve are interesting if they're securing just IP addresses. So we both need code on the client, to link into certificate validation stacks and the like.
The difference is, when DNSSEC has code on the client, it can still leverage the caching infrastructure. When DNSCurve has code on the client, it has to bypass it entirely.
If each client endpoint were using a dns cache for classic DNS, the increase in traffic would also be a "concern", no?