Ben, Thanks for the cogent comparison between the two security systems for DNS.
DNSCurve requires more CPU power on nameservers (for the more extensive crypto); DNSSEC requires more memory (for the additional DNSSEC payload).
This is only true for the initial (Elliptic Curve) Diffie-Hellman exchange An long-term secret key is computed, but I assume the lifetime is dependant on configuration or implementation. It seems DJB is not only advocating his elliptic curve crypto system, but also his own home-rolled symmetric crypto Salsa20, which is meant to be computationally cheaper than AES in conjunction w/ poly1035whatever for integrity/MAC. I'll assume the cipher used for the lasting secret keys is interchangeable. So after initial communication between two servers that can speak DNSCurve, future communication should be computationally cheaper by using long-term keys. - Naveen