Could a Blockchain replace DNS?

Mike Cartwright
Blockchain.City

--

I recently read an article about .ETH, an initiative outside the existing domain industry which is aimed at providing people with simple Ethereum addresses. The article also talked about district0x, who offer an intriguing platform on which a solution for purchasing these new addresses has been built. Following a number of good conversations recently about DNS and Blockchain it seems like a perfect time to capture my thoughts.

Through the adoption of the new Top Level Domains (TLD) such as .CITY, .LAW and .WORK there is a shift from the traditional .COM domains to what is called the ‘Descriptive Internet’. Instead of using Google or Bing to find something, you simply go to a logical and descriptive domain such Austin.City to find out what’s going on in Austin, or Austin.Law to find an accredited lawyer. While the transition will take time, I recognize the disproportionate power that is currently wielded by a handful of Search engines and support this reorganization of the internet into a more logical structure.

We are beginning to see the emergence of a new kind of domain that includes .ETH and .BIT. These are not part of the existing registration system, you can’t point your browser at .ETH, but they address the same fundamental need. DNS (Domain Name System) exists because as humans we find it much easier to remember names than numbers, after all google.com is easier to remember than 216.58.216.164. DNS simply associates information with domain names and has done so for over 25 years. Typically, your ISP provides you with access to a DNS Server and when your Laptop or mobile device needs to resolve a name it makes a call to DNS to obtain the IP Address. The TLDs (Top Level Domains) are managed by ICANN*. If you want to become a Registry then you can apply for a new TLD, pay the fee, and if approved you will receive the rights to sell domains on that TLD. The next opportunity will be in 2020 and thousands of applications are already planned.

Could a Blockchain replace DNS?

Technically, there is nothing to stop a Blockchain distributed ledger from recording the same names, information and IP Addresses for all internet based services that DNS records today. In fact, without a governing body like ICANN, anyone could propose a name with or without a TLD equivalent, and associate an IP Address with it. No two people would be able to own the same domain, and there is nothing to stop domain names being traded as they are today.

The DNS Database is huge, but we could create a distributed, encrypted and fragmented dataset over thousands of devices. The distributed nature of Blockchain would mean millions of copies all over the world, with a consensus mechanism that ensures we are each reading an accurate and uncompromised set of data. There have been a number of DNS based attacks in recent years, called ‘DNS Hijacking’, such as the attack on WikiLeaks last year, or the Brazilian bank who had all their entire online operation compromised. But we have to recognize that these attacks are not frequent, and much of their impact can be mitigated through good security practices such as checking SSL certificates, two factor authentication, and verifying memorable information.

For a new Blockchain DNS to operate successfully, every application on your device would need to stop using the established DNS and start to resolve addresses using the Blockchain DNS. This would represent a fundamental change to how every device navigates the internet today. Early adopters could leverage DNS Proxies to simulate DNS, or Browser Plugins, before applications move to native support. But we can’t get away from the fact that we still need to find sites like Google, Microsoft, Apple etc. - each of these companies would need to have an entry on the Blockchain DNS - or worse risk someone else using their name.

If the new Blockchain DNS could provide a guarantee that the domain belonged to a specific company e.g. Apple.com, if it leveraged Blockchain to provide additional security and integrity, and if it used distributed technology to provide performance and near real-time updates, there may be enough value to start a movement. Performance would be the biggest concern at this point in time.

What about technology from NameCoin and DomainToken?

Namecoin(NMC) describes itself as”..an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities”. They are the group behind .BIT, and developed open source software to register names and store associated values in a Blockchain. The software can be used to query the database and retrieve data. You must renew or update a name after a pre-defined number of blocks otherwise it expires. There are transaction fees, but no registration fees for renewals or updates. My research did result in evidence to demonstrate traction or adoption outside of the .BIT address registrations.

DomainToken exhibited at namescon and impressed me with their vision and technical capability. Their goal is not simply to disrupt DNS, but to create one verifiable digital address for the secure electronic routing of all communication. This concept of verifiable and permanent digital online identities is something that DigitalTown also subscribe to and support through our own SmartWallet initiative.

From DomainToken — “When someone claims a Domain Token, he or she gives it a “name.” That name is fused to that token and becomes “active.” … One could claim a Domain Token for “XYZ” after which anyone using the address “XYZ” will see their payment, email, web address, or whatever they were using it for, resolve to send to and ONLY to “XYZ.” Context is key. No misspelling traps. No worry about HTTPS since it is encrypted by default. No ability for someone to capture and reroute the information……rather than act as simply a more liquid secondary marketplace for domain names or affixing understandable names to Ethereum addresses like ENS, DOM is intended to bridge both worlds of domain name resolution. The reality is that the old DNS system is so ingrained in our processes and widespread user experience that to just proceed to create a new universe operating entirely on its own rules would severely hinder adoption by businesses and consumers. The goal of DomainToken is to bridge both worlds in a highly contextual protocol”

It’s not entirely clear at this point what the user experience looks like for DomainToken. The Team still need to address many of the issues I highlighted, specifically how to encourage adoption of this new technology without introducing friction to the user experience. Interestingly DomainToken have decided to move off Ethereum and develop their own technology.

Summary

The namescon event ended with an auction of Premium Domains where a mixture of investors tried to predict future demand and companies attempted to outbid them for a domain that would help to establish their brand identity. Demand remains strong. It goes without saying that domains with ‘Blockchain’ in their name were highly prized.

My conclusion is that moving DNS to a distributed Blockchain platform is technically possible, and from a security perspective I can see some value. The biggest challenge is not the technology but the adoption. If a hybrid solution were to be introduced into mainstream browsers, looking up an address on the Blockchain in parallel with DNS, then this could gradually take hold - but it would still require buy in from established organizations who I suspect at this point would see little in terms of return on their investment.

#Digitaltown #NameCoin #DomainToken #BlockchainDNS

*The top hierarchy of the Domain Name System is served by the root name servers maintained by delegation by the Internet Corporation for Assigned Names and Numbers (ICANN).

--

--

Mike Cartwright
Blockchain.City

CTO, Blockchain evangelist, technologist and problem solver.