[dns-operations] blockchain DNS
Paul Wouters
paul at nohats.ca
Tue Jan 30 19:14:34 UTC 2018
On Sat, 27 Jan 2018, Mark Jeftovic wrote:
> A lot of people pined for a decentralized P2P DNS over the years, every
Not a lot of people, especially not compared to the amount of DNS
consumers. Really, just a few people that are just very loud in their
own bubble.
> time their was outrage at ICANN or Verisign, something I always said was
> impossible, until blockchain came along and I realized how wrong I'd been.
It is still impossible, for all the same reasons I wrote down in 2012:
https://nohats.ca/wordpress/blog/2012/04/09/you-cant-p2p-the-dns-and-have-it-too/
> But then when you sit down actually try to design your registry
> implementation you run into all these things you're talking about above.
You either have a group of people that can override the blockchain for
emergency things (tradarks, C&C takedown, etc) in which case you don't
need the blockchain since you are (dis)trusting this elite group with
superpowers anyway, or you introduce unmemorable names and private key
loss meaning domain loss.
> Governance is "non-trivial" and I think it's a mistake to think it can
> just be deferred to "layer 2" because nobody even knows what that looks
> like right now.
Programmers != lawyers
> Further, if there is "lookaside" capability on the part of resolvers
> than second level registrants can pin key DNS RRs there for further
> resilience.
You might as well let resolvers serve expired data, and skip the whole
blockchain alltogether, eg
https://tools.ietf.org/html/draft-tale-dnsop-serve-stale-00
> Both blockchain and DNS architectures are public,
> distributed and world-readable which is one of the reasons why I think
> they are complimentary (nevermind all these idiotic ideas one sees to
> shoehorn some legacy business case onto a blockchain and trot out some
> utility token in an ICO - i.e. "bananachain" - yes, it's a thing)
I don't see the difference between DNS and bananas in this use case,
other then your desire they be different.
> Then there's smart contracts - i.e. ethereum which in my mind opens the
> door to far more complex processing logic between a DNS query and a
> response to it.
Whatever that would be, it would not be DNS or what endusers consider
domain names.
Just because you can put it on a blockchain does not mean you should. No
one proved that better than http://ponzicoin.co
Paul
More information about the dns-operations
mailing list