[dns-operations] blockchain DNS

Paul Wouters paul at nohats.ca
Tue Jan 30 19:14:34 UTC 2018


On Sat, 27 Jan 2018, Mark Jeftovic wrote:

> A lot of people pined for a decentralized P2P DNS over the years, every

Not a lot of people, especially not compared to the amount of DNS
consumers. Really, just a few people that are just very loud in their
own bubble.

> time their was outrage at ICANN or Verisign, something I always said was
> impossible, until blockchain came along and I realized how wrong I'd been.

It is still impossible, for all the same reasons I wrote down in 2012:

https://nohats.ca/wordpress/blog/2012/04/09/you-cant-p2p-the-dns-and-have-it-too/

> But then when you sit down actually try to design your registry
> implementation you run into all these things you're talking about above.

You either have a group of people that can override the blockchain for
emergency things (tradarks, C&C takedown, etc) in which case you don't
need the blockchain since you are (dis)trusting this elite group with
superpowers anyway, or you introduce unmemorable names and private key
loss meaning domain loss.

> Governance is "non-trivial" and I think it's a mistake to think it can
> just be deferred to "layer 2" because nobody even knows what that looks
> like right now.

Programmers != lawyers

> Further, if there is "lookaside" capability on the part of resolvers
> than second level registrants can pin key DNS RRs there for further
> resilience.

You might as well let resolvers serve expired data, and skip the whole
blockchain alltogether, eg

https://tools.ietf.org/html/draft-tale-dnsop-serve-stale-00

> Both blockchain and DNS architectures are public,
> distributed and world-readable which is one of the reasons why I think
> they are complimentary (nevermind all these idiotic ideas one sees to
> shoehorn some legacy business case onto a blockchain and trot out some
> utility token in an ICO - i.e. "bananachain" - yes, it's a thing)

I don't see the difference between DNS and bananas in this use case,
other then your desire they be different.

> Then there's smart contracts - i.e. ethereum which in my mind opens the
> door to far more complex processing logic between a DNS query and a
> response to it.

Whatever that would be, it would not be DNS or what endusers consider
domain names.

Just because you can put it on a blockchain does not mean you should. No
one proved that better than http://ponzicoin.co

Paul



More information about the dns-operations mailing list