[dns-operations] blockchain DNS
mysidia at gmail.com
Tue Jan 30 23:12:53 UTC 2018
On Mon, Jan 29, 2018 at 12:46 PM, John R Levine <johnl at taugh.com> wrote:
> We now return you to the actual DNS, I hope.
As if we ever left the actual DNS in the first place.
There is that fundamental problem that could be solved by such an approach
but so far there's no quality design or reference implementation yet; it's
some person or group could theoretically put together some day, but it
would be a
much harder protocol design and software engineering challenge than
current DNS would have been....
The way I am viewing this is:
Namecoin/DNSChain are interesting experiments, but neither will ever be
DNS -- there's a difference between a key-value store that can handle 1
and one that can handle 800 billion keys with a change velocity of 1%+ of
per 24 hours --- and things on a single blockchain are globally
That doesn't mean blockchain can't be part of the solution, BUT you can't
take the simplest possible implementation.... fork Bitcoin or Litecoin,
a few tweaks to wedge in the data you want to track, and expect a
result given how VAST the DNS is.
This isn't the solution for the same reason the current DNS doesn't RSYNC
daily changes to .COM TLD servers' database to every end user's
the same lesson about why basic BTC will not handle microtransactions:
bandwidth is limited, it is necessary to control block sizes, and time
on a blockchain is thus a small finite resource. A single blockchain
would never be able to grow to a tenth the capacity necessary, before the
distributed network would freeze to a standstill due to scalability
Consider "uses a blockchain to accomplish X" --- as one aspect of a
system. You could equally ask "What about hash-table-based DNS, or
about Btree-based DNS?" So what..... the blockchain is just a way of
formulating or structuring data that you can use to achieve the byzantine
tolerance to resist malicious attacks within the design of a trustless
Experiments such as Namecoin are interesting, but let's see a
implementation --- specifically designed for DNS that learns the
software designers should learn from BTC, LTC, and PoS/PoSV-based systems;
to be viable it should consider the VAST number of domains and nameservers
internet, realistic frequencies of nameserver changes, And provide the
methods people need to protect their names (Such as
actions, AND capabilities to Delegated Limited authority to different
The DNS registry is not (or should not) be the content police force; they
>> may be targeted because the central entity appears a "responsible"
>> authority for the presence of a domain in the DNS: ...
> That horse left the barn decades ago. Here in the real world registries
> take down fraudulent and illegal names all the time. And I mean all the
> time, thousands or tens of thousands a day.
The registries do, but (1) That capability of destroying information
without consent is
one of the problems with the DNS that should get solved, and likely part
motivation behind some countries that are reportedly on the verge of
root and having their own national DNS roots or "backup" roots.
(2) That removal of "illegal" or undesired names or enforcement of other
policies is not at all
the purpose of DNS registries --- that is not why they have been chosen,
nor why resolvers
use the registries: they could cease this activity, and there would be
almost no complaints
from end users or resolver operators.
(3) Name removal has almost zero value: It can do almost no good, since
and illegal and unwanted typo-names are ubiquitous -- other means are
required to deal with this: by the time a DNS registry moves from report
it's very little and extremely late, And, so malware actions continue,
just biased towards new registrations and a larger number of domains that
took less than 60 seconds and less than $10 to register.
(4) Erroneous removal occurs and can cause great harm. Malicious and
complaints are sometimes made. There are reports of registrars getting it
and turning off resources that are ultimately neither fraudulent, nor
illegal, or on
abuses of minor scope unrelated to DNS and not authorized or aided by the
holder, where DNS resources never should have been suspended; this
results in loss of
access to resources, and can destroy the business operation of an impacted
Each removal of a legitimate name outweighs the combined benefit of
registry name removals of bogus or malicious names that ever happened.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations