Have a question? Want to advertise? Something else? Contact us: podcasts@btcmedia.org

From the Front Page

Categories: General, Columns

Intro to Decentralized DNS

Published on August 4th, 2014 by mdw

The Domain Name System (DNS) is the Internet version of a phone book that allows computers to look up an IP address, such as, from a given domain name, such as letstalkbitcoin.com. Today's Domain Name System sags under the heavy weight of political and technical problems. It has held fast for years, but worsening technical issues and growing concerns over governance seem implacable in a system designed under centralized control.

In a series of articles, we intend to examine the key issues more closely, and look at specific initiatives in the cryptocurrency space that are designed to alleviate the pain points and create new opportunities. We will be outlining some of the next generation DNS alternatives being built, and talk with some of the visionaries making it happen.

But first, it is important to identify what the most serious problems really are. Which ones are intrinsic problems that any distributed naming system will exhibit? And which ones are shortcomings of centralized systems, such as we currently have?

Freedom of Speech

In most parts of the world, speaking out against government censorship, corruption, or government policies is a risky proposition. By "speaking out," we refer to publicly voicing dissenting opinions, and publishing them on a website for the whole world to read.

In a world where thought leaders can keep a low physical profile, electronic censorship has become the de facto weapon of choice in the suppression of ideas and ideology. Mass access to dissenting voices, and the censorship thereof, both rely on the use of domain names.

Today domain names are routinely seized for various reasons. Sometimes people are indifferent, or even supportive of this - in the case of child pornography websites, for example. Sites filled with hate speech, and those promoting violence against ethnic, religious, racial, or other minorities, are routinely taken down via domain seizures. Registrars are only too happy to comply with governments in order to minimize citizens' exposure to the ugliness that is hatred and bigotry.

This is a slippery slope. It is not clear that the system benefits us all when censorship occurs because content is alleged to be in violation of copyright law or to be politically threatening. Is seizure of domain names justified when sites are being used to spread malware? Is revolutionary speech too destabilizing, and when can it safely be tolerated? The answer, of course, is highly subjective.


Over the years, the Internet Corporation for Assigned Names and Numbers (ICANN) has developed processes for making decisions that are highly inclusive of a range of stakeholders. Unfortunately the loudest voices get a disproportionate share of influence, and this has contributed to an erosion of privacy for domain registrants.

Information about the identity of the registrant of record for a given domain name is currently accessible via a mechanism called WHOIS. ICANN requires this information, and the penalty for non-compliance or falsification of the info can be domain seizure. This is very convenient for corporate holders of intellectual property rights, enabling them to identify and go after those who are perceived to be infringing on those rights.

There is a strong case to be made against requiring such disclosure from registrants. However, ICANN's Expert Working Group on WHOIS and Privacy recently published a report recommending the expansion of WHOIS in a way that further weakens privacy for individual registrants by requiring and exposing street address and phone number data.

Internet Security

Identity is at the heart of many online security challenges. "Who is that, and should I trust them?" is the most basic concern in many interchanges on today's Internet. Indeed, identity and reputation management are considered by some to be the Holy Grail of social interactions on the Internet.

As users interact with websites that offer services and information, each side tries to determine the likelihood that the other is sufficiently identified, and that the interaction will be conducted safely. A potpourri of technologies is employed to accomplish this today, which is another way to say that we struggle mightily.

Trust on the web today is primarily established using digital server certificates. The entity at the other end, with whom users interact, establishes a basis for trust by providing one of these. It will be signed by an even more trustworthy certificate authority. In case this is not yet evident, the system is fraught with peril and requires a lot of trust. The current system has proven over time to be untrustworthy.

Another area of concern is the control structure. Registry operators are the authorities for top-level domains like .com. Root servers are the lynchpins that contain the authoritative DNS data for resolving domain names. They are both prime targets for attack, as well as central points of failure. There are other central targets in the system as well, including ICANN itself, which guards a private key used to sign certificates for root servers.

Domain Thefts

Aside from the domain seizures that routinely occur, the risk of theft is always present in the current domain name system. The classic scenario is the compromising of a victim's registrar account along with an email account. The specifics could involve keystroke loggers, social engineering to access registrar accounts, registrar employee collusion, or plain old inadequate password management on the part of registrants or registrars.

No matter how it happens, when registrar accounts are compromised, the domain names are typically transferred to countries with less mature judicial systems, or less cooperative political leaders, leaving the victims with little or no recourse.

Assets secured on a blockchain work differently. Transferring control of assets involves presenting private keys. That is all. No management of passwords, hacking of servers, etc. The security of such an asset is completely up to the person controlling the private key.

More Problems?

There are other shortcomings to the current domain name system. But we have outlined enough here to give our readers a sense of where we can expect to see blockchain-based solutions making inroads.

Big changes are coming to the domain name system as we know it today. Our current system has been in place since the 1980s, and is ripe for change. In fact, people have been working on blockchain based remedies and replacements for this thirty-year-old system on which we have come to depend.

What will our global namespaces look like a few years from now? How similar will these systems compare to our current one? Stay tuned for ideas from a few key visionaries who seek to rework this aging system.

Views: 2,939


Make sure to make use of the "downvote" button for any spammy posts, and the "upvote" feature for interesting conversation. Be excellent.

comments powered by Disqus