There is a problem with how the Internet works today:
- HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks (example: Apple iMessages).
- Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN.
These problems arise out of two core Internet protocols: DNS and X.509.
DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.
It compares favorably to the alternatives, and provides the following features: ︎
DNSChain | X.509 PKI with or without Certificate Transparency | |
---|---|---|
MITM-proof'ed Internet connections | ✅ | ❌ |
Secure and simple GPG key distribution | ✅ | ❌ |
MITM-proof RESTful API to blockchain | ✅ | ❌ |
Free and actually-secure SSL certificates | ✅ | ❌ |
Stops many denial-of-service attacks | ✅ | ❌ |
Certificate revocation that actually works | ✅ | ❌ |
DNS-based censorship circumvention | ✅ | ❌ |
Prevents domain theft ("seizures") | ✅ | ❌ |
Access blockchain domains like .bit , .p2p , .nxt , .eth |
✅ | ❌ |
⭐ See Also: How DNSChain Compares To Other Approaches
- DNSChain replaces X.509 PKI with the blockchain
- MITM-proof authentication
- Simple and secure GPG key distribution
- Secure, MITM-proof RESTful API to blockchains
- Free SSL certificates become possible
- Prevents DDoS attacks
- Certificate revocation that actually works
- DNS-based censorship circumvention
- Other features: testing suite, rate-limiting, and caching
- Free public DNSChain servers
- Access blockchain domains like
okturtles.bit
- Registering blockchain domains and identities
- Encrypt communications end-to-end without relying on untrustworthy third-parties
- Unblock censored websites (coming soon!)
- And more!
- Requirements
- Getting Started
- Configuration
- Guide: Setting up a DNSChain server with Namecoin and PowerDNS
- Coming Soon: securing HTTPS websites with DNSChain.
- Securing Your Apps With DNSChain
- Contributing to DNSChain development
- Adding support for your favorite blockchain
- Running Tests
📺 Watch
- okTurtles + DNSChain Demo at SOUPS 2014 EFF CUP
- Blockchain University lecture on DNSChain (2h+, but you will know kung-fu afterward!)
- SF Bitcoin Meetup: Securing online communications with the blockchain
- SF Bitcoin Developers Meetup: Deep Dive into Namecoin and DNSChain
🔈 Listen
- P2P Connects Us Podcast on DNSChain
- Frontier Podcast on DNSChain, DNSCrypt, MITM attacks, & more
- Beyond Bitcoin Hangouts with Bitshares crew on DNSChain
- Katherine Albrecht's privacy-focused radio show
📄 Read
- Engadget: New web service prevents spies from easily intercepting your data
- Let's Talk Bitcoin: Security in Decentralized Domain Name Systems
- An intro to DNSChain: Low-trust access to definitive data sources
- How to setup a blockchain DNS server with DNSChain
- The Trouble with Certificate Transparency
- Introducing the dotDNS metaTLD
- DNSChain versus...
Have a link? Let us know!
Approximate chronological order.
- Greg Slepak (Original author and current maintainer)
- Simon Grondin (Unblock feature: DNS-based censorship circumvention)
- Matthieu Rakotojaona (DANE/TLSA contributions and misc. fixes)
- TJ Fontaine (For
native-dns
,native-dns-packet
modules and related projects) - Za Wilgustus (For pydnschain contributions)
- Cayman Nava (Ethereum support, api.icann.dns, and core developer)
- Vignesh Anand (Front-end + back-end for DNSChain admin interface)
- Mike Ward (Documentation)
- Dionysis Zindros (pydnschain work)
- Chara Podimata (pydnschain work)
- Konstantinos Lolos (pydnschain work)
- Anton Wilhelm (Support for Nxt cryptocurrency)
- Your name & link of choice here!
- Bugfix: Exception
ReferenceError
on invalid Namecoin query (Closes #137)
- New Features:
- Basic Openname Resolver RESTful API support!
- Built-in HTTPS server that can route multiple services over the same IP and port thanks to @SGrondin
- Automatically generates 4096-bit HTTPS key/certificate pair for you
- Redis caching for both DNS and HTTP requests thanks to @WeMeetAgain
- Traffic throttling for both DNS and HTTP requests thanks to @SGrondin
- Super simple to add any new blockchain to DNSChain thanks to major refactoring work by @WeMeetAgain
- NXT blockchain support thanks to @toenu23 (this means a
nxt.dns
metaTLD and.nxt
TLD resolution) - Query DNS records over HTTPS using either the new Openname API or
icann.dns
metaTLD! (by @WeMeetAgain) - Ability to specify configuration file path for any supported blockchain via the dnschain configuration (@WeMeetAgain, again!)
- RESTful API to fetch server fingerprint (Closes #44).
- Improvements:
- Complete overhaul, refactoring, and improvement of the entire code base
- Travic CI support
- Comprehensive testing suite with complete code coverage for all critical files (excludes some error handlers and datasources)
- Replaced a lot of callback code with Promises (still more to be done!)
- All DNSChain components/servers are started and shutdown asynchronously (using Promise based API)
- Precisely specified dependency versions to spare sysadmins any annoying surprises
- Added badges for NPM version, Travis build status, and Gitter to top of README
- All Namecoin data is now returned for HTTP(S) queries (
txid
,expires_in
, etc.)
- Documentation:
- Comparisons to TACK, HPKP, and Thin Clients
- Numerous miscellaneous improvements to documentation
- Updated Contributors list in README
- Added badges for NPM version, Travis build status, and Gitter chat to top of README
- This release includes the brand new documentation by @mdw and @taoeffect
- Fixes:
- Closed #111:
TypeError
on startup on CentOS machines - Closed #90 and #87: Exception on access to unknown metaTLD
- Closed #111:
Copyright (c) okTurtles Foundation. Licensed under MPL-2.0 license.