Blockchain as an evolution of DNS
Blockchain as an evolution of DNS
My white whale is named
…
DDoS
Personal BHAG was to eliminate DNS as an attack vector for DDoS attacks
Recall that DNS is an inverted tree hierarchy:
Legacy DNS redundancy typically via:
Multiple nameservers
Anycast constellations
DDOS mitigation (scrubbing centers, in-line devices)
But our experience has been that what works best is out-of-band
redundancy (translation: Multiple unrelated DNS providers)
Blockchain is the ultimate redundancy
Early iteration (pre-ethereum) of this idea was to use Blockchain as a type of
“lookaside”, similar to DNSSEC DLVs before many TLDs were signed.
Then came early Blockchain naming proof-of-concepts:
Namecoin
NeoDNS (
https://rot256.io/post/neodns/
)
In which I thwap myself in the head
…
If you are anchoring RR’s directly into the blockchain, then you have to
attack the entire Blockchain to succeed in a DDoS
But wait, there’s more!
Other incentives to layering DNS on-chain.
1.
Smart Contracts mean programmable processing logic in DNS responses
(wherein we talk about “VRM” shortly).
2.
The EVM means everybody connecting to the Ethereum network has
ability to see non-IANA/ICANN namespaces
now.
Seeing .ETH before the next ICANN round.
Next ICANN TLD expansion round will start circa 2020-2021 at the
earliest.
We can expand visibility into .ETH (and whatever else) with or without
ICANN approval
Consensus can occur outside ICANN/IANA / legacy root
Monopoly on consensus may not be a good thing (ICANN)
The
last
TLD expansion was a Major Fscking Yawn (pardon my french)
“Get your name under
.CRAPOLA
before somebody else does!”
Organize yourself into some made-up vertical that we defined (.chiropractors!)
The map is not the territory
Blockchain enables VRM (a.k.a “The Intention Economy”)
Example use case: A “.markjr.eth” domain
(could even make this a “personal TLD” i.e
.markjr
)
.markjr.eth
contact.markjr.eth
-> NATPRs / SRV voip (ACLs), email (RPZs -> toll gateways, I
can set a cost to get an email to me if you aren’t in my contacts)
easydns.markjr.eth
-> $dayjob related RR’s
medical.markjr.eth
-> my medical records
crypto.markjr.eth
-> my public keys
Each with it’s own resolver governing who gets the data, when, why and for
how long and what it will cost
them
. (Similar concept to BAT but
outside
browser).
Why ENS can succeed where other
alternative naming initiatives have failed.
Browser plug-ins were required before it would work (i.e new.net)
Didn’t work for other lookups (MX, SRV, etc)
SOLVED
–
people already have visibility / access to EVM before they ever get here
Deploy resolvers via the EVM and everybody using Ethereum has access to the
expanded naming universe (or multiverse).
ENS serving as a blockchain based DNS root
Big enough blockchain to prevent DDoS attacks against the chain itself
Eventually, side chains off the root chain could be new equivalent to “TLDs”
Collatarized? (a la dash “master nodes”)
Each side chain competes with it’s own raison d’être and governance, i.e
GPS coordinates, RFID tags, IoT identifiers
A better mousetrap: A registry protocol for ccTLDs, even gTLDs (things like
multisig make transfers and continuity issues easier, better).
(Personal TLDs?)
Economic incentives and mechanics
Costs to put DNS RR’s into ENS (side chains could set their own rules)
Costs to change/update RR’s
Authoritative DNS loses chunk of relevance due to direct pinning of RRs
Resolvers still required
Authoritative DNS operators would still get some activity from those wishing
to economize on cost of non-critical DNS RR’s, but would likely drift toward
acting like registrars, custom contracts and miners maintaining the chain
itself.
Low hanging fruit: protocol and use-cases
New DNS RRTypes? (to reference blockchain resources from legacy DNS)
PMTA RRType:
Joint proposal between Verisign & Armoury
Works in conjunction with DANE
https://tools.ietf.org/html/draft-wiley-paymentassoc-00
“TOKPTR” RRType
–
a pointer to a crypto-currency address (or swarm, etc)
hot-new-ico.eth
IN TOKPTR 2 1 “0xEbE7CcC5A0D656AD3A153AFA3d543160B2E9EdFb”
DANE
–
D
NS-based,
A
uthentication of
N
amed
E
ntities
TLS (formerly known as SSL) without CA’s
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
This is not a replacement for legacy DNS
It sits on top (the fine layer-o-signal atop the fat wreck of noise)
It could attain near global visibility
Eventual integration into the legacy root (or not, it won’t really matter).
VRM - the small film of signal atop the
noise of the greater internet
Thank you for listening
I’ll stop talking now.
Mark E. Jeftovic
markjr@easydns.com
Blockchain's evolution as a redundancy solution for DNS, aiming to eliminate DDoS attacks by layering DNS on-chain, offering incentives like smart contracts for programmable processing logic in DNS responses. It explores the potential for expanding visibility into non-IANA/ICANN namespaces and addresses the next ICANN TLD expansion round, showcasing the possibilities and advantages presented by incorporating Blockchain technology.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
HomeButton.png Blockchain as an evolution of DNS Mark E. Jeftovic markjr@easydns.com (Legacy DNS guy. ICANN Registrar. Dinosaur.)
HomeButton.png My white whale is named DDoS Personal BHAG was to eliminate DNS as an attack vector for DDoS attacks Recall that DNS is an inverted tree hierarchy: Legacy DNS redundancy typically via: Multiple nameservers Anycast constellations DDOS mitigation (scrubbing centers, in-line devices) But our experience has been that what works best is out-of-band redundancy (translation: Multiple unrelated DNS providers)
HomeButton.png Blockchain is the ultimate redundancy Early iteration (pre-ethereum) of this idea was to use Blockchain as a type of lookaside , similar to DNSSEC DLVs before many TLDs were signed. Then came early Blockchain naming proof-of-concepts: Namecoin NeoDNS (https://rot256.io/post/neodns/ ) In which I thwap myself in the head If you are anchoring RR s directly into the blockchain, then you have to attack the entire Blockchain to succeed in a DDoS
HomeButton.png But wait, there s more!
HomeButton.png Other incentives to layering DNS on-chain. Smart Contracts mean programmable processing logic in DNS responses (wherein we talk about VRM shortly). 1. The EVM means everybody connecting to the Ethereum network has ability to see non-IANA/ICANN namespaces now. 2.
HomeButton.png Seeing .ETH before the next ICANN round. Next ICANN TLD expansion round will start circa 2020-2021 at the earliest. We can expand visibility into .ETH (and whatever else) with or without ICANN approval Consensus can occur outside ICANN/IANA / legacy root Monopoly on consensus may not be a good thing (ICANN) The last TLD expansion was a Major Fscking Yawn (pardon my french) Get your name under .CRAPOLA before somebody else does! Organize yourself into some made-up vertical that we defined (.chiropractors!) The map is not the territory
HomeButton.png Blockchain enables VRM (a.k.a The Intention Economy )
HomeButton.png Example use case: A .markjr.eth domain (could even make this a personal TLD i.e .markjr) .markjr.eth contact.markjr.eth -> NATPRs / SRV voip (ACLs), email (RPZs -> toll gateways, I can set a cost to get an email to me if you aren t in my contacts) easydns.markjr.eth -> $dayjob related RR s medical.markjr.eth -> my medical records crypto.markjr.eth -> my public keys Each with it s own resolver governing who gets the data, when, why and for how long and what it will cost them. (Similar concept to BAT but outside browser).
HomeButton.png Why ENS can succeed where other alternative naming initiatives have failed. Browser plug-ins were required before it would work (i.e new.net) Didn t work for other lookups (MX, SRV, etc) SOLVED people already have visibility / access to EVM before they ever get here Deploy resolvers via the EVM and everybody using Ethereum has access to the expanded naming universe (or multiverse).
HomeButton.png ENS serving as a blockchain based DNS root Big enough blockchain to prevent DDoS attacks against the chain itself Eventually, side chains off the root chain could be new equivalent to TLDs Collatarized? (a la dash master nodes ) Each side chain competes with it s own raison d tre and governance, i.e GPS coordinates, RFID tags, IoT identifiers A better mousetrap: A registry protocol for ccTLDs, even gTLDs (things like multisig make transfers and continuity issues easier, better). (Personal TLDs?)
HomeButton.png Economic incentives and mechanics Costs to put DNS RR s into ENS (side chains could set their own rules) Costs to change/update RR s Authoritative DNS loses chunk of relevance due to direct pinning of RRs Resolvers still required Authoritative DNS operators would still get some activity from those wishing to economize on cost of non-critical DNS RR s, but would likely drift toward acting like registrars, custom contracts and miners maintaining the chain itself.
HomeButton.png Low hanging fruit: protocol and use-cases New DNS RRTypes? (to reference blockchain resources from legacy DNS) PMTA RRType: Joint proposal between Verisign & Armoury Works in conjunction with DANE https://tools.ietf.org/html/draft-wiley-paymentassoc-00 TOKPTR RRType a pointer to a crypto-currency address (or swarm, etc) hot-new-ico.eth IN TOKPTR 2 1 0xEbE7CcC5A0D656AD3A153AFA3d543160B2E9EdFb DANE DNS-based, Authentication of Named Entities TLS (formerly known as SSL) without CA s https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
HomeButton.png This is not a replacement for legacy DNS It sits on top (the fine layer-o-signal atop the fat wreck of noise) It could attain near global visibility Eventual integration into the legacy root (or not, it won t really matter).
HomeButton.png VRM - the small film of signal atop the noise of the greater internet
HomeButton.png Thank you for listening I ll stop talking now. Mark E. Jeftovic markjr@easydns.com
