Blockchain as the basis for DNS?

11.07.2017

There is increasing talk of Blockchain as a possible alternative for the current Domain Name System, to counter censure and cache poisoning.  But what is blockchain and can it really replace DNS?

What is blockchain?

Put simply, blockchain is a ledger in which transactions of all sorts are noted. In concrete terms, it is a non-centrally managed (‘distributed’) database, where each record, called a block, contains a time stamp and link to a previous block. This means that once recorded, the data cannot be altered retroactively without the alteration of all subsequent blocks, which could lead to changing all subsequent blocks, which would lead to a collapse of the network.

It is therefore a database where reliability is guaranteed without one authority or another having to ensure the accuracy of the data (trustless). The blockchain concept has served, inter alia, as the basis for the cryptocurrency  Bitcoin, which really appeals to the imagination. But blockchain can be used for many other applications, such as keeping patient files up to date.

How could blockchain improve DNS?

The Domain Name System (DNS) is a protocol that dates from the 1980s, but its core function is still unique and important, namely to link a domain name or URL (www.example.com) to metadata such as the IP address or the Sender Policy Framework, which makes e-mail spoofing difficult.

DNS is hierarchically structured. When you enter a certain domain name (www.example.guru) in your browser, the resolver of your provider will consult one of the DNS root servers first. It replies:  “I do not have guru, try X,” and then provides a list with name servers for ‘guru’. The resolver will then ask them the same question, until one of them replies that it has ‘example.guru’, and will refer the request to the right server.

There is a danger in the current DNS system, however. The government of a certain country may for instance require all Internet Service Providers in that country to cease redirecting certain domain names to the relevant IP address, as it happened in 2014, for instance, when in the IPSs in Turkey were ordered not to resolve Twitter.com any more.

A Domain Name Service based on blockchain would work with a decentralised ledger however. This could counter censure by local authorities.  Furthermore, so-called ‘cache poisoning‘ or DNS spoofing could be avoided, where corrupt DNS data are entered in the DNS resolver, so that the name server shows a wrong IP address.

Blockchain: a reality check

Various initiatives were launched recently to work out a blockchain-based DNS system, such as Ethereum Name Service, Namecoin, Blockstack. Experiments are under way to shed light on the advantages but also the disadvantages of the blockchain systems.

The vulnerability of the ‘parent’ zone remains, therefore. Unless the DNS root zones are also switched over to the blockchain, the user is always dependent on the DNS records in the parent zone, which is usually embedded locally.

What the experiments do show is that blockchain is a good way to distribute name data to the server.  Blockchain is peer-to-peer, and requires no central servers that can be closed by local authorities or disasters.

Furthermore, blockchain guarantees the availability of the Domain Name Servers, which is not the case with conventional DNS. Domain Name Servers are increasingly becoming the target of hackers.  When they are undermined, the websites to which they have to refer are simply not accessible any more!

That was painfully proven by the DDoS attack on DYN. In October 2016, this domain name service was paralysed after a massive DDoS attack. Many major websites, which called on the services, such as Twitter, Github, AirBnB, Reddit, etc., became inaccessible as a result.  A blockchain-based DNS with its peer-to-peer, distributed database would be far more difficult to undermine.

This is one interesting development that DNS Belgium follows closely. Read more about the possibilities of blockchain in the following articles:

 

ICANN

The Internet Corporation for Assigned Names and Numbers, a non-profit organisation that is responsible worldwide for managing domain names.

server

A computer program or hardware device that provides services to other computer programs or users.

cache

Is a place where data is stored temporarily. 

Name server

server translating a domain name into an IP address. If you insert a domain name (ex. dnsbelgium.be) in your browser for the first time, your computer will ask the name server, linked to the webpage you search, to which IP address he has to navigate.

Browser

program that makes it possible to access and read web pages. Internet Explorer, Google Chrome, Mozilla Firefox and Safari are some well-known browsers.

Spoofing

the stealing of a computer’s identity. By making some technical adjustments, a computer is able to intercept all traffic from and to another computer. In this way the computer 'in the middle' is able to "eavesdrop on" the communication between two computers.

DNS

Domain Name System or Domain Name Server. The global DNS is the system and protocol used on the internet to translate domain names into IP addresses and vice versa. 
Internet business