DNS using Blockchain

Guided by: Milind Soorya S

Prof. Balagopal N S7 CSE
NSSCE Palakkad Roll no : 36
OUTLINE
❖ Introduction to DNS
➢ DNS
➢ Challenges
➢ Solutions
❖ DNS-over-HTTPS
➢ Challenges of DNS-over-HTTPS
❖ Blockchain
❖ DNS-on-Blockchain
➢ Working
➢ Design
➢ Advantages
➢ Challenges
❖ Blockchain-based DNS alternatives
➢ Blockstack
2
1. INTRODUCTION
❖ What is DNS?
➢ The Domain Name System is a hierarchical and federated naming system for computers,
services, or other resources connected to the Internet or a private network.
❖ With DNS server, we don’t have to memorize IP address to connect to a
website.
➢ When you enter a domain name of website in your browser, you automatically send a request
to DNS server.
➢ DNS server lookup the domain and returns IP address so your browser knows where to
connect to.

3
4
2. CHALLENGES OF EXISTING DNS
❖ DNS system is fundamentally vulnerable
➢ The DNS packet is unencrypted.
➢ Distributed denial of service (DDoS) attack
➢ DNS cache poisoning.
➢ Man in the middle attack.
❖ Despite the fact that DNS servers are distributed all over the world, DNS is
also a centralized system in terms of administration and redundancy
➢ For example, the root zone is managed by IANA/ICANN, the former of which is administrated
by the US government.

5
3. SOLUTIONS
❖ Efforts to secure DNS are ongoing
➢ Domain name system security extensions (DNSSEC) which aims to address issues by
adding security to DNS protocol while maintaining backward compatibility.
➢ DNSSEC data are not encrypted and visible to everyone.
➢ Signing and verification of DNS data introduce additional overhead to the servers and network
➢ The complexity and difficulties of DNSSEC deployment also hinder the adoption.
❖ Tor is a secure and decentralized system, but its primary objective is to
achieve anonymity as opposed to decentralization

6
❖ DNS over HTTPS is a good alternative
❖ Blockchain is another recently emerged technology which could be a
promising solution to all the challenges DNS systems are facing.

7
4. DNS-Over-HTTPS(DOH)
❖ DNS-over-HTTPS, or DoH for short, is a protocol to resolve DNS requests via
the securely encrypted HTTPS protocol.
❖ Increase user privacy by preventing eavesdropping and increase security by
preventing manipulation of DNS data through a man-in-the-middle.
❖ With DNS-over-HTTPS, you send an encrypted HTTPS request to a DNS
server that supports DoH when you enter a domain name of website in your
browser.
❖ The HTTPS protocol is decrypted only at the DNS server where the DNS
request is processed and the reply is sent back encrypted again.

8
9
5. CHALLENGES OF DNS-over-HTTPS
❖ When you use DNS-over-HTTPS you are sending your data effectively to either Google
or Cloudflare.
❖ This is a huge step back from federated infrastructure to centralized
infrastructure.
❖ Lack of privacy.
❖ These big companies could record your DNS query history, match it with your other
personal data or sell the query history to third parties.
❖ Singlepoint of failure.
❖ This method does not ensure that the data we are receiving is correct.

10
6. BLOCKCHAIN
❖ What is Blockchain?
➢ A blockchain is essentially a distributed database of records, or public ledger of all
transactions or digital events that have been executed and shared among participating parties.
❖ Each block usually contains transaction data, a timestamp, and a hash, which
is a pointer to the previous block.
❖ Each transaction in the public ledger is verified by consensus of a majority of
the participants in the system.
➢ Proof-of-work (PoW) protocol is used widely, which depends on the mining process. However,
different consensus protocols such as proof of stake (PoS) are possible
❖ Once entered, information can never be erased.

11
7. DNS ON BLOCKCHAIN
❖ The core problem of DNS-over-HTTPS is the central organization and missing validation
of the data we receive.
❖ DNS on Blockchain enables decentralized PKI and decentralized DNS.

12
Centralised vs Decentralised DNS infrastructure
WORKING
❖ In decentralized DNS, the owner of a domain such as “youtube.com” stores his/her
cryptographic signatures on a public blockchain.
❖ This allows any Web browser, Smartphone App or IoT device to check the
corresponding blockchain entry and find the correct signature.
❖ This scheme allows the domain owner to self-sufficiently manage his domains, and
removes the need to contact a central organization to get a certificate.
❖ It further not only federates but completely decentralizes the serving of DNS requests,
because each blockchain server can now serve the DNS data.

13
14
DESIGN
❖ Zooko’s triangle
➢ Zooko Wilcox-O’Hearn proposed that there are three
properties that are generally desired to have in a
naming protocol.
■ Human-meaningful
■ Secure
■ Decentralized

15
❖ DNS SECURITY EXTENSION(DNSSEC) addresses the security issue on the
top of DNS, therefore it has two properties except decentralization.
❖ Tor naming system, which is secure and distributed, but the addresses are
not human-meaningful.

16
ADVANTAGES

❖ Blockchain-based DNS systems have all the three properties.

➢ They inherit most merits of decentralization as the underlying blockchain is natively
decentralized.
➢ There are no authorities in blockchain-based DNS.
➢ All the nodes are equal to each other. Only owners can make changes to existing records with
their private key.
❖ With respect to security, blockchain-based DNS has obvious advantages as
well
➢ The man-in-the-middle attacks present in traditional DNS no longer exist in blockchain-based
DNS.

17
➢ The DoS/DDoS cannot impact the name resolution either because all the lookups are
performed locally.
➢ Privacy protection
■ Traditional DNS/DNSSEC does not encrypt the data.

DNS/CA challenges and security solutions

18
CHALLENGES
❖ 51% attack
➢ When the computing power of a single pool approximates 50% of the entire computing power
on the network the pool has the capacity to sabotage security and trust foundation of the
system even if it intends not to do so.
❖ Performance
➢ The current Bitcoin protocol limits the generation rate of new blocks at 1 block per ten minutes,
which means the system can only accept up to 7 transactions per second
❖ Last mile problem
➢ As of Oct. 2019, the blockchain size of Bitcoin is 244 GB.
➢ Therefore, storing and maintaining massive blockchain data at every node might not be viable.

19
8. BLOCKCHAIN BASED DNS ALTERNATIVES
❖ Ethereum name service(ENS)
❖ Namecoin
❖ Blockstack
❖ Nebulous
➢ Nebulous builds uncompromising blockchain hardware and software infrastructure for the
Decentralized Internet.
➢ This platform uses IPFS or MaidSafe as a replacement for HTTP and utilizes the Ethereum
blockchain for DNS capabilities.
➢ It uses Sia, a decentralised cloud storage platform.
❖ Emercoin,EtherID etc
➢ focus on other aspects of a DNS system such as name squatting, pricing policies.

20
9. BLOCKSTACK
❖ Blockstack has three components
➢ A blockchain, implemented using virtualchains
➢ A peer network, called Atlas
➢ A decentralized storage system, called Gaia
❖ Blockstack is deployed in production and, to date, 72,000 new domains have
been registered on it

21
ARCHITECTURE
❖ Design Goals
➢ Decentralized Naming & Discovery
➢ Decentralized Storage
➢ Comparable Performance

❖ Blockstack’s architecture has three layers

➢ The blockchain layer in the control
plane
➢ The peer network in the data plane.
➢ The peer network avoids the need for
system to adopt any particular
storage service from the onset, and Overview of the Blockstack architecture
instead allows multiple storage
providers to coexist, including both
cloud storage and P2P systems.
➢ And data-storage in the data plane

22
BNS: Blockchain Name System
❖ Blockstack uses a decentralized replacement for DNS called BNS
❖ It's possible to have human-readable names that are unique without using
any centralized service adhering to Zooko’s Triangle
❖ In BNS, names are organized into namespaces, which are the functional
equivalent of top-level domains in DNS
➢ they define the costs and renewal rates of names
❖ In BNS the information for top-level domains (namespaces) is registered on a
root blockchain
❖ In BNS, the local BNS server fetches blockchain data from the respective
(decentralized) blockchain networks and keeps a local copy that is
continuously synced with the blockchain networks.
23
Fig. A recursive DNS query (top) and
an iterative BNS query.

24
CONCLUSION
❖ Blockchain technology is a candidate of great promise for the next generation
DNS system in that it inherently possesses the qualities of
censorship-resistance, security, and resilience.
❖ There are challenges to be solved, such as scalability and energy
consumption.
❖ Consensus protocols, such as PoS, require less resources, and these
protocols can be enhanced to reach acceptable security at lower cost.

25
REFERENCES
Karaarslan, E. and Adiguzel, E. (2018). Blockchain Based DNS and PKI Solutions. IEEE Communications
Standards Magazine, 2(3), pp.52-57.

Ganai, A. and Sheheryar, M. (2019). Decentralization of DNS using Blockchain A Survey. International
Journal of Computer Sciences and Engineering, 7(6), pp.1162-1168.

HU Wei-hong, AO Meng, SHI Lin, XIE Jia-gui, LIU Yang. (2017). Review of blockchain-based DNS
alternatives. Chinese Journal of Network and Information Security.

Peter Lai. (2019). Why DNS on blockchain is the next step after DNS over HTTPS, diode.io

Harry Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, Arvind Narayanan. An empirical study
of Namecoin and lessons for decentralized namespace design. Princeton University

Muneeb Ali, Ryan Shea, Jude Nelson, Michael J. Freedman. (2017). Blockstack: A New Decentralized
Internet. https://blockstack.org/. Whitepaper Version 1.0.1.
26
THANK YOU

27