Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3
4
2. CHALLENGES OF EXISTING DNS
❖ DNS system is fundamentally vulnerable
➢ The DNS packet is unencrypted.
➢ Distributed denial of service (DDoS) attack
➢ DNS cache poisoning.
➢ Man in the middle attack.
❖ Despite the fact that DNS servers are distributed all over the world, DNS is
also a centralized system in terms of administration and redundancy
➢ For example, the root zone is managed by IANA/ICANN, the former of which is administrated
by the US government.
5
3. SOLUTIONS
❖ Efforts to secure DNS are ongoing
➢ Domain name system security extensions (DNSSEC) which aims to address issues by
adding security to DNS protocol while maintaining backward compatibility.
➢ DNSSEC data are not encrypted and visible to everyone.
➢ Signing and verification of DNS data introduce additional overhead to the servers and network
➢ The complexity and difficulties of DNSSEC deployment also hinder the adoption.
❖ Tor is a secure and decentralized system, but its primary objective is to
achieve anonymity as opposed to decentralization
6
❖ DNS over HTTPS is a good alternative
❖ Blockchain is another recently emerged technology which could be a
promising solution to all the challenges DNS systems are facing.
7
4. DNS-Over-HTTPS(DOH)
❖ DNS-over-HTTPS, or DoH for short, is a protocol to resolve DNS requests via
the securely encrypted HTTPS protocol.
❖ Increase user privacy by preventing eavesdropping and increase security by
preventing manipulation of DNS data through a man-in-the-middle.
❖ With DNS-over-HTTPS, you send an encrypted HTTPS request to a DNS
server that supports DoH when you enter a domain name of website in your
browser.
❖ The HTTPS protocol is decrypted only at the DNS server where the DNS
request is processed and the reply is sent back encrypted again.
8
9
5. CHALLENGES OF DNS-over-HTTPS
❖ When you use DNS-over-HTTPS you are sending your data effectively to either Google
or Cloudflare.
❖ This is a huge step back from federated infrastructure to centralized
infrastructure.
❖ Lack of privacy.
❖ These big companies could record your DNS query history, match it with your other
personal data or sell the query history to third parties.
❖ Singlepoint of failure.
❖ This method does not ensure that the data we are receiving is correct.
10
6. BLOCKCHAIN
❖ What is Blockchain?
➢ A blockchain is essentially a distributed database of records, or public ledger of all
transactions or digital events that have been executed and shared among participating parties.
❖ Each block usually contains transaction data, a timestamp, and a hash, which
is a pointer to the previous block.
❖ Each transaction in the public ledger is verified by consensus of a majority of
the participants in the system.
➢ Proof-of-work (PoW) protocol is used widely, which depends on the mining process. However,
different consensus protocols such as proof of stake (PoS) are possible
❖ Once entered, information can never be erased.
11
7. DNS ON BLOCKCHAIN
❖ The core problem of DNS-over-HTTPS is the central organization and missing validation
of the data we receive.
❖ DNS on Blockchain enables decentralized PKI and decentralized DNS.
12
Centralised vs Decentralised DNS infrastructure
WORKING
❖ In decentralized DNS, the owner of a domain such as “youtube.com” stores his/her
cryptographic signatures on a public blockchain.
❖ This allows any Web browser, Smartphone App or IoT device to check the
corresponding blockchain entry and find the correct signature.
❖ This scheme allows the domain owner to self-sufficiently manage his domains, and
removes the need to contact a central organization to get a certificate.
❖ It further not only federates but completely decentralizes the serving of DNS requests,
because each blockchain server can now serve the DNS data.
13
14
DESIGN
❖ Zooko’s triangle
➢ Zooko Wilcox-O’Hearn proposed that there are three
properties that are generally desired to have in a
naming protocol.
■ Human-meaningful
■ Secure
■ Decentralized
15
❖ DNS SECURITY EXTENSION(DNSSEC) addresses the security issue on the
top of DNS, therefore it has two properties except decentralization.
❖ Tor naming system, which is secure and distributed, but the addresses are
not human-meaningful.
16
ADVANTAGES
17
➢ The DoS/DDoS cannot impact the name resolution either because all the lookups are
performed locally.
➢ Privacy protection
■ Traditional DNS/DNSSEC does not encrypt the data.
19
8. BLOCKCHAIN BASED DNS ALTERNATIVES
❖ Ethereum name service(ENS)
❖ Namecoin
❖ Blockstack
❖ Nebulous
➢ Nebulous builds uncompromising blockchain hardware and software infrastructure for the
Decentralized Internet.
➢ This platform uses IPFS or MaidSafe as a replacement for HTTP and utilizes the Ethereum
blockchain for DNS capabilities.
➢ It uses Sia, a decentralised cloud storage platform.
❖ Emercoin,EtherID etc
➢ focus on other aspects of a DNS system such as name squatting, pricing policies.
20
9. BLOCKSTACK
❖ Blockstack has three components
➢ A blockchain, implemented using virtualchains
➢ A peer network, called Atlas
➢ A decentralized storage system, called Gaia
❖ Blockstack is deployed in production and, to date, 72,000 new domains have
been registered on it
21
ARCHITECTURE
❖ Design Goals
➢ Decentralized Naming & Discovery
➢ Decentralized Storage
➢ Comparable Performance
22
BNS: Blockchain Name System
❖ Blockstack uses a decentralized replacement for DNS called BNS
❖ It's possible to have human-readable names that are unique without using
any centralized service adhering to Zooko’s Triangle
❖ In BNS, names are organized into namespaces, which are the functional
equivalent of top-level domains in DNS
➢ they define the costs and renewal rates of names
❖ In BNS the information for top-level domains (namespaces) is registered on a
root blockchain
❖ In BNS, the local BNS server fetches blockchain data from the respective
(decentralized) blockchain networks and keeps a local copy that is
continuously synced with the blockchain networks.
23
Fig. A recursive DNS query (top) and
an iterative BNS query.
24
CONCLUSION
❖ Blockchain technology is a candidate of great promise for the next generation
DNS system in that it inherently possesses the qualities of
censorship-resistance, security, and resilience.
❖ There are challenges to be solved, such as scalability and energy
consumption.
❖ Consensus protocols, such as PoS, require less resources, and these
protocols can be enhanced to reach acceptable security at lower cost.
25
REFERENCES
Karaarslan, E. and Adiguzel, E. (2018). Blockchain Based DNS and PKI Solutions. IEEE Communications
Standards Magazine, 2(3), pp.52-57.
Ganai, A. and Sheheryar, M. (2019). Decentralization of DNS using Blockchain A Survey. International
Journal of Computer Sciences and Engineering, 7(6), pp.1162-1168.
HU Wei-hong, AO Meng, SHI Lin, XIE Jia-gui, LIU Yang. (2017). Review of blockchain-based DNS
alternatives. Chinese Journal of Network and Information Security.
Peter Lai. (2019). Why DNS on blockchain is the next step after DNS over HTTPS, diode.io
Harry Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, Arvind Narayanan. An empirical study
of Namecoin and lessons for decentralized namespace design. Princeton University
Muneeb Ali, Ryan Shea, Jude Nelson, Michael J. Freedman. (2017). Blockstack: A New Decentralized
Internet. https://blockstack.org/. Whitepaper Version 1.0.1.
26
THANK YOU
27