Table of Contents
- Using DNSChain
- Supported blockchains
- Free public DNSChain servers
- Registering blockchain domains and identities
Use DNSChain to securely access blockchain data over HTTPS and (eventually) DNS, over a Man-in-the-Middle Proof channel to the DNSChain server (or servers) you trust. Remember, if you don't have access to a trustworthy DNSChain server, you should query several of them and verify that their answers match.
Over HTTPS
For demo purposes, we run a public DNSChain server (but you should run your own so that you don't have to trust ours!).
You can query it using a RESTful API:
Query: What's the SSL fingerprint for server at api.dnschain.net?
Query: What is the GPG key for id/example in Namecoin?
Query: What is the IP address of example.bit?
This means you can immediately begin writing apps that query the blockchain over a MITM-proof channel.
| ❗ To MITM-proof these queries, you must verify the TLS fingerprint of the DNSChain server! |
|---|
Over DNS
Using a DNSChain server for DNS gives you access to blockchain TLDs like .bit. Unlike regular TLDs, access to blockchain TLDs can be done in a manner that is MITM-proof. This is the end-goal that the DNSChain project is building towards.
Try it out by changing your DNS to one of the public DNSChain servers. You should then be able to visit .bit domains.
Remember that the DNS server you use knows what websites you're visiting and can be used to MITM attack you, so either run your own server or use one that you trust.
| Blockchain | TLD | Name used in RESTful API |
|---|---|---|
| Namecoin | .bit |
namecoin |
| KeyID | .p2p |
keyid |
| NXT | .nxt |
nxt |
Ethereum support is planned as .eth and ethereum.
Relevant Specifications
- Namecoin: Specifying DNS data for domains
- Openname: Profile and RESTful resolver specifications
DNSChain is meant to be run by individuals!
Yes, you can use a public DNSChain server, but it's far better to use your own because it gives you more privacy, makes you more resistant to censorship, and provides you with a stronger guarantee that the responses you get haven't been tampered with by a malicious server.
If you cannot run your own, you should do one or more of the following:
- Use a server that you have good reason to trust (a close friend's).
- Use multiple servers that are independently run and verify that the responses you get from them all match. The more servers you query, the more likely it is the answer is accurate. Note that this only applies to using the RESTful API, not DNS.
Here are some public servers. You can set your computer's DNS settings to one of these. Note that some of the servers must be used with DNSCrypt.
| IP or DNSCrypt provider | DNSCrypt Supported? | Logs | Location | Owner | Notes |
|---|---|---|---|---|---|
| 192.184.93.146 (aka okturtles.org) | N/A | No | Atlanta, GA | @taoeffect | |
| 54.85.5.167 (aka name.thwg.org) | N/A | No | USA | id/wozz | |
| 2.dnscrypt-cert.okturtles.com | Required Info | No | Atlanta, GA | @taoeffect | |
| 2.dnscrypt-cert.soltysiak.com | Required Info | No | Poznan, Poland | @maciejsoltysiak | IPv6 available |
Tell us about yours by opening an issue (or any other means) and we'll list it here!
Responses can be sured over HTTPS by pinning SSL certificates, and over DNS by using DNSCrypt.
📖 Registering blockchain domains and identities
You can register and use .bit domain names from Namecoin, and there are more blockchain based domains coming soon. Read about and secure your digital identity also, and access it using DNSChain.