There is a problem with how the Internet works today:
- HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks (example: Apple iMessages).
- Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN.
DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.
It compares favorably to the alternatives, and provides the following features: ︎
|DNSChain||X.509 PKI with Certificate Transparency|
|MITM-proof'ed Internet connections|
|Secure and simple GPG key distribution|
|MITM-proof RESTful API to blockchain|
|Free and actually-secure SSL certificates|
|Stops many denial-of-service attacks|
|Certificate revocation that actually works|
|DNS-based censorship circumvention|
|Prevents domain theft ("seizures")|
|Access blockchain domains like
|Certificate transparency (publicly auditable log of certs)||(maybe)|
- DNSChain replaces X.509 PKI with the blockchain
- MITM-proof authentication
- Simple and secure GPG key distribution
- Secure, MITM-proof RESTful API to blockchains
- Free SSL certificates become possible
- Prevents DDoS attacks
- Certificate revocation that actually works
- DNS-based censorship circumvention
- Other features: testing suite, rate-limiting, and caching
- Free public DNSChain servers
- Access blockchain domains like
- Registering blockchain domains and identities
- Encrypt communications end-to-end without relying on untrustworthy third-parties
- Unblock censored websites (coming soon!)
- And more!
- Getting Started
- Guide: Setting up a DNSChain server with Namecoin and PowerDNS
- Coming Soon: securing HTTPS websites with DNSChain.
- Securing Your Apps With DNSChain
- Contributing to DNSChain development
- Adding support for your favorite blockchain
- Running Tests
- okTurtles + DNSChain Demo at SOUPS 2014 EFF CUP
- Blockchain University lecture on DNSChain (2h+, but you will know kung-fu afterward!)
- SF Bitcoin Meetup: Securing online communications with the blockchain
- SF Bitcoin Developers Meetup: Deep Dive into Namecoin and DNSChain
- P2P Connects Us Podcast on DNSChain
- Frontier Podcast on DNSChain, DNSCrypt, MITM attacks, & more
- Beyond Bitcoin Hangouts with Bitshares crew on DNSChain
- Katherine Albrecht's privacy-focused radio show
- Engadget: New web service prevents spies from easily intercepting your data
- Let's Talk Bitcoin: Security in Decentralized Domain Name Systems
- ProgrammableWeb: Can the blockchain replace
- An intro to DNSChain: Low-trust access to definitive data sources
- How to setup a blockchain DNS server with DNSChain
- The Trouble with Certificate Transparency
- Introducing the dotDNS metaTLD
- DNSChain versus...
Have a link? Let us know!
Approximate chronological order.
- Greg Slepak (Original author and current maintainer)
- Simon Grondin (Unblock feature: DNS-based censorship circumvention)
- Matthieu Rakotojaona (DANE/TLSA contributions and misc. fixes)
TJ Fontaine (For
native-dns-packetmodules and related projects)
- Za Wilgustus (For pydnschain contributions)
- Cayman Nava (Ethereum support, api.icann.dns, and core developer)
- Vignesh Anand (Front-end + back-end for DNSChain admin interface)
- Mike Ward (Documentation)
- Dionysis Zindros (pydnschain work)
- Chara Podimata (pydnschain work)
- Konstantinos Lolos (pydnschain work)
- Anton Wilhelm (Support for Nxt cryptocurrency)
- Tim Uy (Ubuntu tutorial)
- Your name & link of choice here!
0.5.2 - March 11, 2015
- Includes tests for verifying NXT support
superagentfor simpler HTTP requests
favicon.icorequests from filling logs
- Misc. code and logging improvements
- #138: Nxt resolver not working
- #140: Prevent non-json values in Namecoin from returning "Not found"
- #141: Allow arbitrary namecoin keys, but enforce ICANN domain rules for for
- #142 + #120: Make it less likely Travis will fail
Copyright (c) okTurtles Foundation. Licensed under MPL-2.0 license.