Permalink
Fetching contributors…
Cannot retrieve contributors at this time
93 lines (56 sloc) 5.85 KB

How do I use DNSChain?

Table of Contents

Using DNSChain

Use DNSChain to securely access blockchain data over HTTPS and (eventually) DNS, over a Man-in-the-Middle Proof channel to the DNSChain server (or servers) you trust. Remember, if you don't have access to a trustworthy DNSChain server, you should query several of them and verify that their answers match.

Over HTTPS

For demo purposes, we run a public DNSChain server (but you should run your own so that you don't have to trust ours!).

You can query it using a RESTful API:

Query: What's the SSL fingerprint for server at api.dnschain.net?

Query: What is the GPG key for id/example in Namecoin?

Query: What is the IP address of example.bit?

This means you can immediately begin writing apps that query the blockchain over a MITM-proof channel.

❗️ To MITM-proof these queries, you must verify the TLS fingerprint of the DNSChain server!

Over DNS

Using a DNSChain server for DNS gives you access to blockchain TLDs like .bit. Unlike regular TLDs, access to blockchain TLDs can be done in a manner that is MITM-proof. This is the end-goal that the DNSChain project is building towards.

Try it out by changing your DNS to one of the public DNSChain servers. You should then be able to visit .bit domains.

Remember that the DNS server you use knows what websites you're visiting and can be used to MITM attack you, so either run your own server or use one that you trust.

Supported blockchains

Blockchain TLD Name used in RESTful API
Namecoin .bit namecoin
KeyID .p2p keyid
NXT .nxt nxt

Ethereum support is planned as .eth and ethereum.

Relevant Specifications

Free public DNSChain servers

DNSChain is meant to be run by individuals!

Yes, you can use a public DNSChain server, but it's far better to use your own because it gives you more privacy, makes you more resistant to censorship, and provides you with a stronger guarantee that the responses you get haven't been tampered with by a malicious server.

If you cannot run your own, you should do one or more of the following:

  • Use a server that you have good reason to trust (a close friend's).
  • Use multiple servers that are independently run and verify that the responses you get from them all match. The more servers you query, the more likely it is the answer is accurate. Note that this only applies to using the RESTful API, not DNS.

Here are some public servers. You can set your computer's DNS settings to one of these. Note that some of the servers must be used with DNSCrypt.

IP or DNSCrypt provider DNSCrypt Supported? Logs Location Owner Notes
192.184.93.146 (aka okturtles.org) N/A No Atlanta, GA @taoeffect
54.85.5.167 (aka name.thwg.org) N/A No USA id/wozz
2.dnscrypt-cert.okturtles.com Required Info No Atlanta, GA @taoeffect
2.dnscrypt-cert.soltysiak.com Required Info No Poznan, Poland @maciejsoltysiak IPv6 available

Tell us about yours by opening an issue (or any other means) and we'll list it here!

Responses can be sured over HTTPS by pinning SSL certificates, and over DNS by using DNSCrypt.

Registering blockchain domains and identities

📖 Registering blockchain domains and identities

You can register and use .bit domain names from Namecoin, and there are more blockchain based domains coming soon. Read about and secure your digital identity also, and access it using DNSChain.