A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!


There is a problem with how the Internet works today:

  • HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks (example: Apple iMessages).
  • Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN.

These problems arise out of two core Internet protocols: DNS and X.509.

DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.

It compares favorably to the alternatives, and provides the following features: ︎

| | DNSChain | X.509 PKI with [Certificate Transparency][ct] | |--------------------------------------------------------------------------|--------------------|-----------------------------------------------| | __MITM-proof'ed [Internet connections][mitm]__ | :white_check_mark: | :x: | | __Secure and simple [GPG key distribution][gpg]__ | :white_check_mark: | :x: | | __MITM-proof RESTful [API to blockchain][api]__ | :white_check_mark: | :x: | | __Free and [actually-secure][free] SSL certificates__ | :white_check_mark: | :x: | | __Stops many [denial-of-service attacks][dos]__ | :white_check_mark: | :x: | | __Certificate revocation [that actually works][rev]__ | :white_check_mark: | :x: | | __DNS-based [censorship circumvention][cens]__ | :white_check_mark: | :x: | | __Prevents [domain theft][theft] ("seizures")__ | :white_check_mark: | :x: | | __Access blockchain [domains like `.bit`, `.p2p`, `.nxt`, `.eth`][use]__ | :white_check_mark: | :x: | | __Certificate transparency (publicly auditable log of certs)__ | :white_check_mark: | :white_check_mark: ([maybe][ct]) |

:star: See Also: Comparison and Security Model

:book: What is it?

  • DNSChain replaces X.509 PKI with the blockchain
  • MITM-proof authentication
  • Simple and secure GPG key distribution
  • Secure, MITM-proof RESTful API to blockchains
  • Free SSL certificates become possible
  • Prevents DDoS attacks
  • Certificate revocation that actually works
  • DNS-based censorship circumvention
  • Other features: testing suite, rate-limiting, and caching

:book: Using DNSChain

  • Free public DNSChain servers
  • Access blockchain domains like okturtles.bit
  • Registering blockchain domains and identities
  • Encrypt communications end-to-end without relying on untrustworthy third-parties
  • Unblock censored websites (coming soon!)
  • And more!

:book: Running your own DNSChain server

  • Requirements
  • Getting Started
  • Configuration
  • Guide: Setting up a DNSChain server with Namecoin and PowerDNS
  • Coming Soon: securing HTTPS websites with DNSChain.

:book: Developers

  • Securing Your Apps With DNSChain
  • Contributing to DNSChain development
  • Adding support for your favorite blockchain
  • Running Tests

:tv: Watch

:speaker: Listen

:page_facing_up: Read

Have a link? Let us know!

Approximate chronological order.

Blog post for 0.5 release.

  • New Features:
  • Improvements:
    • Bumped hiredis to 0.4.1 for latest iojs compat.
  • Improvements:
    • Includes tests for verifying NXT support
    • Added superagent for simpler HTTP requests
    • Moved dnsHandler into blockchain.coffee template class
    • Prevent favicon.ico requests from filling logs
    • Improved Comparisons.md documentation
    • Misc. code and logging improvements
  • Fixes:
    • #138: Nxt resolver not working
    • #140: Prevent non-json values in Namecoin from returning "Not found"
    • #141: Allow arbitrary namecoin keys, but enforce ICANN domain rules for for d/
    • #142 + #120: Make it less likely Travis will fail
:book: Older version notes

Copyright (c) okTurtles Foundation. Licensed under MPL-2.0 license.