A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!
There is a problem with how the Internet works today:
- HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks (example: Apple iMessages).
- Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN.
DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.
It compares favorably to the alternatives, and provides the following features: ︎| | DNSChain | X.509 PKI [with or without Certificate Transparency][ct] | |--------------------------------------------------------------------------|--------------------|----------------------------------------------------------| | __MITM-proof'ed [Internet connections][mitm]__ | :white_check_mark: | :x: | | __Secure and simple [GPG key distribution][gpg]__ | :white_check_mark: | :x: | | __MITM-proof RESTful [API to blockchain][api]__ | :white_check_mark: | :x: | | __Free and [actually-secure][free] SSL certificates__ | :white_check_mark: | :x: | | __Stops many [denial-of-service attacks][dos]__ | :white_check_mark: | :x: | | __Certificate revocation [that actually works][rev]__ | :white_check_mark: | :x: | | __DNS-based [censorship circumvention][cens]__ | :white_check_mark: | :x: | | __Prevents [domain theft][theft] ("seizures")__ | :white_check_mark: | :x: | | __Access blockchain [domains like `.bit`, `.p2p`, `.nxt`, `.eth`][use]__ | :white_check_mark: | :x: |
:star: See Also: How DNSChain Compares To Other Approaches
- DNSChain replaces X.509 PKI with the blockchain
- MITM-proof authentication
- Simple and secure GPG key distribution
- Secure, MITM-proof RESTful API to blockchains
- Free SSL certificates become possible
- Prevents DDoS attacks
- Certificate revocation that actually works
- DNS-based censorship circumvention
- Other features: testing suite, rate-limiting, and caching
- Free public DNSChain servers
- Access blockchain domains like
- Registering blockchain domains and identities
- Encrypt communications end-to-end without relying on untrustworthy third-parties
- Unblock censored websites (coming soon!)
- And more!
- Getting Started
- Guide: Setting up a DNSChain server with Namecoin and PowerDNS
- Coming Soon: securing HTTPS websites with DNSChain.
- Securing Your Apps With DNSChain
- Contributing to DNSChain development
- Adding support for your favorite blockchain
- Running Tests
- okTurtles + DNSChain Demo at SOUPS 2014 EFF CUP
- Blockchain University lecture on DNSChain (2h+, but you will know kung-fu afterward!)
- SF Bitcoin Meetup: Securing online communications with the blockchain
- SF Bitcoin Developers Meetup: Deep Dive into Namecoin and DNSChain
- P2P Connects Us Podcast on DNSChain
- Frontier Podcast on DNSChain, DNSCrypt, MITM attacks, & more
- Beyond Bitcoin Hangouts with Bitshares crew on DNSChain
- Katherine Albrecht's privacy-focused radio show
- Engadget: New web service prevents spies from easily intercepting your data
- Let's Talk Bitcoin: Security in Decentralized Domain Name Systems
- An intro to DNSChain: Low-trust access to definitive data sources
- How to setup a blockchain DNS server with DNSChain
- The Trouble with Certificate Transparency
- Introducing the dotDNS metaTLD
- DNSChain versus...
Have a link? Let us know!
Approximate chronological order.
- Greg Slepak (Original author and current maintainer)
- Simon Grondin (Unblock feature: DNS-based censorship circumvention)
- Matthieu Rakotojaona (DANE/TLSA contributions and misc. fixes)
- TJ Fontaine (For
native-dns-packetmodules and related projects)
- Za Wilgustus (For pydnschain contributions)
- Cayman Nava (Ethereum support, api.icann.dns, and core developer)
- Vignesh Anand (Front-end + back-end for DNSChain admin interface)
- Mike Ward (Documentation)
- Dionysis Zindros (pydnschain work)
- Chara Podimata (pydnschain work)
- Konstantinos Lolos (pydnschain work)
- Anton Wilhelm (Support for Nxt cryptocurrency)
- Your name & link of choice here!
- Includes tests for verifying NXT support
superagentfor simpler HTTP requests
favicon.icorequests from filling logs
- Misc. code and logging improvements
- #140: Prevent non-json values in Namecoin from returning "Not found"
- #141: Allow arbitrary namecoin keys, but enforce ICANN domain rules for for
- #142 + #120: Make it less likely Travis will fail
Copyright (c) okTurtles Foundation. Licensed under MPL-2.0 license.