A Comparison of Blockchain-based Decentralized DNS Solutions
Previously, we looked at centralization in DNS and some democratic DNS alternatives. Coming up with a decentralized DNS solution is much easier to do technically but much harder convincing everybody to adopt it. Many such still unadopted (fostered?) DNS projects are based on blockchain technology. Many cryptocurrency "coins" have implemented a DNS resolving feature, some existing solely for that purpose. There are also companies that merely want to tie themselves to the word "blockchain", or otherwise not actually running a blockchain. We'll look at the intersection of blockchain and DNS today.
Zooko's Triangle
Zooko's triangle is a trilemma (think: good, fast, cheap - pick two) which posits that out of three properties of a naming protocol, the protocol can only satisfy two. From Wikipedia:
- Human-meaningful: Meaningful and memorable (low-entropy) names are provided to the users.
- Secure: The amount of damage a malicious entity can inflict on the system should be as low as possible.
- Decentralized: Names correctly resolve to their respective entities without the use of a central authority or service.
All domain names need to be "human-meaningful", at least as memorable as phone numbers once were. DNS is somewhat decentralized but not completely so and, as I've argued, not sufficiently decentralized. And DNS is insecure at every point of centralization.
It was previously thought that a truly decentralized DNS could never exist. Blockchains are generally regarded as secure and by design are decentralized (unless a centralizing concensus algorithm is used instead). But blockchains don't have human-meaningful properties (there are many types of bitcoin addresses, all long and unmemorable strings). But blockchains are able to serve as a canonical and single source of truth about important records, such as valuable names. Can blockchains "square the triangle"?
Namecoin / .bit
Blockchain DNS has existed since Namecoin (NMC) in 2011 although the idea was described by activist Aaron Swartz, who gets credit for solving Zooko's Triangle, and for whom the smallest unit of Namecoins is named (called the swartz, akin to Bitcoin satoshis) before Namecoin's launch. Namecoin was a fork of Bitcoin, both the node software and the blockchain. It implemented merged mining so that miners would be attracted to mine both chains simultaneously instead of only focusing on one and getting rewards that one while ignoring the worthless chain as markets would determine.
Namecoin creates a new .bit namespace (TLD) that exists alongside mainstream ICANN DNS (no collisions). DNS records exist as immutable change records on the blockchain, so anyone can reconstruct current state by finding all the sequencial records up to the latest. The .bit namespace used to peer with OpenNIC but the two networks no longer peer. It's possible to record other types of name/value pairs other than DNS on Namecoin (one can imagine using it for naming crypto wallet addresses).
Namecoin has a reputation problem and suffers from low adoption with a further blow with OpenNIC de-peering from them.
Emercoin / .emc
Emercoin (EMC) is another blockchain that implements DNS and decentralized general name/value pair registration. Emercoin started as a fork of Peercoin which then copied Namecoin's DNS idea. The TLDs or namespaces that EmerDNS added are:
- .coin
- .emc
- .lib
- .bazar
OpenNIC does peer with Emercoin so you can resolve the above four TLDs via OpenNIC DNS servers. OpenNIC only provides peering, so you still need to register or manage the domain names via Emercoin's systems for transacting on their blockchain.
I don't think anybody uses Emercoin in practice.
There exists a Chrome extension to resolve .bit, .emc, .coin (Namecoin and Emercoin TLDs), as well as OpenNIC domains, but the extension is dead.
NEM / .nem
NEM apparently has their own DNS for the .nem TLD. It's not clear to me how it would be useful or advantageous to anyone not in the NEM ecosystem already. Moreover, NEM is arguably a centralized blockchain. You'll need a Chrome extension to use it for .nem websites and doesn't seem to resolve to wallet addresses. There is no peering agreement with OpenNIC.
NEM is a general purpose, older blockchain, which is searching for ways to stay relevant today, although the DNS feature is probably not one of them. It is safe to say that DNS on NEM is not a serious contender to ICANN.
.crypto
"Unstoppable Domains" is another DNS service run by a company that allows customers to pay for domain names which can resolve to both websites (by IP address) and crypto wallet addresses (these are the two main naming use cases for various blockchain name systems). The company offers .crypto names which are actually ERC-721 tokens stored on the Ethereum blockchain, rather than using their own blockchain like the others above. Ethereum also has a naming service called Ethereum Name Service, which can't be used to replace DNS so I will leave it for another article.
The company, Unstoppable Domains Inc., acts like a commercial registrar for the .crypto TLD (not part of ICANN). They do allow payment in crypto but do so no differently from any company accepting crypto as payment. Besides .crypto, they've also partnered with Zilliqa (which also brings up the issue of how centralized Zilliqa must be to be able to officially partner with another company) to offer .zil domains.
Tim Draper / Draper Associates (Draper microsite via IPFS gateway) is an investor in the company.
They don't seem to peer with OpenNIC and so you'll need to download software from Unstoppable Domains (a Chromium fork or a Chrome extension) to work with .crypto domains. Or, it should also work inside Opera on Android which now has a crypto wallet. Let's see if one of the two use cases (website domain names or wallet addresses) can get traction.
.kred
.kred is an actual ICANN TLD so you don't need to see an alternative DNS server to visit a .kred site. However, it also uses Ethereum Name Service (ENS) and so you can use one .kred domain to resolve to an IP of a website as well as to a crypto (e.g. Ethereum) wallet address. The use case is to give a payer an easy to remember name to use to send you money. Popular wallets like Metamask support it. Domains start from $29 a year though. The registrar does accept ETH. But it is an actual ICANN registrar and part of the mainstream centralized DNS system. There's no technical reason a .kred domain is better than any other. This is not the decentralized DNS you are looking for and it doesn't matter to us if anybody or nobody uses it.
Blockstack
"Blockstack is an open-source and developer-friendly network for
building decentralized apps and smart contracts."
Blockstack isn't a blockchain but rather a library or developer SDK for building blockchain applications. Within their library (stack) is a component called Blockstack Naming Service (BNS).
BNS is like DNS but uses a blockchain (Blockstack can work with Bitcoin and other blockchains). BNS has TLDs but calls them namespaces and these include things like .id and .podcast. Unlike DNS, a TLD isn't controlled by some special unique registrar but just exists as a level within BNS. The domain names in a namespace are registered and owned by individuals.
Blockstack also has a file storage p2p network (data is hashed and content-addressed like IPFS, and similar to BitTorrent) called the Atlas network. BNS registration information and subdomain registration is or can be stored on Atlas, if not elsewhere. This is not so different from how the Bitcoin Files Protocol works.
Unlike blockchains like Namecoin or Emercoin, there's not some single "Blockstack blockchain" that's recording DNS records that can be queried today.
This is interesting for developers building decentralized systems but so far nobody has used it to build a contender to the DNS throne.
Handshake / HNS - One To Watch For
The last blockchain DNS project is perhaps the most exciting with the most interest, a lot of transactions for the currency and also registering and trading domain names. I don't think I can do it justice but it's one to watch out for in the coming future while older projects may be dead.
Handshake is directly at odds with the ICANN naming system. Handshake domains collide with mainstream domains. In the end, there will only be one. The previous projects are all weak contenders. We shall see how serious a Handshake can be.
Handshake Naming Service (HNS) is not only a decentralized DNS on blockchain, it's also a decentralized certificate authority (like Verisign). This is interesting and useful because even if you use an alternative DNS like OpenNIC, you will most likely have to default to non-ssl web (which would be another strike against the site from Google, if Google even indexed them). This is because your browser won't recognize the authority of any certificate an OpenNIC domain website offered to the browser. The browser would think it was a scam. Google has also trained us to expect SSL and the "lock" in the browser bar.
[Another way in which Google is unfriendly to all websites on blockchain or alternative DNS platforms is that Google doesn't index websites using those alternative TLDs. You won't be able to find them unless you use a special search engine, like the one on .geek from OpenNIC. Each other project above would need its own search engine.]
Handshake is its own native blockchain, like Namecoin, and registering domain names (or getting certificates) is all done by transacting with their native HNS token. There's a registrar company called Namebase (think Coinbase for Handshakes) that facilitates buying tokens, exchanging them for fiat or BTC, and buying domains. They have a lot of pre-registered TLDs for sale at rather high prices but you can register new, unique names with certain restrictions (on existing brand names, and based on a schedule).
More from their website:
Handshake is a piece of software (and a loose consensus on
agreement of the software itself). This software's primary
function is for people to come to agreement on names and
cryptographic keys authorized to represent that names in
a decentralized way. To do this in a decentralized way, we
need to prevent a single party from claiming all the names.
Therefore, a unit of account is needed to prevent that
single party from claiming all names.
Handshake uses a coin system for name registration. The
Handshake coin (HNS) is the mechanism by which participants
transfer, register, and update internet names. The community
will be able to initiate auctions and place bids for
top-level domains using HNS or trade their HNS as they see
fit, with differing value per name.
In short, Handshake believes success and security come from widespread usage and seeding the initial userbase is done by airdropping tokens to a wide swathe of developers. Their textfile purports to explain why, in sort of game theoretic terms, putting a majority of the blockchain's tokens in the hands of developers not yet associated with the project is ultimately the best thing for the project.
Presume in the future there are three hypothetical projects
released which achieve the same goal, let's say it's a
decentralized mesh networking blockchain. Two of the three
give 90% of its value to the creators of the project. The
third gives 85% of the value to FOSS developers and those
who put up nodes. It would stand to reason that the third
would have significantly greater odds of success. The
Handshake mechanism is designed to create a competitive
game of asset ownership distribute more to FOSS developers,
and perhaps all of humanity.
Btw, Handshake donated a million dollars to the Free Sofware Foundation (FSF). They gave money to other open source organizations too. They've also airdropped a lot of tokens to people with full GitHub profiles.
I also want to note that Handshake calls itself an experiment. There are a lot of guesses or assumptions. These may turn out to be false and this experiment could fail and a lot of money thrown at it may have gone to waste, except for those rich donations to open source foundations.
There have been a lot of attempts to replace DNS with a blockchain solution. So far nobody has found a way to convince people they need one. So far Handshake hasn't yet been proven a failure. Many of the above solutions can work technically. But let's see if Handshake will get people to actually switch.