Bootstraping DNS via Distributed Ledger
Table of Contents
Bootstraping the DNS system using a distributed ledger, removing the inherent flaw that is its centralized nature while binding in neatly with current dns infrastructure.
- Bind into current infrastructure without requireing more then an extra root hint on resolvers.
- Existing domains need to be able to migrate (pre-registering .com, .net and all the others might be the way to go here.
- A zone needs to be secured using one or more keys.
- A key needs the be revokable.
- Keys need to have a hirarchy: have a ranking assigned that decides which key can revoke which other keys.
- Keys need to be restrictable to records or entire zones (scoped)
Only top-level domains are allowed. Otherwise the chain size grows too large. Using ns records to delegate instead.
- Set allowed level of subdomains in settings with default of 0 (Only root zones like com, net etc.)
- Peer cluster communication needs to be secure, with each client having a private key.
= 26 + 10 + 1 = 37
Max combined length: 255
37^255 = too large
Limiting to 5 characters (no numbers) brings the posibilities down to 11'881'376 Domains
64 bytes per ecc key
To facilitate queries from current infrastructure for the authoritative zone (set when peer joins the cloud)
To create/update/delete zones.
- Node discovery
- Tracking node uptime
- Rate node quality based on uptime
- DNS record of peers allowed to join are added via transactions
- Allow manual joining of new peer with a token
- Network transparency: Nodes are identified by their public key, not ip address.
- Keep track of which node authorized the joining of a new peer. Allows removal of entire tree of nodes if problematic joins happen.
- Limit new zone registrations per time spent part of peer cluster.
- Only allow changes to existing zones once a node has been online for a while.
- Resources may be dropped from local storage once they are superceeded after a certain time period
- Virtual Voting
- transaction table
Resource Types (Transactions)
- DNS Zone
- DNS Record?
- TLS Certificate
- Resource Access Key
- Authorized Peer (public key of host allowed to join the cluster)