dnschain - npm Package Compare versions

Comparing version 0.2.5 to 0.5.0

.travis.yml

dnschain.sublime-project

docs/Comparison.md

docs/Developers.md

docs/dot-bit-Domains-and-Identities.md

docs/How-do-I-run-my-own.md

docs/How-do-I-use-it.md

docs/PowerDNS-and-DNSChain.md

docs/setting-up-dnschain-namecoin-powerdns-server.md

docs/What-is-it.md

src/lib/blockchain.coffee

src/lib/blockchains/icann.coffee

src/lib/blockchains/keyid.coffee

src/lib/blockchains/namecoin.coffee

src/lib/blockchains/nxt.coffee

src/lib/cache.coffee

src/lib/https.coffee

src/lib/httpsUtils.coffee

src/lib/pem.coffee

test/datastores.coffee

test/https.coffee

test/rate-limiting.coffee

test/redis.coffee

test/support/cert.pem

test/support/domains.txt

test/support/env.coffee

test/support/functions.coffee

test/support/key.pem

test/support/namecoin.conf

HISTORY.md

		@@ -0,1 +1,49 @@
		###### 0.5.0 - March 7th, 2015

		- __New Features:__
		+ Basic [Openname Resolver RESTful API](docs/What-is-it.md#API) support!
		+ Built-in HTTPS server that can route multiple services over the same IP and port thanks to [@SGrondin](https://github.com/SGrondin)
		+ Automatically generates [4096-bit HTTPS key/certificate pair for you](docs/How-do-I-run-my-own.md#autogen)
		+ Redis caching for both DNS and HTTP requests thanks to [@WeMeetAgain](https://github.com/WeMeetAgain)
		+ Traffic throttling for both DNS and HTTP requests thanks to [@SGrondin](https://github.com/SGrondin)
		+ Super simple to add any new blockchain to DNSChain thanks to major refactoring work by [@WeMeetAgain](https://github.com/WeMeetAgain)
		+ NXT blockchain support thanks to [@toenu23](https://github.com/toenu23) (this means a `nxt.dns` metaTLD and `.nxt` TLD resolution)
		+ Query DNS records over HTTPS using either [the new Openname API](docs/What-is-it.md#icann) or `icann.dns` metaTLD! (by [@WeMeetAgain](https://github.com/WeMeetAgain))
		+ Ability to specify configuration file path for any supported blockchain via the dnschain configuration ([@WeMeetAgain](https://github.com/WeMeetAgain), again!)
		+ RESTful API to fetch server fingerprint (Closes #44).
		- __Improvements:__
		+ Complete overhaul, refactoring, and improvement of the entire code base
		+ Travic CI support
		+ Comprehensive testing suite with complete code coverage for all critical files (excludes some error handlers and datasources)
		+ Replaced a lot of callback code with Promises (still more to be done!)
		+ All DNSChain components/servers are started and shutdown asynchronously (using Promise based API)
		+ Precisely specified dependency versions to spare sysadmins any annoying surprises
		+ Added badges for NPM version, Travis build status, and Gitter to top of README
		+ All Namecoin data is now returned for HTTP(S) queries (`txid`, `expires_in`, etc.)
		- __Documentation:__
		+ [Comparisons](docs/Comparison.md) to __TACK__, __HPKP__, and __Thin Clients__
		+ Numerous miscellaneous improvements to documentation
		+ Updated Contributors list in README
		+ Added badges for NPM version, Travis build status, and Gitter chat to top of README
		+ This release includes the brand new documentation by [@mdw](https://twitter.com/mdw) and [@taoeffect](https://twitter.com/taoeffect)
		- __Fixes:__
		+ Closed #111: `TypeError` on startup on CentOS machines
		+ Closed #90 and #87: Exception on access to unknown metaTLD

		###### 0.2.5 - July 10, 2014

		- Fixed `.bit` resolution bug introduced in `0.2.4`

		###### 0.2.4 - July 10, 2014

		- Fixed installation issue caused by `json-rpc2`
		- Fixed exception (issue #20)
		- Prevented possible DoS on in certain server setup where DNSChain
		is combined with another DNS server

		###### 0.2.3 - May 27, 2014

		- Updated native-dns module
		- Fixed [#16](https://github.com/okTurtles/dnschain/issues/16) (unhandled exceptions). DNSSEC and other "unhandled" packets should be relayed now as a result.

		###### 0.2.2 - May 3, 2014
		@@ -2,0 +50,0 @@

package.json

		{
		"name": "dnschain",
		"version": "0.2.5",
		"description": "A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!",
		"version": "0.5.0",
		"description": "A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!",
		"homepage": "https://github.com/okTurtles/dnschain",
		@@ -33,3 +33,3 @@ "bugs": "https://github.com/okTurtles/dnschain/issues",
		"scripts": {
		"test": "echo \"Error: no test specified\" && exit 1"
		"test": "./node_modules/.bin/mocha --compilers coffee:coffee-script/register -R spec --bail test/"
		},
		@@ -41,19 +41,28 @@ "repository": {
		"dependencies": {
		"json-rpc2": "0.6.x",
		"lodash": "~2.4.1",
		"string": "~1.7.0",
		"bluebird": "2.9.9",
		"bottleneck": "1.5.x",
		"event-stream": "3.2.2",
		"express": "4.11.2",
		"hiredis": "0.2.0",
		"json-rpc2": "0.8.1",
		"lodash": "3.1.0",
		"native-dns": "git+https://github.com/okTurtles/node-dns.git#08433ec98f517eed3c6d5e47bdf62603539cd402",
		"event-stream": "~3.1.2",
		"lodash-contrib": "~241.4.4",
		"stream-array": "~0.1.3",
		"winston": "~0.7.3",
		"nconf": "~0.6.9",
		"properties": "~1.1.3",
		"inquirer": "~0.4.1"
		"native-dns-packet": "0.1.1",
		"nconf": "0.7.1",
		"properties": "1.2.1",
		"redis": "0.12.x",
		"string": "2.0.1",
		"winston": "0.8.0"
		},
		"devDependencies": {
		"grunt": "~0.4.4",
		"grunt-contrib-watch": "~0.5.3",
		"grunt-coffeelint": "0.0.10",
		"matchdep": "~0.1.2"
		"coffee-script": "^1.8.0",
		"coffeelint": "^1.6.0",
		"fakeredis": "^0.3.0",
		"grunt": "^0.4.5",
		"grunt-coffeelint": "0.0.13",
		"grunt-contrib-watch": "^0.6.1",
		"matchdep": "~0.1.2",
		"mocha": "^2.1.0",
		"should": "^5.0.0",
		"superagent": "^0.21.0"
		},
		@@ -60,0 +69,0 @@ "engines": {

392

README.md

		# DNSChain
		<!-- # DNSChain [![Build Status](https://secure.travis-ci.org/okTurtles/dnschain.png?branch=master)](http://travis-ci.org/okTurtles/dnschain) -->

		DNSChain (formerly DNSNMC) makes it possible to be certain that you're communicating with who you want to communicate with, and connecting to the sites that you want to connect to, without anyone secretly listening in on your conversations in between.
		[![npm version](https://badge.fury.io/js/dnschain.svg)](https://npmjs.org/package/dnschain) [![Build Status](https://img.shields.io/travis/okTurtles/dnschain/master.svg?label=build%20(master))](https://travis-ci.org/okTurtles/dnschain) [![Build Status](https://img.shields.io/travis/okTurtles/dnschain/dev.svg?label=build%20(dev))](https://travis-ci.org/okTurtles/dnschain) [![Gitter](https://img.shields.io/badge/GITTER-JOIN%20CHAT%20%E2%86%92-brightgreen.svg)](https://gitter.im/okTurtles/dnschain)

		- [What is it?](#What)
		- [DNSChain replaces X.509 PKI with the blockchain](#DNSChain)
		- [Simple and secure GPG key distribution](#GPG)
		- [Free SSL certificates become possible](#Free)
		- [Prevents DDoS attacks](#DDoS)
		- [Certificate revocation that actually works](#Revocation)
		- [DNS-based censorship circumvention](#Censorship)
		- [MITM-proof authentication via `.dns` metaTLD](#metaTLD)
		- [How do I use it?](#Use)
		- [Free public DNSChain servers](#Servers)
		- [Registering `.bit` domains and identities](#Registering)
		- [How do I run my own DNSChain server?](#Run)
		- [Requirements](#Requirements)
		- [Getting Started](#Getting)
		- [Configuration](#Configuration)
		- [Working with the source](#Working)
		- [Community](#Community)
		- [Contributors](#Contributors)
		- [Release History](#Release)
		- [License](#License)
		There is a problem with how the Internet works today:

		## What is it?<a name="What"/>
		- HTTPS [is not secure](http://okturtles.com/#not-secure). Like most "secure" communications protocols,
		it is susceptible to undetectable public-key substitution MITM-attacks (example: [Apple iMessages](https://www.taoeffect.com/blog/2014/11/update-on-imessages-security/)).
		- Netizens do not own their online identities. We either borrow them from
		companies like twitter, or rent then from organizations like ICANN.

		### DNSChain replaces X.509 PKI with the blockchain<a name="DNSChain"/>
		These problems arise out of two core Internet protocols:
		[DNS](https://en.wikipedia.org/wiki/Domain_Name_System) and [X.509](https://en.wikipedia.org/wiki/X.509).

		[X.509 PKI](https://en.wikipedia.org/wiki/X.509) makes and breaks today's Internet security. It's what makes your browser
		think ["The connection to this website is secure"](http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/) when [it's not](http://okturtles.com/#not-secure).
		It's what we have to get rid of, and DNSChain provides a scalable, distributed, and decentralized replacement that doesn't depend on untrustworthy
		"authority figures":
		DNSChain offers a free and secure decentralized alternative while remaining backwards compatible
		with traditional DNS.

		It compares favorably to [the alternatives](docs/Comparison.md), and provides the following features:
		︎
		<!-- This extra line is necessary for table to render properly. -->
		\| \| DNSChain \| X.509 PKI [with or without Certificate Transparency][ct] \|
		\|--------------------------------------------------------------------------\|--------------------\|----------------------------------------------------------\|
		\| __MITM-proof'ed [Internet connections][mitm]__ \| :white_check_mark: \| :x: \|
		\| __Secure and simple [GPG key distribution][gpg]__ \| :white_check_mark: \| :x: \|
		\| __MITM-proof RESTful [API to blockchain][api]__ \| :white_check_mark: \| :x: \|
		\| __Free and [actually-secure][free] SSL certificates__ \| :white_check_mark: \| :x: \|
		\| __Stops many [denial-of-service attacks][dos]__ \| :white_check_mark: \| :x: \|
		\| __Certificate revocation [that actually works][rev]__ \| :white_check_mark: \| :x: \|
		\| __DNS-based [censorship circumvention][cens]__ \| :white_check_mark: \| :x: \|
		\| __Prevents [domain theft][theft] ("seizures")__ \| :white_check_mark: \| :x: \|
		\| __Access blockchain [domains like `.bit`, `.p2p`, `.nxt`, `.eth`][use]__ \| :white_check_mark: \| :x: \|

		\| \| DNSChain \| X.509 PKI [with or without Certificate Transparency](http://www.ietf.org/mail-archive/web/trans/current/msg00233.html) \|
		\|------------------------------------------------------------------------------\|--------------------\|------------------------------------------------------------------------------------------------------------------------\|
		\| __MITM-proof authentication__ <sup>[[1]](#metaTLD)</sup> \| :white_check_mark: \| :x: \|
		\| __Secure and simple [GPG key distribution](#GPG)__ \| :white_check_mark: \| :x: \|
		\| __Free and actually-secure SSL certificates__ <sup>[[2]](#Free)</sup> \| :white_check_mark: \| :x: \|
		\| __Stops many denial-of-service attacks__ <sup>[[3]](#DDoS)</sup> \| :white_check_mark: \| :x: \|
		\| __Certificate revocation that actually works__ <sup>[[4]](#Revocation)</sup> \| :white_check_mark: \| :x: \|
		\| __DNS-based censorship circumvention__ <sup>[[5]](#Censorship)</sup> \| :white_check_mark: \| :x: \|
		\| __Prevents [domain theft](http://okturtles.com/#open-source) ("seizures")__ \| :white_check_mark: \| :x: \|
		\| __Access blockchain-based [domains like `.bit`](#Use)__ \| :white_check_mark: \| :x: \|
		\| __RESTful API to blockchain via [.dns metaTLD](#metaTLD)__ \| :white_check_mark: \| :x: \|
		\| __Simple design fits in about 600 lines of CoffeeScript!__ \| :white_check_mark: \| :x: \|
		[ct]: https://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
		[mitm]: docs/What-is-it.md#MITMProof
		[gpg]: docs/What-is-it.md#GPG
		[free]: docs/What-is-it.md#Free
		[dos]: docs/What-is-it.md#DDoS
		[rev]: docs/What-is-it.md#Revocation
		[cens]: docs/What-is-it.md#Censorship
		[theft]: https://www.techdirt.com/articles/20141006/02561228743/5000-domains-seized-based-sealed-court-filing-confused-domain-owners-have-no-idea-why.shtml
		[use]: docs/How-do-I-use-it.md
		[api]: docs/What-is-it.md#API

		### Simple and secure GPG key distribution<a name="GPG"/>
		:star: See Also: [How DNSChain Compares To Other Approaches](docs/Comparison.md)

		![Easily share your GPG key!](https://www.taoeffect.com/includes/images/twitter-gpg-s.jpg)
		## Documentation

		Well, simple to share, a little more difficult to register it (at the moment only, give it time ^_^):
		### [:book: What is it?](docs/What-is-it.md)

		1. Use `namecoind` to [register](https://github.com/namecoin/wiki/wiki/Register-and-Configure-.bit-Domains) your identity in the `id/` [namespace](https://github.com/namecoin/wiki/wiki/Identity).
		2. Use a DNSChain server that exposes its `.dns` meta-TLD through the traditional DNS, as shown in the screenshot.
		- DNSChain replaces X.509 PKI with the blockchain
		- MITM-proof authentication
		- Simple and secure GPG key distribution
		- Secure, MITM-proof RESTful API to blockchains
		- Free SSL certificates become possible
		- Prevents DDoS attacks
		- Certificate revocation that actually works
		- DNS-based censorship circumvention
		- Other features: testing suite, rate-limiting, and caching

		It's always best to use your own server, of course. _Note: headers containing a crypographic signature will be sent soon!_
		### [:book: Using DNSChain](docs/How-do-I-use-it.md)

		### Free SSL certificates become possible<a name="Free"/>
		- Free public DNSChain servers
		- Access blockchain domains like `okturtles.bit`
		- Registering blockchain domains and identities
		- Encrypt communications end-to-end without relying on untrustworthy third-parties
		- Unblock censored websites (coming soon!)
		- And more!

		SSL certificates today [do not provide the security that they claim to provide](http://okturtles.com/other/dnsnmc_okturtles_overview.pdf). DNSChain replaces Certificate Authorities by providing a means for distributing public keys in a way that is secure from MITM attacks.
		### [:book: Running your own DNSChain server](docs/How-do-I-run-my-own.md)

		### Prevents DDoS attacks<a name="DDoS"/>
		- Requirements
		- Getting Started
		- Configuration
		- Guide: Setting up a DNSChain server with Namecoin and PowerDNS
		- Coming Soon: securing HTTPS websites with DNSChain.

		Unlike traditional DNS servers, DNSChain encourages widespread deployment of the server (ideally, "one for every group of friends").
		This distributed, flat topology eliminates the need for open resolvers by making it practical to limit clients to a small, trusted set.
		Additionally, whereas traditional DNS resolvers must query other DNS servers to answer queries, blockchain-based DNS resolvers have no
		such requirement because all of the data necessary to answer queries is stored locally on the server.
		### [:book: Developers](docs/Developers.md)

		Another DoS attack relates to the centralized manner in which today's SSL certificates are checked for revocation:
		- Securing Your Apps With DNSChain
		- Contributing to DNSChain development
		- Adding support for your favorite blockchain
		- Running Tests

		### Certificate revocation that actually works<a name="Revocation"/>
		## Community

		TODO: [OCSP](https://news.ycombinator.com/item?id=7556909) + DoS.
		- [Forums](https://forums.okturtles.com)
		- [@DNSChain](https://twitter.com/dnschain) + [@okTurtles](https://twitter.com/okTurtles)
		- [![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/okTurtles/dnschain)

		### DNS-based censorship circumvention<a name="Censorship"/>
		## Other Resources

		The developers of [Unblock.us.org](https://github.com/SGrondin/unblock.us.org) and DNSChain are teaming up to bring the anti-censorship features of Unblock.us into DNSChain. Each project benefits from the other: DNSChain ensures MITM-free communication and Unblock.us ensures that the communication passes through firewalls.
		__:tv: Watch__

		The Unblock.us feature is optional and is up to the server administrator to enable and configure to their needs. It uses MITM to defeat censorship at its own game.
		- [okTurtles + DNSChain Demo at SOUPS 2014 EFF CUP](https://www.youtube.com/watch?v=7QLaKW8ABy4)
		- [Blockchain University lecture on DNSChain](https://www.youtube.com/watch?v=GJd5uECEkSs) (2h+, but you will [know kung-fu](https://www.youtube.com/watch?v=6vMO3XmNXe4) afterward!)
		- [SF Bitcoin Meetup: Securing online communications with the blockchain](https://www.youtube.com/watch?v=Qy1x3Ud8LCI)
		- [SF Bitcoin Developers Meetup: Deep Dive into Namecoin and DNSChain](https://www.youtube.com/watch?v=wUiMIy9urTA)

		Unblock.us works by hijacking the DNS lookups for the domains on a list defined by the server administrator. The server then accepts all HTTP and HTTPS traffic addressed to those domains and forwards it intelligently. Even though it can't decrypt SSL traffic, it can still forward it. It's as fast as a VPN (unlike Tor) and ONLY tunnels the traffic to those domains, meaning that it doesn't affect other online activites (unlike VPNs and Tor) and isn't costly in server bandwidth. Finally, there's no software to install, only DNS settings to change. It has been confirmed to work in Turkey, UK, Kuwait, UAE and many additional Middle Eastern countries.
		__:speaker: Listen__

		For now, Deep Packet Inspection techniques used in Pakistan and China can still beat Unblock.us, but the next version will address that issue using a technique called [Host Tunneling](http://unblock.us.org/?p=61). Short of cutting entire countries off the internet, DNSChain/Unblock.us will be able to get through.
		- [P2P Connects Us Podcast on DNSChain](http://letstalkbitcoin.com/blog/post/p2p-connects-us-episode-four)
		- [Frontier Podcast on DNSChain, DNSCrypt, MITM attacks, & more](http://reelsense.tv/frontier/101)
		- [Beyond Bitcoin Hangouts with Bitshares crew on DNSChain](https://soundcloud.com/beyond-bitcoin-hangouts/beyond-bitcoin-hangout-greg-slepak-dnschain-2014-10-24)
		- [Katherine Albrecht's privacy-focused radio show](http://www.katherinealbrecht.com/show-archives/2014/06/19/)

		### The `.dns` meta-TLD<a name="metaTLD"/>
		__:page_facing_up: Read__

		__.dns__ is [a meta-TLD](http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/) because unlike traditional TLDs, it is not meant to globally resolve to a specific IP. Rather, it is meant to resolve to a DNSChain server that _you personally own and run_.
		- Engadget: [New web service prevents spies from easily intercepting your data](http://www.engadget.com/2014/09/29/okturtles/)
		- Let's Talk Bitcoin: [Security in Decentralized Domain Name Systems](http://letstalkbitcoin.com/blog/post/security-in-decentralized-domain-name-systems)
		- [An intro to DNSChain: Low-trust access to definitive data sources](http://simondlr.com/post/94988956673/an-intro-to-dnschain-low-trust-access-to)
		- [How to setup a blockchain DNS server with DNSChain](docs/setting-up-dnschain-namecoin-powerdns-server.md)
		- [The Trouble with Certificate Transparency](https://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/)
		- [Introducing the dotDNS metaTLD](https://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/)
		- [DNSChain versus...](docs/Comparison.md)

		It bears emphasizing that you cannot register a meta-TLD because you already own them!
		_Have a link? [Let us know](https://twitter.com/dnschain)!_

		When a DNSChain server sees a request to a `.dns` domain, it handles the request itself, looking it up in a blockchain stored on that same server. At the moment, DNSChain uses the Namecoin blockchain, but it can easily be configured to use any blockchain.
		## Contributors

		- More info: [_Introducing the dotDNS metaTLD_](http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/)
		_Approximate chronological order._

		## How do I use it?<a name="Use"/>

		No special software is required, just set your computer's DNS settings to use [one of the public DNSChain servers](#Servers) (more secure to run your own though).

		Then try the following:

		- Visit [http://okturtles.bit](http://okturtles.bit)
		- "What's the domain info for `okturtles.bit`?" [http://namecoin.dns/d/okturtles](http://namecoin.dns/d/okturtles)
		- "Who is Greg and what is his GPG info?" [http://namecoin.dns/id/greg](http://namecoin.dns/id/greg)

		__Don't want to change your DNS settings?__

		As a convenience, the first DNSChain server's `.dns` meta-TLD can be accessed over the old-DNS by way of `dns.dnschain.net`, like so:

		- "Who is Greg?" [http://dns.dnschain.net/id/greg](http://dns.dnschain.net/id/greg)

		This means you can immediately begin writing [JavaScript apps](http://okturtles.com) that query the blockchain. :)

		### Free public DNSChain servers<a name="Servers"/>

		DNSChain is meant to be run by individuals!

		Yes, you can use a public DNSChain server, but it's far better to use your own because it gives you more privacy, makes you more resistant to censorship, and provides you with a stronger guarantee that the responses you get haven't been tampered with by a malicious server.

		Those who do not own their own server or VPS can use their friend's (as long as they trust that person). DNSChain servers will sign all of their responses, thus protecting your from MITM attacks. (NOTE: signing is not yet implemented, but will be soon)

		You can, if you must, use a public DNSChain server. Simply [set your computer's DNS settings](https://startpage.com/do/search?q=how+to+change+DNS+settings) to one of these. Note that some of the servers must be used with [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy).

		\| IP or DNSCrypt provider \| [DNSCrypt](http://dnscrypt.org/) Info \| Logs \| Location \| Owner \| Notes \|
		\| -------------------------------------------------------------------------- \| ---------------------------------------------------------- \| ---- \| -------------- \| ------------------------------------------------------- \| -------------- \|
		\| 192.184.93.146 (aka [d/okturtles](http://dns.dnschain.net/d/okturtles)) \| N/A \| No \| Atlanta, GA \| [id/greg](http://dns.dnschain.net/id/greg) \| \|
		\| 54.85.5.167 (aka [name.thwg.org](name.thwg.org)) \| N/A \| No \| USA \| [id/wozz](http://dns.dnschain.net/id/wozz) \| \|
		\| [2.dnscrypt-cert.okturtles.com](https://gist.github.com/taoeffect/8855230) \| [Required Info](https://gist.github.com/taoeffect/8855230) \| No \| Atlanta, GA \| [id/greg](http://dns.dnschain.net/id/greg) \| \|
		\| [2.dnscrypt-cert.soltysiak.com](http://dc1.soltysiak.com) \| [Required Info](http://dc1.soltysiak.com) \| No \| Poznan, Poland \| [@maciejsoltysiak](https://twitter.com/maciejsoltysiak) \| IPv6 available \|

		Tell us about yours by opening an issue (or any other means) and we'll list it here!

		We'll post the public keys for these servers here as well once signed DNS & HTTP responses are implemented. Note that DNSChain + DNSCrypt servers already guarantee the authenticity of DNS responses.

		### Registering `.bit` domains and identities<a name="Registering"/>

		`.bit` domains and public identities are currently stored in the Namecoin P2P network. It's very similar to the Bitcoin network.

		All of this must currently be done using `namecoind`, a daemon that DNSChain requires running in the background to access the Namecoin network.

		See the [Namecoin wiki](https://github.com/namecoin/wiki/wiki) for more info:

		- [Registering .bit domains](https://github.com/namecoin/wiki/wiki/Register-and-Configure-.bit-Domains)
		- [Global public identities specification](https://github.com/namecoin/wiki/wiki/Identity)

		## How do I run my own?<a name="Run"/>

		Get yourself a Linux server (they come as cheap as $2/month), and then make sure you have the following software installed:

		#### Requirements<a name="Requirements"/>

		1. `nodejs` and `npm` - We recommend using a package manager to install them.
		2. [coffee-script](https://github.com/jashkenas/coffee-script) (version 1.7.1+) - install via `npm install -g coffee-script`
		3. `grunt-cli` - install via `npm install -g grunt-cli`, provides the `grunt` command.
		4. `namecoind` - [instructions](https://github.com/namecoin/wiki/wiki/Install-and-Configure-Namecoin)

		<!--5. `libgmp` - needed by Mozilla's [jwcrypto](https://github.com/mozilla/jwcrypto), install using `apt-get install libgmp-dev` (Debian) or `brew install gmp` (OS X).

		DNSChain __does not use the NodeJS crypto module__ for generating signed headers because that module uses `OpenSSL` (which is considered harmful [1](http://www.peereboom.us/assl/assl/html/openssl.html)[2](https://www.openssl.org/news/vulnerabilities.html)). Instead, Mozilla's [jwcrypto](https://github.com/mozilla/jwcrypto) is used.-->

		#### Getting Started<a name="Getting"/>

		1. Install DNSChain using: `npm install -g dnschain` (you may need to put `sudo` in front of that).
		2. Run `namecoind` in the background. You can use `systemd` and create a `namecoin.service` file for it based off of [dnschain.service](scripts/dnschain.service).
		3. If an update is released, update your copy using `npm update -g dnschain`.

		Test DNSChain by simply running `dnschain` from the command line (developers [see here](#Working)). Have a look at the configuration section below, and when you're ready, run it in the background as a daemon. As a convenience, DNSChain [comes with a `systemd` unit file](scripts/dnschain.service) that you can use to run it.

		#### Configuration<a name="Configuration"/>

		DNSChain uses the wonderful [`nconf` module](https://github.com/flatiron/nconf) for all of its configuration purposes. This means that you can configure it using files, command line arguments, and environment variables.

		There are two configurations to be aware of (both loaded using `nconf`): DNSChain's, and `namecoind`'s:

		- `dnschain.conf` locations (in order of preference):
		- `$HOME/.dnschain.conf`
		- `$HOME/.dnschain/dnschain.conf`
		- `/etc/dnschain/dnschain.conf`
		- `namecoin.conf` locations (in order of preference):
		- `$HOME/.namcoin/namcoin.conf`

		DNSChain will fetch the RPC username and password out of Namecoin's configuration file if it can find it. If it can't, you'll either need to fix that, or provide `rpcuser`, `rpcpassword`, etc. to it via command line arguments or environment variables.

		The format of the configuration file is similar to INI, and is parsed by the NodeJS [`properties` module](https://github.com/gagle/node-properties) (in tandem with `nconf`). Here's an example of a possible `dnschain.conf`:

		[log]
		level=info

		[dns]
		port = 5333
		oldDNS.address = 8.8.8.8 # no quotes around IP

		# disable traditional DNS resolution (default is NATIVE_DNS)
		oldDNSMethod = NO_OLD_DNS # no quotes around this either

		[http]
		port=8088
		tlsPort=4443

		Have a look at [config.coffee](src/lib/config.coffee) to see all the possible configuration options and defaults!

		#### Working with the source<a name="Working"/>

		Make sure you did everything in the [requirements](#Requirements) and then play with these commands from your clone of the DNSChain repository:

		- `sudo grunt example` _(runs on privileged ports by default)_
		- `grunt example` _(runs on non-privileged ports by default)_

		Grunt will automatically lint your code to the style used in this project, and when files are saved it will automatically re-load and restart the server (as long as you're editing code under `src/lib`).

		## Community<a name="Community"/>

		- Forums: [https://forums.okturtles.com](https://forums.okturtles.com)
		- IRC Chat@Freenode: `#dnschain` ⇒ [Webchat](http://webchat.freenode.net/?channels=%23dnschain&uio=MT11bmRlZmluZWQb1)
		- Twitter: [@DNSChain](https://twitter.com/dnschain)
		- Twitter: [@okTurtles](https://twitter.com/okTurtles)

		## Contributors<a name="Contributors"/>

		- [Greg Slepak](https://twitter.com/taoeffect) (Original author and current maintainer)
		- [Simon Grondin](https://github.com/SGrondin) (DNS-based censorship circumvention)
		- [Simon Grondin](https://github.com/SGrondin) (Unblock feature: DNS-based censorship circumvention)
		- [Matthieu Rakotojaona](https://otokar.looc2011.eu/) (DANE/TLSA contributions and misc. fixes)
		- [TJ Fontaine](https://github.com/tjfontaine) (For `native-dns`, `native-dns-packet` modules and related projects)
		- [Za Wilgustus](https://twitter.com/ZancasDeArana) (For [pydnschain](https://github.com/okTurtles/pydnschain) contributions)
		- [Cayman Nava](https://github.com/WeMeetAgain) (Ethereum support, api.icann.dns, and core developer)
		- [Vignesh Anand](https://github.com/vegetableman) (Front-end + back-end for DNSChain admin interface)
		- [Mike Ward](https://twitter.com/bocamike) (Documentation)
		- [Dionysis Zindros](https://github.com/dionyziz) ([pydnschain](https://github.com/okTurtles/pydnschain) work)
		- [Chara Podimata](https://www.linkedin.com/in/charapodimata) ([pydnschain](https://github.com/okTurtles/pydnschain) work)
		- [Konstantinos Lolos](https://www.linkedin.com/in/kostislolos) ([pydnschain](https://github.com/okTurtles/pydnschain) work)
		- [Anton Wilhelm](https://github.com/toenu23) (Support for [Nxt](http://nxt.org) cryptocurrency)
		- Your name & link of choice here!

		## Release History<a name="Release"/>
		## Release History

		###### 0.2.5 - July 10, 2014
		###### 0.5.0 - March 7th, 2015

		- Fixed `.bit` resolution bug introduced in `0.2.4`
		__[Blog post for this release.](https://blog.okturtles.com/2015/03/dnschain-0-5-released-https-openname-resolver-api-more/)__

		###### 0.2.4 - July 10, 2014

		- Fixed installation issue caused by `json-rpc2`
		- Fixed exception (issue #20)
		- Prevented possible DoS on in certain server setup where DNSChain
		is combined with another DNS server

		###### 0.2.3 - May 27, 2014

		- Updated native-dns module
		- Fixed [#16](https://github.com/okTurtles/dnschain/issues/16) (unhandled exceptions). DNSSEC and other "unhandled" packets should be relayed now as a result.

		###### 0.2.2 - May 3, 2014

		- Corrected StackedSchedule scheduling
		- Copied old release notes to HISTORY.md

		###### 0.2.1 - May 2, 2014

		_(NOTE: 0.2.1 is the same as 0.2.0, just forgot to bump NPM version.)_

		- __New Features:__
		+ oldDNSMethod config options should can now be specified as strings
		(and should be!)
		+ new oldDNSMethod `NO_OLD_DNS_EVER` prevents resolution in oldDNS
		even if the blockchain specifies it be done.
		(see comments in `globals.coffee` for more info and options)
		+ Basic [Openname Resolver RESTful API](docs/What-is-it.md#API) support!
		+ Built-in HTTPS server that can route multiple services over the same IP and port thanks to [@SGrondin](https://github.com/SGrondin)
		+ Automatically generates [4096-bit HTTPS key/certificate pair for you](docs/How-do-I-run-my-own.md#autogen)
		+ Redis caching for both DNS and HTTP requests thanks to [@WeMeetAgain](https://github.com/WeMeetAgain)
		+ Traffic throttling for both DNS and HTTP requests thanks to [@SGrondin](https://github.com/SGrondin)
		+ Super simple to add any new blockchain to DNSChain thanks to major refactoring work by [@WeMeetAgain](https://github.com/WeMeetAgain)
		+ NXT blockchain support thanks to [@toenu23](https://github.com/toenu23) (this means a `nxt.dns` metaTLD and `.nxt` TLD resolution)
		+ Query DNS records over HTTPS using either [the new Openname API](docs/What-is-it.md#icann) or `icann.dns` metaTLD! (by [@WeMeetAgain](https://github.com/WeMeetAgain))
		+ Ability to specify configuration file path for any supported blockchain via the dnschain configuration ([@WeMeetAgain](https://github.com/WeMeetAgain), again!)
		+ RESTful API to fetch server fingerprint (Closes #44).
		- __Improvements:__
		+ Improved logging shows file and line number for all warnings
		and errors (and for some messages of other log levels too)
		+ All injected globals now start with 'g' (except for module names)
		+ Faster `.bit` resolution
		+ Imporved overall code quality and readability
		+ Complete overhaul, refactoring, and improvement of the entire code base
		+ Travic CI support
		+ Comprehensive testing suite with complete code coverage for all critical files (excludes some error handlers and datasources)
		+ Replaced a lot of callback code with Promises (still more to be done!)
		+ All DNSChain components/servers are started and shutdown asynchronously (using Promise based API)
		+ Precisely specified dependency versions to spare sysadmins any annoying surprises
		+ Added badges for NPM version, Travis build status, and Gitter to top of README
		+ All Namecoin data is now returned for HTTP(S) queries (`txid`, `expires_in`, etc.)
		- __Documentation:__
		+ [Comparisons](docs/Comparison.md) to __TACK__, __HPKP__, and __Thin Clients__
		+ Numerous miscellaneous improvements to documentation
		+ Updated Contributors list in README
		+ Added badges for NPM version, Travis build status, and Gitter chat to top of README
		+ This release includes the brand new documentation by [@mdw](https://twitter.com/mdw) and [@taoeffect](https://twitter.com/taoeffect)
		- __Fixes:__
		+ Fixed #8 (exception on NS timeout)
		+ Fixed #9 (return NXDOMAIN on bad 'ns' in *.bit)
		+ Closed #111: `TypeError` on startup on CentOS machines
		+ Closed #90 and #87: Exception on access to unknown metaTLD

		###### 0.1.1 - April 24, 2014
		###### [:book: Older version notes](HISTORY.md)

		- __Improvements:__
		+ Some improved logging
		- __Fixes:__
		+ Issue resolving some `.bit` domains introduced in previous release
		+ `ttl` for `.bit` domains is now equal to average block creation time
		+ Outdated license string in `package.json`

		###### 0.1.0 - April 24, 2014

		- __New Features:__
		+ DANE/TLSA support for BOTH canonical DNS and blockchain DNS!
		+ Added `NO_OLD_DNS` option for `oldDNSMethod` (refuses all non-blockchain queries)
		- __Improvements:__
		+ Redesigned `dns.coffee` and improved its structure
		+ Accurate `ttl` values now returned for namecoin DNS queries based on `expires_in` field
		+ Updated contributors, code and config examples in `README.md`
		+ Improved EDNS support
		+ Improved handling of ANY queries
		+ Updated dependencies to latest versions
		+ `native-dns` is now fetched from the `dnschain` branch of [our fork](https://github.com/okTurtles/node-dns/tree/dnschain).
		+ Comments added all over the place (to `native-dns` & related projects also!)
		+ Many other code improvements both to DNSChain and the NodeJS `native-dns` module
		+ Some performance improvements
		- __Fixes:__
		+ Fixed broken `grunt example`
		+ Fixed some uncaught exceptions (issues #1 and #2)
		+ Fixed broken NAPTR support
		- __Changes:__
		+ DNSChain license is now MPL-2.0 (applies to version 0.1.0 onward)
		+ Default logging level is now `info`

		_(For complete release history see [HISTORY.md](HISTORY.md))_

		Copyright (c) 2013-2014 Greg Slepak. Licensed under [MPL-2.0 license](http://mozilla.org/MPL/2.0/).
		Copyright (c) okTurtles Foundation. Licensed under [MPL-2.0 license](http://mozilla.org/MPL/2.0/).

src/lib/dns-handlers.coffee

src/lib/nmc.coffee

.npmignore