DNSChain (formerly DNSNMC) makes it possible to be certain that you're communicating with who you want to communicate with, and connecting to the sites that you want to connect to, without anyone secretly listening in on your conversations in between.
In spite of their names, SSL/TLS and HTTPS are not secure.
DNSChain fixes this. What is DNSChain?
*.bit websites.It's also only about 600 lines of easy to understand CoffeeScript! This means that even mere mortals can look at the code, and verify for themselves that it is safe to run on their systems.
Well, simple to share, a little more difficult to register it (at the moment only, give it time ^_^):
namecoind to register your identity in the id/ namespace..dns meta-TLD through the traditional DNS, as shown in the screenshot.It's always best to use your own server, of course. Note: headers containing a crypographic signature will be sent soon!
SSL certificates today do not provide the security that they claim to provide. DNSChain replaces Certificate Authorities by providing a means for distributing public keys in a way that is secure from MITM attacks.
.dns meta-TLD.dns is a meta-TLD because unlike traditional TLDs, it is not meant to globally resolve to a specific IP. Rather, it is meant to resolve to a DNSChain server that you personally own and run.
It bears emphasizing that you cannot register a meta-TLD because you already own them!
When a DNSChain server sees a request to a .dns domain, it handles the request itself, looking it up in a blockchain stored on that same server. At the moment, DNSChain uses the Namecoin blockchain, but it can easily be configured to use any blockchain.
No special software is required, just set your computer's DNS settings to use one of the public DNSChain servers (more secure to run your own though).
Then try the following:
okturtles.bit?" http://namecoin.dns/d/okturtlesDon't want to change your DNS settings?
As a convenience, the first DNSChain server's .dns meta-TLD can be accessed over the old-DNS by way of dns.dnschain.net, like so:
This means you can immediately begin writing JavaScript apps that query the blockchain. :)
DNSChain is meant to be run by individuals!
Yes, you can use a public DNSChain server, but it's far better to use your own because it gives you more privacy, makes you more resistant to censorship, and provides you with a stronger guarantee that the responses you get haven't been tampered with by a malicious server.
Those who do not own their own server or VPS can use their friend's (as long as they trust that person). DNSChain servers will sign all of their responses, thus protecting your from MITM attacks. (NOTE: signing is not yet implemented, but will be soon)
You can, if you must, use a public DNSChain server. Simply set your computer's DNS settings to one of these. Note that some of the servers must be used with dnscrypt-proxy.
| IP or DNSCrypt provider | DNSCrypt Info | Logs | Location | Owner | Notes |
|---|---|---|---|---|---|
| 192.184.93.146 (aka d/okturtles) | N/A | No | Atlanta, GA | id/greg | |
| 54.85.5.167 (aka name.thwg.org) | N/A | No | USA | id/wozz | |
| 2.dnscrypt-cert.okturtles.com | Required Info | No | Atlanta, GA | id/greg | |
| 2.dnscrypt-cert.soltysiak.com | Required Info | No | Poznan, Poland | @maciejsoltysiak | IPv6 available |
Tell us about yours by opening an issue (or any other means) and we'll list it here!
We'll post the public keys for these servers here as well once signed DNS & HTTP responses are implemented. Note that DNSChain + DNSCrypt servers already guarantee the authenticity of DNS responses.
.bit domains and identities.bit domains and public identities are currently stored in the Namecoin P2P network. It's very similar to the Bitcoin network.
All of this must currently be done using namecoind, a daemon that DNSChain requires running in the background to access the Namecoin network.
See the Namecoin wiki for more info:
Get yourself a Linux server (they come as cheap as $2/month), and then make sure you have the following software installed:
nodejs and npm - We recommend using a package manager to install them.npm install -g coffee-scriptgrunt-cli - install via npm install -g grunt-cli, provides the grunt command.namecoind - instructionsnpm install -g dnschain (you may need to put sudo in front of that).namecoind in the background. You can use systemd and create a namecoin.service file for it based off of dnschain.service.npm update -g dnschain.Test DNSChain by simply running dnschain from the command line (developers see here). Have a look at the configuration section below, and when you're ready, run it in the background as a daemon. As a convenience, DNSChain comes with a systemd unit file that you can use to run it.
DNSChain uses the wonderful nconf module for all of its configuration purposes. This means that you can configure it using files, command line arguments, and environment variables.
There are two configurations to be aware of (both loaded using nconf): DNSChain's, and namecoind's:
dnschain.conf locations (in order of preference):
$HOME/.dnschain.conf$HOME/.dnschain/dnschain.conf/etc/dnschain/dnschain.confnamecoin.conf locations (in order of preference):
$HOME/.namcoin/namcoin.confDNSChain will fetch the RPC username and password out of Namecoin's configuration file if it can find it. If it can't, you'll either need to fix that, or provide rpcuser, rpcpassword, etc. to it via command line arguments or environment variables.
The format of the configuration file is similar to INI, and is parsed by the NodeJS properties module (in tandem with nconf). Here's an example of a possible dnschain.conf:
[log]
level=info
[dns]
port = 5333
oldDNS.address = 8.8.8.8 # no quotes around IP
# disable traditional DNS resolution (default is NATIVE_DNS)
oldDNSMethod = NO_OLD_DNS # no quotes around this either
[http]
port=8088
tlsPort=4443
Have a look at config.coffee to see all the possible configuration options and defaults!
Make sure you did everything in the requirements and then play with these commands from your clone of the DNSChain repository:
sudo grunt example (runs on privileged ports by default)grunt example (runs on non-privileged ports by default)Grunt will automatically lint your code to the style used in this project, and when files are saved it will automatically re-load and restart the server (as long as you're editing code under src/lib).
#dnschain ⇒ Webchatd/okturtles: http://dns.dnschain.net/d/okturtlesTo test and develop at the same time, simply run sudo grunt example and set your computer's DNS to use 127.0.0.1. Grunt will automatically lint your code to the style used in this project, and when files are saved it will automatically re-load and restart the server (as long as you're editing code under src/lib).
native-dns, native-dns-packet modules and related projects)See TODOs in source, below is only a partial list:
portmap for cleaner iptables support in the systemd unit files.-v-h(NOTE: 0.2.1 is the same as 0.2.0, just forgot to bump NPM version.)
NO_OLD_DNS_EVER prevents resolution in oldDNS
even if the blockchain specifies it be done.
(see comments in globals.coffee for more info and options).bit resolution.bit domains introduced in previous releasettl for .bit domains is now equal to average block creation timepackage.jsonNO_OLD_DNS option for oldDNSMethod (refuses all non-blockchain queries)dns.coffee and improved its structurettl values now returned for namecoin DNS queries based on expires_in fieldREADME.mdnative-dns is now fetched from the dnschain branch of our fork.native-dns & related projects also!)native-dns modulegrunt exampleinfo(For complete release history see HISTORY.md)
Copyright (c) 2013-2014 Greg Slepak. Licensed under MPL-2.0 license.
0.2.2 - May 3, 2014
FAQs
A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!
The npm package dnschain receives a total of 14 weekly downloads. As such, dnschain popularity was classified as not popular.
We found that dnschain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.