December 03, 2021 - 12 min read
The DNS or, The Domain Name System, acts like a phonebook for the internet, translating easy-to-understand domain names, like google.com, into a specific Internet Protocol (IP Address). This allows web browsers, like Google’s Chrome and Microsoft’s Internet Explorer, to locate the correct website for the user.
The DNS system has been operating continuously since 1983 and is continuously evolving to suit the needs of an ever-growing internet. For the DNS to operate correctly, it must provide constant availability to users, must maintain data integrity to prevent data corruption, and needs to implement a certain degree of privacy to make it harder for the public to analyze the browsing history of individual users.
In general, DNS packets are unencrypted, so when users send requests to a DNS server, both the DNS server and all other parties on the route (including your internet provider and anyone else on your WiFi) know exactly what websites you are visiting.
Currently, the DNS system is fully centralized and is organized by ICAAN (The Internet Corporation for Assigned Names and Numbers), a non-profit organization based in the United States. DNS data is distributed worldwide but is managed by different organizations hierarchically, via a first-level, the root level, managed by registries, and a second-level system, which is operated by registrars.
Right now, giants like Cloudflare, GoDaddy, Amazon, Google, and Namecheap, among others, dominate the domain registration space, registering and renting domain names to users in a centralized manner that is neither private, democratized, or particularly secure. These services can, at any time, delete or remove a customer’s domain, and are also vulnerable to hacking.
All of this means that, while the DNS system is essential to our modern internet, it has a wide variety of vulnerabilities– vulnerabilities that could potentially be solved by the integration of blockchain technology into the current DNS system.
In this article, we’ll discuss both the current shortcomings of the existing DNS system, as well as the advances in blockchain technology that are providing the next generation of internet users more secure, flexible, decentralized, and censorship-proof domains.
Currently, the DNS system is vulnerable to a wide variety of types of hacking and other methods of manipulation. One common attack is referred to as a DNS hijacking or redirection attack, which redirects a user from the expected web address to a different, typically malicious, website. This website may be intended to look like the real website, leading a user to enter personal information or to accidentally download a virus or malware onto their computer.
DDOS or Distributed Denial of Service attacks are another major vulnerability of the current DNS system. DDOS attacks work by overwhelming the target with a massive amount of internet traffic. DDOS attacks are often carried out by “bot farms,” or large networks of computers that have been compromised and are now controlled by a hacker.
DDOS attacks on one website are one thing, but a DDOS attack on the servers of a major registrar, or even ICANN itself, could take down a large portion of the internet, leading to economic losses and even political chaos.
Another type of DNS attack is DNS tunneling, which transmits additional information through the DNS protocol that typically resolves network addresses. Instead of only transmitting necessary data, DNS tunneling injects more data into the DNS pathway, and can often bypass firewalls and other security measures. DNS tunneling can allow a hacker to take control of the domain in question, and can also be used to steal large amounts of domain data. This method has been notoriously used by Iranian hackers to sabotage corporate and government websites in other countries, such as the U.S. and Israel.
Modern blockchain technology involves the creation of a distributed network, via which a distributed ledger records transactions that are replicated on a series of independent, distributed nodes. Transactions are clustered into blocks, which must be validated by a substantial amount of nodes to be permanently added to the ledger.
Unlike some blockchain systems, in most cases, blockchain DNS providers provide each node with the same voting authority. In general, all nodes must participate in “voting” to approve new changes to the DNS system. While the system isn’t perfect, it helps prevent “whales,” or powerful groups of nodes, from dominating the system and making potentially harmful changes.
By decentralizing and distributing the DNS network, it could make it significantly more difficult for hackers to disrupt the system. It could also prevent DNS issues caused by natural disasters that could take servers offline at major registrars.
Since data on a blockchain ledger cannot be changed or modified after the fact, it would reduce or eliminate the need for current DNS security measures, such as the DNSSEC, or Domain Name System Security Extensions. Currently, this system requires a significant amount of maintenance and necessitates the re-signing of a DNS root zone’s public key information every three months as a security measure.
Another benefit of the decentralized nature of blockchain domain names is the fact that they are very difficult, if not impossible, to take down by government and corporate entities. This could be a massive benefit for journalists and activists, who constantly face the threat of content removal or “content moderation.” This issue is particularly salient in countries with limited or non-existent freedom of the press and significant online censorship, such as Russia, China, Vietnam, Saudi Arabia, and many countries in Africa.
However, the decentralized nature of blockchain domain names can be a double-edged sword. Since they are difficult or impossible to remove, blockchain domains are ideal for cybercriminals. This is particularly the case for cybercriminals who wish to sell illegal items to consumers– and it’s especially concerning for those criminals trafficking in stolen consumer data.
For example, in 2017, Joker’s Stash, a popular website utilized to purchase stolen payment card details, started using blockchain DNS to make it easier for customers to buy stolen data without needing to download a “dark web” browser such as Tor. Of course, there are downsides for criminals to use decentralized blockchain marketplaces since the fact that data is immutably stored on the blockchain could make it easier to track these criminals down.
Blockchain domains currently exist, but they are somewhat more difficult to access than ordinary domains, as they generally require a specific browser extension or browser to access. Currently, blockchain domains are created via smart contracts, which create an easy-to-read web address. Usually, they must use unique extensions, such as .eth or .coin.
Owners of domains will register these on the blockchain and will receive a private key. By using the key, they can fully control the domain and do not need to be approved or registered with outside, centralized organizations. These domains act like (and are effectively the same as) blockchain wallets, as they allow users to send cryptocurrency payments directly to the address.
Currently, Ethereum, Alibaba, Handshake, Aloaha blockchain DNS, Luxe, and NEM are among some of the most popular blockchain domain providers on the market. However, blockchain domains are far from being a significant portion of existing domains, as more than 99% of domains are currently registered with ICANN in the traditional fashion.
Three of the most common browser extensions used to access blockchain domains are:
If you want a blockchain domain, there are a wide variety of providers you can use. Some of the top blockchain domain providers currently include:
As we mentioned at the beginning of this article, three of the major essential components of an effective DNS system are availability, integrity, and confidentiality. Blockchain DNS protocols are poised to address each of these issues. The immutable and distributed nature of blockchain ledgers prevents availability problems caused by hackers or natural disasters; it also helps ensure data integrity.
By providing superior encryption via the issuance of a private key for each domain, these systems also help improve confidentiality for internet users and site creators, even though certain activities of site creators post-site creation may actually become more public.
Despite the great potential for blockchain technology to disrupt and improve how domains operate, the blockchain DNS industry is still in its infancy, with 0.1% or less of all domains currently on blockchains. Blockchain domain access and creation also rely on the use of special web extensions and small domain providers, a hurdle that could turn off ordinary web users.
In the future, it’s conceivable that blockchain domain access could be fully integrated into regular web browsers without additional software. Major domain providers, such as GoDaddy and Namecheap, may also begin to offer blockchain domains, expanding their exposure and popularity with typical consumers.
It’s also likely that it will be possible to easily register traditional domains, such as .com or .net, on blockchains, though this may involve more coordination between traditional registrars (or even ICANN) and blockchain domain providers. Further in the future, organizations like ICANN may even themselves transition to utilizing blockchain protocols, ushering in a new era of security for domains, and perhaps, the internet itself.
By their nature, blockchains are closed systems, which means they face challenges when integrating outside, real-world information into the smart contracts that power blockchains themselves. Oracles, third-party services that provide off-chain data to blockchains, have become an essential part of the blockchain and DeFi ecosystem over the last few years.
Like other blockchain products and services, effective blockchain DNS/domain name provider services and the websites they host will often have to access outside information. Blockchain DNS services may store domains on the blockchain, but they are still businesses that need to interact with the outside world, meaning that they require powerful oracles to operate.
While blockchain domains and blockchain hosting are different, they are both parts of the push for decentralization in the Web 3.0 ecosystem. External data is also particularly important for websites hosted on blockchain platforms, which may need to pull information from a variety of outside sources, including financial information, news info, and weather and environmental data. As both blockchain DNS and hosting services evolve, this need for external data is only likely to increase.
Blockchain technology is poised to change the structure of the internet forever, and nothing is more core to the internet than the domains that websites are hosted on. Some of the changes that blockchain will provide to domains will be visible to the average internet user.
These may come in the form of the ability to use new domain extensions like .eth and send money directly to web addresses themselves. However, other changes will be less visible, including the potential replacement of ICANN and other organizations with decentralized DNS providers.
If blockchain DNS providers and the blockchain domains they provide are to deliver on their full potential, they’ll need a fast, secure data infrastructure, and SupraOracles is in an excellent position to provide that.
SupraOracles can provide blockchain DNS providers, blockchain hosting services, and other services in the internet domain and hosting space the secure, fast, and accurate information they need. With cross-chain interoperability, powerful decentralized consensus mechanisms, lightning-fast finality, and ultra-secure parallel processing cryptography, SupraOracles can help providers create and secure the next generation of internet domains.
Get news, insights, and more.
Sign up for the SupraOracles newsletter for company news, industry insights, and more. You’ll also be the first to know when we come out of stealth mode.