About Me!

This blog is about my musings and thoughts. I hope you find it useful, at most, and entertaining, at least.

Résumé [PDF]

Other Pages

Quotes

Links

Oak Island

Items for Sale

Presence Elsewhere

jim@jimkeener.com

del.icio.us

Twitter

Facebook

LinkedIn

GitHub

BitBucket

Keybase.io

DNS-P2P V1

Date: 2013-12-18
Tags: dns p2p dnsp2p crypto

This is a introductory proposal for a P2P DNS based on the existing Bitcoin and Bittorrent networks.

The main goals of this project are:

  • Arbitrary UTF8 domain names (i.e. user-created, not random like an encryption key)
  • Decentralized allocation of domains based on first-come-first-server
  • Allow updates to zones once published
  • Authenticate zones such that the zone file can be linked to the allocation of the domain

Register a Name

Bitcoins

Let’s assume that I would like to register example.dnsp2p

% echo -n "example.dnsp2p" | genwallet -a - # Outputs the address
1G2zt786BsvKJXAvTamW3Bds64e6pcQBMx

Let’s also assume I have bitcoin addresses 15R7CsLej8fmyfnPXwJAeQoZoNb5L7sroB with Ƀ1 and 1FZL9EBsFHgaz8ur1nHn9C7fxk7jDkUmVp.

Since the smallest output can be 0.00005430 BTC, we’ll send that much to the address created from the domain name.

Generate a zone file, sign it in cleartext format, and create a .torrent file for the zone. An additional address, J, is created from the info_hash of the .torrent file.

So, the bitcoin transaction would be (note the input and output order):

TxIn:
    Input1:
        Address: (Starting Address or Previous Output3)
TxOut:
    Output1:
        Address: (Address created from domain name)
        Amount: 0.00005430
    Output2:
        Address: (Address built from info_hash)
        Amount: 0.00005430
    Output3:
        Address: (New Address)
        Amount: (Input1's value - tx fee - 2*0.00005430)

Example:

TxIn:
    Input1:
        Address: 15R7CsLej8fmyfnPXwJAeQoZoNb5L7sroB (from above. Has Ƀ1)
TxOut:
    Output1:
        Address: 1G2zt786BsvKJXAvTamW3Bds64e6pcQBMx (from domain)
        Amount: 0.00005430
    Output2:
        Address: 1GS8X5vZTQwMLQQjKkrXM9KPUJQwYji4jL (from sha1 of 'test')
        Amount: 0.00005430
    Output3:
        Address: 1FZL9EBsFHgaz8ur1nHn9C7fxk7jDkUmVp (from above)
        Amount: 0.9994914

The transaction fee should be 4 times that of the mintxfee of the reference client (currently 0.0001 BTC). Clients should not accept a transaction as valid without the appropriate transaction fee. mintxfee updated will be published as part of the DNSP2P protocol and referenced back to a block id.

To issue an update to the zone file, the address referenced in Output3 must be used as Input1.

It is also encouraged that you retrieve the BTC from Output1 after submitting the transaction. Output2 has no corresponding private key and hence cannot be retrieved.

Once the transaction has been confirmed, push the zonefile and torrent into the Bittorrent network.

Bittorent

Doing a lookup

There are 6 steps required to do a lookup. However, once a lookup is done, the zonefile can be cached for up to the shorted TTL in the zonefile.

Using the power of Magnets it’s possible to just grab the info_hash from Output3 and download the torrent file to download signed zone file. The format of the signed zone file is that of a traditional zone file encased in an ASCII-Armored/Cleartext Signature (joking aside: clearsigned documents). The key used to sign is the private key of Input1’s Address (the address being the public key used to authenticate the signature).

  1. To do a lookup, create an address from the domain, as done when registering an address, and search the blockchain for all transactions where it appears as an output.
  2. Then, make sure that the rule about Output3 needing to be Input1 for the next update. Additionally, ensure that the proper transaction fee has been paid, if there are no valid transactions, return NXDOMAIN.
  3. Once the linked-list of transactions is created, use the most recent transactions to obtain the info_hash and download the torrent metadata.
  4. Download the zone file, or return NXDOMAIN if no file is found.
  5. Verify the zone file’s signature against Input1 of the most recent transaction.
  6. Use the zonefile to perform the DNS lookup.

Notes and comments

The TLSA RR from RFC 6698 is recommended to serve TLS Certificates to clients.

NB: genwallet, is part of the pycoin python package (github pycoin repo).

NB: Any DHT implementation, such as PPSP, would work. I’m using Bittorrent since it’s widely adopted and supported by services such as S3.