Notes: DNS over IPFS

Created on 9 Jul 2017  路  7Comments  路  Source: ipfs/notes

In the discussion about DNS query support for js-ipfs and js-ipfs-api, an idea came along that I wanted to make sure to note here as it will require more thought and research.

tl;dr; What if we use IPFS to distribute all the DNS records in the world?

https://github.com/ipfs/js-ipfs-api/issues/501#issuecomment-313914284

I believe that the million dollar question here is how the bit is the dataset containing every single domain and its TXT records in the world? And, given that we added all of those to IPFS, wouldn't IPNS + files sharding be a more efficient way to distribute them anyways? We can probably make DNS faster and more secure (and work offline!) if we distribute all of those records through IPNS + IPFS.

Is there an existing DNS fire hose we can subscribe to fetch all changes in DNS records?

Candidate Open Problem

All 7 comments

Is there an existing DNS fire hose we can subscribe to fetch all changes in DNS records?

No, main way to get all announced records from given DNS Server is to be allowed to perform AXFR query which is usually limited to infrastructure of given provider/company on IP basis.

How would security work? Would we just sign all DNS records and act as a trusted authority?

A similar idea could be done for IPNS lookups. We could maintain a large sharded registry for all ipns keys. Since ipns records are all self signed and validated, there wouldnt really be any security concerns. The hard part would be managing the high number of updates in a reasonable manner.

The hard part would be managing the high number of updates in a reasonable manner.

That's what pubsub is for :wink:. We could even include the PeerID of the IPNS "owner" in IPNS records.

I actually wrote up a document discussing this design space before coming here as I thought I'd end up working on this as my project. Here's a (ever so slightly updated) copy for anyone interested: https://github.com/ipfs/notes/issues/260.

It's gonna be easier to conceive a new name system with a backward-compat DNS interface, than trying to fit a decades old square into a p2p circle. DNS as a protocol is already pretty decentral, too, so it comes with plenty of mechanisms for delegation and synchronization.

How about using IPFS as file backend for ISC BIND or CZ.NIC Knot and sharing the DNS zone files via IPFS?

BIND named.conf example:

zone "example.com" in {
    type master;
    file "/ipns/QmXnnyufdzAWL5CqZ2RnSNgPbvCc1ALT73s6epPrRnZ1Xy/example.com";
};

A bunch of such nameservers on an anycast IP address would allow to query the zone files via conventional DNS or directly via IPFS. If the IPNS key-format is compatible with the DNSSEC key-format we can slip the IPNS public key as DNSSEC key-signing public key to the DNS registries which would publish it via DNS. That way we can link/authorize IPNS hashes for DNS Domains automatically.

With such a resilient system DNS-admins will copy their zone-files to IPFS voluntarily.

I'm currently working on something like this. I plan on using an OrbitDB append-only key:value database. The original owner of the domain would sign the records. The query would look up the owner of the domain and then look up the latest records for that key.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

hackergrrl picture hackergrrl  路  5Comments

jbenet picture jbenet  路  3Comments

nicola picture nicola  路  5Comments

jbenet picture jbenet  路  4Comments

pgte picture pgte  路  4Comments