Thoughts on blockchainized DNS

Reading about the blockchain technology all around the web, I also started to think about possible usages of this technology. What comes to my mind almost immediately is the idea of decentralized DNS. After all, the internet is build to be decentralized, so why should this be limited by the DNS being de-facto controlled by a single institution?

Brief introduction to DNS

The domain names are organized in a tree hierarchy. In my case, I own the domain and I may therefore create whatever subdomain I choose which will be fully controlled by me. This also works in the opposite direction. My domain is a subdomain registered with an administrator of the .me domain (here the private comany I pay to them and they in exchange let their nameservers carry a pointer to my domain.

We may continue to the root of a tree where the administrator of the .me domain must pay to company known as ICANN, which manages the special domain . and a set of so called root nameservers.

The listing below illustrates a query for the root nameservers.

$ drill NS . @
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 29943
;; flags: qr rd ra ; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 
;; .	IN	NS

.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS
.	60042	IN	NS



;; Query time: 16 msec
;; WHEN: Wed Dec  8 21:35:35 2021
;; MSG SIZE  rcvd: 228

This system is basically built as decentralized key-value storage and it has proved to be very robust. Its main weakness is the property of all tree structures – it has a single root, which is a single point of failure. And the failure might be either technical, such as broken root servers, or political. If your TLD becomes “harmful”, the ICANN may theoretically decide to remove its record from their root servers. Such step would probably have severe political implications, but it is possible in theory.

It should be noted that the ICANNs root is not the only one existing. Other DNS “trees” exists, whether they are research motivated or projects of governments with obvious appeal to censorship. Their list is in the wikipedia article.

The obvious question in the age of “blockchainize everything” sounds: Is it possible to build a DNS on the blockchain?

Short google exercise unsurprisingly revealed that many people already tried to implement such thing, therefore the answer is probably yes. Most notable examples being the Ethereum Naming Service, Namecoin or UnstoppableDomains.

These projects are certainly interesting, but I’d like to point out several practical drawbacks that I came across when thinking about possible implementations.

Possible benefits

Before we dive into the possible implementations, lets take a look at the benefits we’d like to gain.

  1. Absence of central authority
  2. Censorship resistance
  3. Improved robustness
  4. Free domains for everyone!

In the following sections we discuss the points above.

Absence of central authority

The distributed solution has by definition the benefit of missing a central authority.

Distributed solutions are more robust and more democratic because there is no one to manipulate the data.

This is great! Or wait a minute… Is it really so great for everything?

Imagine the domain names being minted as NFTs and you’ll find that the amount of possible ASCII strings of reasonable length is limited. Even now is problem to get some domain names for your project. Most cool domain names were already bought and they are now either used, or laying around waiting for the highest bid. And we are talking about 2nd level domains under .com and similar.

But if you may mint your domain as NFT, in a way that would allow you to prove the ownership by your private key, you’d probably expect that you may create subdomains. But then we must either conclude that:

  1. only 1st level domains might be minted. This will immediately lead to bots minting all thinkable strings and the usable TLDs will be exhausted in magnitudes of minutes or hours. With this paradigm it is very likely that owners of the TLDs will sell their subdomains to wide public for money. This system brings no benefit over current state. We just eliminated the ICANN (yayyy! Or not?), but otherwise the hierarchy stays identical.

  2. We come up with totally different non-hierarchical scheme of domain names. Ground up revolution would be probably the favorite approach of true Web 3.0 evangelists, but to be honest I don’t expect this to happen. After all the domain names must be recognizable and the space for effective implementation of complex schemes is therefore very limited.

With these two points in mind, we might take a deeper look to the popular implementation mentioned above.

Ethereum Name Service

The ENS claims to be “Decentralised” and “Censorship-resistant” naming service. How did it solve the problem fact from point one?

They created a new TLD .eth and you are allowed to mint a subdomain of it. You pay for the subdomain in ETH and it remains on the blockchain for given amount of time.

Wait… Don’t you said it’s decentralized? And isn’t it stored on blockchain? But who should I pay for the domain name then? Exactly. The ENS domain is just a regular subdomain of .ETH with the difference that you pay in ETH for it. Please correct me if I’m wrong, but I didn’t find any indications that this is not true.

Note: ENS offers to assign a BTC,ETH… address to your domain and this can be resolved by compatible wallets as destination address of sending money This is dangerous as it promotes wrong transaction hygiene. You should generate new receiving address for each transaction to preserve anonymity. In such scenario, you would have to update the ENS record after each received transaction, which is something what you probably won’t do, because as every manipulation with data on the ETH token it is paid in ETH gas.


The offers TLD .bit


Ideally, we have our private keys stored safely and in need of manipulation, we use an offline PC for this.

Yet, real world happens and private keys might be lost. This is the case where the primary benefit of e2e encrypted solutions turns out to be one of it’s biggest drawbacks. You have bitcoin, you lost your keys – you have no bitcoin. The story is sad, you lost the money, but at the end of the day nothing happens because all bitcoins are interchangeable.

The problem with domains is that once the domain is claimed by someone and the private key is lost, this domain becomes blocked forever. The domain is NFT of it’s kind and this problem is known (although surprisingly infrequently discussed) in the NFT world.

The difference is that in case of NFT whatever, you store just the hash of it to the blockchain. If this is lost, you generate the image again, change one pixel in it and mint it again. Hash is different, everything is fine.

The domain however is a string, such as mine If I wrote the ownership of this domain to the blockchain and then lost my key, my best try would be to claim ownership of or Yet, you spot the difference on the first sight, not to mention that all hyperlinks must be adjusted to this new domain etc.

For this purpose I suggest limited validity of the domain claim. It has to be large enough time to not make it annoying with renewals, but also small enough so you will possibly be alive at the time the contract times out. Let’s think about some TTL parameter in range 1 month to 5 years

Integration with current system

If this system shall be adopted, it must be available to the wide public with zero effort. Keep in mind that current DNS infrastructure is anything but simple. The claims about increased durability of the decentralized system are cool, theoretically correct, but the competition is 30 or more years mature technology.


The common motivation for distributed technology is its resistance against censorship imposed unilaterally by single big player, either corporation or government.

This technology may bring such resistance if implemented properly, but it has also serious drawbacks as described in previous sections. When we realise that there are sites such as The Pirate Bay, which is hunted down by both enterprise players and government agencies sponsored by them. And yet, despite the fact of being hunted, the PirateBay still exists. This example gives a chance that a complete ban of certain service is hard even now.

I personally don’t believe that distributed DNS service will take over the traditional DNS as we know it today. It certainly brings some benefits, but most interested parties, end-users and corporates, will certainly prefer the convenience of standard DNS services.

This ideological fight is nothing new under the sun. Take a look at the nothing vs. S/MIME vs. GPG mail signing solution popularity and you’ll realise that most people prefer simplicity over privacy/security.

If you find any false claim in this text, please contact me at my email (available on the web).