The next generation of DNS over HTTPS is DNS on blockchain

sweet potato 2021-05-15 01:31:52 阅读数:323

generation dns https dns blockchain

The author of this article :PETER LAI , yes Diode Blockchain engineer . Before entering the field of software development , He is mainly engaged in business administration .Peter Lai Also an active open source contributor . at present , He's working with Diode Team to develop blockchain based decentralized PKI(DPKI).

Here is the full content of the article :

 Article blog picture

Last month, , British Association of Internet service providers Nomination Mozilla Won this year's Internet villain Award , because Mozilla Plan support DNS-over-HTTPS, Circumvent UK filtering obligations and parental controls , To break the Internet norms in the UK .

stay Diode company , We think Mozilla Of DNS-over-HTTPS It's a good way to enhance end-user privacy protection . But it's not the best way to protect the open Internet , because DNS-over-HTTPS At least for the time being CloudFlare and Google The control of the . What we suggest is to use “DNS-on-Blockchain”, It's safe , Privacy protection and decentralized DNS alternatives .

What is? DNS?

DNS  Is connected to Internet Or a dedicated network computer , Hierarchical and federated naming systems for services or other resources . according to  RFC 1035  Definition ,DNS The goal is to provide a mechanism for naming resources , Make names available on different hosts 、 The Internet 、 agreement 、 Used in the Internet and management organizations . It is a group of information and domain names ( Such as IP Address ) Associated standards .

Use DNS The server , We don't have to remember the IP Address . When entering the domain name of the website in the browser , Will automatically turn to DNS The server sends the request .DNS The server looks up the domain and returns IP Address , So your browser knows where to connect .

But that's the problem .DNS Packet is not encrypted , When you DNS When the server sends a request , Not only DNS The server knows your request and the website you want to visit , And everyone else in the route . At the coffee shop , This could be someone else in the same store 、 Shopkeeper 、 Internet service providers or hackers of any espionage network traffic . This is the creation of DNS-over-HTTPS Why .


What is? DNS-over-HTTPS?

DNS-over-HTTPS( abbreviation DoH) It's a kind of security encryption HTTPS Protocol analysis DNS Requested agreement . The goal of this method is to prevent manipulation through intermediaries DNS Data to prevent eavesdropping and increase security to increase user privacy .

Use DNS-over-HTTPS, When you enter the domain name of the website in the browser , can ​​ To encrypt HTTPS Request sent to support DoH Of DNS The server .HTTPS The Agreement deals only with DNS Requested DNS Decryption on the server , And the reply is sent back to encryption again . You don't have to worry about being watched . But it's not perfect , Here's why :


DNS-over-HTTPS The problem of

And DNS The current state of privacy is just as bad , It's a very good federal system . There are thousands of independent DNS The server supports the Internet . On the other hand , When you use DNS-over-HTTPS when , Your data will be sent to Google or Cloudflare. This is a From federal infrastructure to centralized infrastructure Of A huge step back . their DoH The server can still know exactly what you are proposing DNS Request and where you want to connect . We all know that sharing too much data with third parties is dangerous , These big companies may record your DNS Query history , Match it with your other personal data or sell the query history to a third party .

Earlier this month ,Cloudflare The server is down due to an update , The reason is that the new code consumes a lot of CPU resources . Because many websites are using Cloudflare Service for , This leads to many large websites being affected by this outage .Cloudflare The latest incident is a single point of failure (SPOF) An intuitive example of . If DoH The server is centralized and there's a problem , Will cause you will not be able to access the Internet normally . This shows another risk of concentration around a small number of operators .

Last , encryption DNS Traffic does solve the privacy problem , But it doesn't guarantee that the data we receive is correct .PKI Or PKI is a centralized root security infrastructure , Can encrypt almost all of today's Internet traffic . This is also HTTPS The security foundation behind . If the attacker tries to steal HTTPS Server's certificate , He can pretend to be a server , Read all traffic , Even send fake DNS Request the results .

On the blockchain DNS

DNS-over-HTTPS The core issue is the central organization , And the lack of verification of the data we receive . This central infrastructure is becoming a single point of failure for security (SPOF), It's also some privacy nightmare , Some big companies know us more and more . stay  Diode, We think the decentralized blockchain infrastructure is DNS The perfect platform . We think Scattered PKI And scattered DNS It's the future of the Internet . When you go online , You don't have to worry about being watched , And make sure that the data you receive is valid and true .

In the decentralized DNS in , Such as “” The owner of a domain like this will / Her encrypted signature is stored in the public blockchain . So anything Web browser , mobile phone App And Internet of things devices can check the corresponding blockchain entries and find the correct signature . This scheme allows domain owners to manage their own domains , And there's no need to contact a central organization to get a certificate . It's completely distributed DNS Request service , Because every blockchain server can provide DNS data .


This new technology mainly comes from blockchain enthusiasts . Bitcoin creates distributed ledgers , Not controlled by any single entity , But it gets stronger as the number of participants increases . The etheric fang Bringing smart contracts as well as in block The ability to store any structured data on the chain . and  Namecoin  and  Ethereum Name System  It's parsing the domain name to Blockchain For the first time . stay  Diode, We are going to do the next research , Will be PKI and DNS Move to blockchain , And selectively allow the smallest devices ( Like microcontrollers ) Secure connection to blockchain .

stay Firefox Enable DNS-over-HTTPS

stay DNS-on-Blockchain(DoB) Before use , You should at least upgrade to DoH To protect your privacy . If you are using Firefox, It's built in DNS-over-HTTPS(DoH) - But disabled by default ! Just follow the steps below to open it :

step 1: stay Firefox Menu and choose “ Preferences ”, Or you can type about:preferences.

step 2: stay “ routine ” part , go to “ Network settings ” panel , And then click “ Set up ” Button .


step 3: In the pop-up window , Scroll down and select “ adopt HTTPS Enable DNS”. You can set other DoH Provider or use Cloudflare( Default ).Mozilla Made a strong Trusted Recursive Resolver(TRR) policy , prohibit DoH Partners collect personally identifiable information .


as for DNS on Blockchain I have to wait :)


版权声明:本文为[sweet potato]所创,转载请带上原文链接,感谢。