The author of this article ：PETER LAI , yes Diode Blockchain engineer . Before entering the field of software development , He is mainly engaged in business administration .Peter Lai Also an active open source contributor . at present , He's working with Diode Team to develop blockchain based decentralized PKI（DPKI）.
Here is the full content of the article ：
Last month, , British Association of Internet service providers Nomination Mozilla Won this year's Internet villain Award , because Mozilla Plan support DNS-over-HTTPS, Circumvent UK filtering obligations and parental controls , To break the Internet norms in the UK .
stay Diode company , We think Mozilla Of DNS-over-HTTPS It's a good way to enhance end-user privacy protection . But it's not the best way to protect the open Internet , because DNS-over-HTTPS At least for the time being CloudFlare and Google The control of the . What we suggest is to use “DNS-on-Blockchain”, It's safe , Privacy protection and decentralized DNS alternatives .
What is? DNS？
DNS Is connected to Internet Or a dedicated network computer , Hierarchical and federated naming systems for services or other resources . according to RFC 1035 Definition ,DNS The goal is to provide a mechanism for naming resources , Make names available on different hosts 、 The Internet 、 agreement 、 Used in the Internet and management organizations . It is a group of information and domain names （ Such as IP Address ） Associated standards .
Use DNS The server , We don't have to remember the IP Address . When entering the domain name of the website in the browser , Will automatically turn to DNS The server sends the request .DNS The server looks up the domain and returns IP Address , So your browser knows where to connect .
But that's the problem .DNS Packet is not encrypted , When you DNS When the server sends a request , Not only DNS The server knows your request and the website you want to visit , And everyone else in the route . At the coffee shop , This could be someone else in the same store 、 Shopkeeper 、 Internet service providers or hackers of any espionage network traffic . This is the creation of DNS-over-HTTPS Why .
What is? DNS-over-HTTPS？
DNS-over-HTTPS（ abbreviation DoH） It's a kind of security encryption HTTPS Protocol analysis DNS Requested agreement . The goal of this method is to prevent manipulation through intermediaries DNS Data to prevent eavesdropping and increase security to increase user privacy .
Use DNS-over-HTTPS, When you enter the domain name of the website in the browser , can To encrypt HTTPS Request sent to support DoH Of DNS The server .HTTPS The Agreement deals only with DNS Requested DNS Decryption on the server , And the reply is sent back to encryption again . You don't have to worry about being watched . But it's not perfect , Here's why ：
DNS-over-HTTPS The problem of
And DNS The current state of privacy is just as bad , It's a very good federal system . There are thousands of independent DNS The server supports the Internet . On the other hand , When you use DNS-over-HTTPS when , Your data will be sent to Google or Cloudflare. This is a From federal infrastructure to centralized infrastructure Of A huge step back . their DoH The server can still know exactly what you are proposing DNS Request and where you want to connect . We all know that sharing too much data with third parties is dangerous , These big companies may record your DNS Query history , Match it with your other personal data or sell the query history to a third party .
Earlier this month ,Cloudflare The server is down due to an update , The reason is that the new code consumes a lot of CPU resources . Because many websites are using Cloudflare Service for , This leads to many large websites being affected by this outage .Cloudflare The latest incident is a single point of failure （SPOF） An intuitive example of . If DoH The server is centralized and there's a problem , Will cause you will not be able to access the Internet normally . This shows another risk of concentration around a small number of operators .
Last , encryption DNS Traffic does solve the privacy problem , But it doesn't guarantee that the data we receive is correct .PKI Or PKI is a centralized root security infrastructure , Can encrypt almost all of today's Internet traffic . This is also HTTPS The security foundation behind . If the attacker tries to steal HTTPS Server's certificate , He can pretend to be a server , Read all traffic , Even send fake DNS Request the results .
On the blockchain DNS
DNS-over-HTTPS The core issue is the central organization , And the lack of verification of the data we receive . This central infrastructure is becoming a single point of failure for security （SPOF）, It's also some privacy nightmare , Some big companies know us more and more . stay Diode, We think the decentralized blockchain infrastructure is DNS The perfect platform . We think Scattered PKI And scattered DNS It's the future of the Internet . When you go online , You don't have to worry about being watched , And make sure that the data you receive is valid and true .
In the decentralized DNS in , Such as “gitee.com” The owner of a domain like this will / Her encrypted signature is stored in the public blockchain . So anything Web browser , mobile phone App And Internet of things devices can check the corresponding blockchain entries and find the correct signature . This scheme allows domain owners to manage their own domains , And there's no need to contact a central organization to get a certificate . It's completely distributed DNS Request service , Because every blockchain server can provide DNS data .
This new technology mainly comes from blockchain enthusiasts . Bitcoin creates distributed ledgers , Not controlled by any single entity , But it gets stronger as the number of participants increases . The etheric fang Bringing smart contracts as well as in block The ability to store any structured data on the chain . and Namecoin and Ethereum Name System It's parsing the domain name to Blockchain For the first time . stay Diode, We are going to do the next research , Will be PKI and DNS Move to blockchain , And selectively allow the smallest devices （ Like microcontrollers ） Secure connection to blockchain .
stay Firefox Enable DNS-over-HTTPS
stay DNS-on-Blockchain（DoB） Before use , You should at least upgrade to DoH To protect your privacy . If you are using Firefox, It's built in DNS-over-HTTPS（DoH） - But disabled by default ！ Just follow the steps below to open it ：
step 1： stay Firefox Menu and choose “ Preferences ”, Or you can type about:preferences.
step 2： stay “ routine ” part , go to “ Network settings ” panel , And then click “ Set up ” Button .
step 3： In the pop-up window , Scroll down and select “ adopt HTTPS Enable DNS”. You can set other DoH Provider or use Cloudflare（ Default ）.Mozilla Made a strong Trusted Recursive Resolver（TRR） policy , prohibit DoH Partners collect personally identifiable information .
as for DNS on Blockchain I have to wait :)