A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!
Want to see pretty graphs? Log in now!
npm install dnschain
|13||downloads in the last week|
|22||downloads in the last month|
|Last Published By|
|Version||0.0.2 last updated 3 days ago|
|Keywords||dns, server, security, namecoin, bitcoin, blockchain, cryptography, crypto, authentication, identity, ssl, tls|
|Dependencies (11)||json-rpc2, lodash, string, native-dns, event-stream, lodash-contrib, stream-array, winston, nconf, properties, inquirer|
DNSChain (formerly DNSNMC) makes it possible to be certain that you're communicating with who you want to communicate with, and connecting to the sites that you want to connect to, without anyone secretly listening in on your conversations in between.
- What is it?
- How do I use it?
- How do I run my own DNSChain server?
- Release History
In spite of their names, SSL/TLS and HTTPS are not secure.
DNSChain fixes this. What is DNSChain?
- It's a DNS server that supports old-school DNS, and blockchain-based DNS (Namecoin currently), giving you access to
- It creates the .dns meta-TLD. Each
.dns"TLD" belongs to just one DNSChain server: the one you're connected to.
- It's an HTTP server (and in the future, an HTTPS server)
- At its core, it lets you connect to websites, chat with your friends, and be safe from eavesdroppers and Big Brother-type entities. It gives you the gift of authentication.
It's also only about 600 lines of easy to understand CoffeeScript! This means that even mere mortals can look at the code, and verify for themselves that it is safe to run on their systems.
Well, simple to share, a little more difficult to register it (at the moment only, give it time ^_^):
namecoindto register your identity in the
- Use a DNSChain server that exposes its
.dnsmeta-TLD through the traditional DNS, as shown in the screenshot.
It's always best to use your own server, of course. Note: headers containing a crypographic signature will be sent soon!
SSL certificates today do not provide the security that they claim to provide. DNSChain replaces Certificate Authorities by providing a means for distributing public keys in a way that is secure from MITM attacks.
.dns is a "meta-TLD" because unlike traditional TLDs, it is not meant to globally resolve to a specific IP. Rather, it is meant to resolve to a DNSChain server that you personally own and run.
It bears emphasizing that you cannot register a meta-TLD because you already own them!
When a DNSChain server sees a request to a
.dns domain, it handles the request itself, looking it up in a blockchain stored on that same server. At the moment, DNSChain uses the Namecoin blockchain, but it can easily be configured to use any blockchain.
No special software is required, just set your computer's DNS settings to use one of the public DNSChain servers (more secure to run your own though).
Then try the following:
- Visit http://okturtles.bit
- "What's the domain info for
- "Who is Greg and what is his GPG info?" http://namecoin.dns/id/greg
Don't want to change your DNS settings?
As a convenience, the first DNSChain server's
.dns meta-TLD can be accessed over the old-DNS by way of
dns.dnschain.net, like so:
- "Who is Greg?" http://dns.dnschain.net/id/greg
DNSChain is meant to be run by individuals!
Yes, you can use a public DNSChain server, but it's far better to use your own because it gives you more privacy, makes you more resistant to censorship, and provides you with a stronger guarantee that the responses you get haven't been tampered with by a malicious server.
Those who do not own their own server or VPS can use their friend's (as long as they trust that person). DNSChain servers will sign all of their responses, thus protecting your from MITM attacks. (NOTE: signing is not yet implemented, but will be soon)
|IP or DNSCrypt provider||DNSCrypt Info||Logs||Location||Owner||Notes|
|22.214.171.124 (aka d/okturtles)||N/A||No||Atlanta, GA||id/greg|
|126.96.36.199 (aka name.thwg.org)||N/A||No||USA||id/wozz|
|2.dnscrypt-cert.okturtles.com||Required Info||No||Atlanta, GA||id/greg|
|2.dnscrypt-cert.soltysiak.com||Required Info||No||Poznan, Poland||@maciejsoltysiak||IPv6 available|
Tell us about yours by opening an issue (or any other means) and we'll list it here!
We'll list the public keys for these servers here as well when the signing of responses is implemented. Note that for ENCRYPTED servers you are already guaranteed the authenticity of responses.
.bit domains and public identities are currently stored in the Namecoin P2P network. It's very similar to the Bitcoin network.
All of this must currently be done using
namecoind, a daemon that DNSChain requires running in the background to access the Namecoin network.
See the Namecoin wiki for more info:
Get yourself a Linux server (they come as cheap as $2/month), and then make sure you have the following software installed:
npm- We recommend using a package manager to install them.
- coffee-script (version 1.7.1+) - install via
npm install -g coffee-script
grunt-cli- install via
npm install -g grunt-cli, provides the
- Install DNSChain using:
npm install -g dnschain(you may need to put
sudoin front of that).
namecoindin the background. You can use
systemdand create a
namecoin.servicefile for it based off of dnschain.service.
Test DNSChain by simply running
dnschain from the command line (developers see here). Have a look at the configuration section below, and when you're ready, run it in the background as a daemon. As a convenience, DNSChain comes with a
systemd unit file that you can use to run it.
DNSChain uses the wonderful
nconf module for all of its configuration purposes. This means that you can configure it using files, command line arguments, and environment variables.
There are two configurations to be aware of (both loaded using
nconf): DNSChain's, and
dnschain.conflocations (in order of preference):
namecoin.conflocations (in order of preference):
DNSChain will fetch the RPC username and password out of Namecoin's configuration file if it can find it. If it can't, you'll either need to fix that, or provide
rpcpassword, etc. to it via command line arguments or environment variables.
The format of the configuration file is similar to INI, and is parsed by the NodeJS
properties module (in tandem with
nconf). Here's a very basic
[log] level=info [dns] port=5333 [http] port=8088 tlsPort=4443
Have a look at config.coffee to see all the possible configuration options and defaults!
sudo grunt example from the DNSChain repository that you cloned from here.
Grunt will automatically lint your code to the style used in this project, and when files are saved it will automatically re-load and restart the server (as long as you're editing code under
- IRC (Freenode):
- Forums We use a self-signed cert! Tell your browser to store it permanently.
- HTTPS fingerprint for
- HTTPS fingerprint for
- Twitter: @DNSChain
- Email: hi at okturtles.com
To test and develop at the same time, simply run
sudo grunt example and set your computer's DNS to use
127.0.0.1. Grunt will automatically lint your code to the style used in this project, and when files are saved it will automatically re-load and restart the server (as long as you're editing code under
- Greg Slepak (Original author and current maintainer)
- Matthieu Rakotojaona (DANE/TLSA support and misc. fixes)
- Your name & link of choice here!
See TODOs in source, below is only a partial list.
- BUG: Fix ANY-record type resolution for .bit and .dns domains.
- sign responses
- add DANE support (coming soon thanks to @rakoo!)
- Support command line arguments
|0.0.2||April 15, 2014||
|0.0.1||February 9, 2014||Published to
Copyright (c) 2013-2014 Greg Slepak. Licensed under the BSD 3-Clause license.