Dive into the blockchain technology: Decentralized uncensored domain name system
We continue the cycle of articles devoted to blockchain technology. The last article in the EmerCoin Secrets series ended with a brief description of NVS (Name-Value Storage) - a distributed storage of records based on the Emerit blockchain. You will learn more about this in the material below.
1. A series of materials on Emer technology:
1.1. The secrets of EmerCoin .
1.2. Decentralized uncensored domain name system .
1.3. Worldwide public key infrastructure .
1.4. Decentralized password-free security system .
2. Fast and secure transactions .
3. Ecosystem of digital dentistry .
4. Combating counterfeit goods .
5. Mutual insurance of animals .
6. What is ICO and how to conduct it .
7. Loading ...
It should be noted that the credibility of such a repository (trust) is ensured by the consolidated efforts of miners who extract coins for themselves, and thereby sell the trust service to the network.
')
The NVS was based on the code from Namecoin , in which there is a similar storage to support the distributed domain zone * .bit. But if the storage from Namecoin is intended only for servicing a single domain zone, and additional steps need to be taken to load other types of data, the NVS was immediately implemented as a general-purpose data warehouse, using which you can create various distributed services.
Historically, the first EmerCoin service was a domain name service, similar to Namecoin's emcDNS. As attacks on the classic domain system grow, both from the side of crime and from local authorities, such a service becomes more and more popular. Read more about this here .
In addition, this service will allow building highly reliable and stable departmental networks with decentralized management, immune to denial of service of centralized DNS or attacks like DNS Spoofing.
In the emcDNS system, a domain record, as well as any other NVS record, can be managed only by its owner, more precisely, the owner of the wallet in which this record is located. Only he can change or delete it. It should be noted that since the record is in the blockchain, its copies are in each Emer-node. That is, each node contains information about all NVS-records, including domain ones. This allows you to search for such an entry locally, without requesting external servers, which results in high speed resolution of domain names, as well as high reliability and security - your provider will not know what sites you are looking for, especially if you access https .
When designing the service, the Namecoin approach was revised, and a number of improvements were made that made this service more attractive and practical. Consider them in detail.
If Namecoin serves only a fixed domain zone * .bit, the analogous Emer service allows you to serve several zones at the same time, and new zones are simply entered into the config-file. This opens up the possibility to create your own “departmental” domain zones based on emcDNS, which will be recognized only by suitably configured Emer-nodes. Currently, the system serves four public domain zones accessible via OpenNIC servers:
Unlike Namecoin, where the lease term is approximately 200 days, and it should be renewed regularly, in NVS, you can specify the lease term, and it can be a century. A longer rental period will cost more, but not by much. This approach simplifies administration and reduces the risk of losing control over the recording, which is possible if the recording expires and is intercepted by another network user.
In addition to the possibility of reserving a record for any period, in the Emer system there is the possibility to deactivate the record before the expiration of the lease term. Namecoin does not have such functionality.
The Namecoin system only supports the storage of DNS records. There is no mechanism for extracting and transferring these records to client programs in the standard DNS format. As far as is known, in order to use Namecoin, it is necessary to dump the entire database of names, and transfer it to the use of a classical DNS server, which searches for its mechanisms and sends answers in the standard rfc1035 format suitable for use.
Each EmerCoin wallet has a built-in DNS server that processes standard RFC1035 Internet format requests and responds in the same format that is used throughout the Internet. This allows you to talk about the true decentralization of the domain system, when each wallet is a DNS server, and not just dedicated gateway servers. This standardization also facilitates the integration of emcDNS with other subsystems.
This moment is very important in a “flat” domain network, in which there is no tree structure of servers serving one or another domain zone. Consider a subdomain capture attack.
Imagine that there is no protection mechanism or subdomain management, and the victim.emc server exists. The domain owner created another name, www.victim.emc , which he assigned to the same server. However, an attacker can create the name www1.victim.emc and assign it to his malicious server. Formally, these are two different names that are not related. However, in accordance with the paradigm of building Internet names and the classical DNS network, the user will transfer his trust in the victim.emc server to www1.victim.emc, as a result of which, for example, he can give the attacker a password.
At the time of analyzing the Namecoin code, there was no subdomain management mechanism. That is, to create and manage subdomains, the site must have its own NS server, which allows these subdomains. All records of domains of the 3rd level by this system are simply ignored.
There are two rules in the emcDNS system:
1. All requests for a domain name of any level, except “allowed exceptions”, are allowed as second-level domain names. That is, if the victim.emc record contains no exceptions, then requests to any subdomains will be resolved in it as to victim.emc. For example, a request to resolve the name hey.give.me.victim.emc would be completely equivalent to a request for the name victim.emc.
If the
Here we see the
Oleg Hovayko is a leading cryptocurrency developer EmerCoin, an expert in the field of cryptography and computer security. Since 1994 he has been working in IT. Currently, he is also the vice-president of the American investment bank, which makes operations with securities - Jefferies & Company. Which is considered one of the largest independent US banks.
1. Currently, this domain name system is used by a number of online libraries and torrent trackers. More details can be found here .
2. A brief description with an example and a picture of how to create a record .
3. Full description of the system .
4. To become a client of the system, you can either connect to any OpenNIC server, or, on your local machine or local network, deploy the gateway to emcDNS. Instructions on how to connect emcDNS domain zones via OpenNIC . This method does not require you to install an EmerCoin wallet, or any external programs or plug-ins. But the disadvantage of this method is the use of an external DNS server, which partially discredits the idea of ​​complete decentralization.
5. Description of other ways to connect to the system, with full functionality . See section Integration into a regular DNS tree. The recommended recipes are that the EmerCoin wallet is installed in the local computer or local network, and a gateway is created that “mixes” the ICANN and emcDNS domain zones. Pairing is done using any DNS Cache program. The examples are BIND, DNSMASQ, Acrylic.
The series of articles "Immersion in technology blockchain"
1. A series of materials on Emer technology:
1.1. The secrets of EmerCoin .
1.2. Decentralized uncensored domain name system .
1.3. Worldwide public key infrastructure .
1.4. Decentralized password-free security system .
2. Fast and secure transactions .
3. Ecosystem of digital dentistry .
4. Combating counterfeit goods .
5. Mutual insurance of animals .
6. What is ICO and how to conduct it .
7. Loading ...
Introduction
It should be noted that the credibility of such a repository (trust) is ensured by the consolidated efforts of miners who extract coins for themselves, and thereby sell the trust service to the network.
')
The NVS was based on the code from Namecoin , in which there is a similar storage to support the distributed domain zone * .bit. But if the storage from Namecoin is intended only for servicing a single domain zone, and additional steps need to be taken to load other types of data, the NVS was immediately implemented as a general-purpose data warehouse, using which you can create various distributed services.
What is emcDNS and why is it needed?
Historically, the first EmerCoin service was a domain name service, similar to Namecoin's emcDNS. As attacks on the classic domain system grow, both from the side of crime and from local authorities, such a service becomes more and more popular. Read more about this here .
In addition, this service will allow building highly reliable and stable departmental networks with decentralized management, immune to denial of service of centralized DNS or attacks like DNS Spoofing.
In the emcDNS system, a domain record, as well as any other NVS record, can be managed only by its owner, more precisely, the owner of the wallet in which this record is located. Only he can change or delete it. It should be noted that since the record is in the blockchain, its copies are in each Emer-node. That is, each node contains information about all NVS-records, including domain ones. This allows you to search for such an entry locally, without requesting external servers, which results in high speed resolution of domain names, as well as high reliability and security - your provider will not know what sites you are looking for, especially if you access https .
Discussing the system architecture, EmerCoin held an interesting dialogue with the developers of the traditional focus.
- Congratulations! You invented the hosts file!
- Yes. In a sense, it is. But only our hosts file:
- Yes. In a sense, it is. But only our hosts file:
- Same on all machines (miners guarantee it).
- In it, each line can only be changed by the owner of this line, and no one else.
- The modified line is quickly replicated to other machines.
- It has an index for quick search.
Differences from Namecoin
When designing the service, the Namecoin approach was revised, and a number of improvements were made that made this service more attractive and practical. Consider them in detail.
Several domain zones instead of one
If Namecoin serves only a fixed domain zone * .bit, the analogous Emer service allows you to serve several zones at the same time, and new zones are simply entered into the config-file. This opens up the possibility to create your own “departmental” domain zones based on emcDNS, which will be recognized only by suitably configured Emer-nodes. Currently, the system serves four public domain zones accessible via OpenNIC servers:
- * .coin - the main alternative domain, primarily associated with crypto-coins and other money;
- * .emc - domain for services related to EmerCoin;
- * .lib (from liberty and library - for political movements for all good, against all bad) - for libraries of various contents;
- * .bazar - for various trading and exchange sites.
Ability to set the rental period
Unlike Namecoin, where the lease term is approximately 200 days, and it should be renewed regularly, in NVS, you can specify the lease term, and it can be a century. A longer rental period will cost more, but not by much. This approach simplifies administration and reduces the risk of losing control over the recording, which is possible if the recording expires and is intercepted by another network user.
Ability to delete a record
In addition to the possibility of reserving a record for any period, in the Emer system there is the possibility to deactivate the record before the expiration of the lease term. Namecoin does not have such functionality.
Built-in DNS server rfc1035
The Namecoin system only supports the storage of DNS records. There is no mechanism for extracting and transferring these records to client programs in the standard DNS format. As far as is known, in order to use Namecoin, it is necessary to dump the entire database of names, and transfer it to the use of a classical DNS server, which searches for its mechanisms and sends answers in the standard rfc1035 format suitable for use.
Each EmerCoin wallet has a built-in DNS server that processes standard RFC1035 Internet format requests and responds in the same format that is used throughout the Internet. This allows you to talk about the true decentralization of the domain system, when each wallet is a DNS server, and not just dedicated gateway servers. This standardization also facilitates the integration of emcDNS with other subsystems.
Subdomain management
This moment is very important in a “flat” domain network, in which there is no tree structure of servers serving one or another domain zone. Consider a subdomain capture attack.
Imagine that there is no protection mechanism or subdomain management, and the victim.emc server exists. The domain owner created another name, www.victim.emc , which he assigned to the same server. However, an attacker can create the name www1.victim.emc and assign it to his malicious server. Formally, these are two different names that are not related. However, in accordance with the paradigm of building Internet names and the classical DNS network, the user will transfer his trust in the victim.emc server to www1.victim.emc, as a result of which, for example, he can give the attacker a password.
At the time of analyzing the Namecoin code, there was no subdomain management mechanism. That is, to create and manage subdomains, the site must have its own NS server, which allows these subdomains. All records of domains of the 3rd level by this system are simply ignored.
There are two rules in the emcDNS system:
1. All requests for a domain name of any level, except “allowed exceptions”, are allowed as second-level domain names. That is, if the victim.emc record contains no exceptions, then requests to any subdomains will be resolved in it as to victim.emc. For example, a request to resolve the name hey.give.me.victim.emc would be completely equivalent to a request for the name victim.emc.
If the
value name specifies a special SD tag, then its value is interpreted as a list of allowed exceptions that are serviced by the system. Consider as an example the liblib library's emcDNS entry: "name" : "dns:flibusta.lib", "value" : "A=81.17.19.227|SD=static,cn|TXT=Flibusta Library", Here we see the
SD tag containing two exceptions - static , cn . This means that the emcDNS system resolves the names static.flibusta.lib and cn.flibusta.lib, rather than reducing them to flibusta.lib. Records of these names can also contain an SD tag, and thus, it will be possible to build trusted domain names of any level. Untrusted entries will be reduced to the second level name.about the author
Oleg Hovayko is a leading cryptocurrency developer EmerCoin, an expert in the field of cryptography and computer security. Since 1994 he has been working in IT. Currently, he is also the vice-president of the American investment bank, which makes operations with securities - Jefferies & Company. Which is considered one of the largest independent US banks.
useful links
1. Currently, this domain name system is used by a number of online libraries and torrent trackers. More details can be found here .
2. A brief description with an example and a picture of how to create a record .
3. Full description of the system .
4. To become a client of the system, you can either connect to any OpenNIC server, or, on your local machine or local network, deploy the gateway to emcDNS. Instructions on how to connect emcDNS domain zones via OpenNIC . This method does not require you to install an EmerCoin wallet, or any external programs or plug-ins. But the disadvantage of this method is the use of an external DNS server, which partially discredits the idea of ​​complete decentralization.
5. Description of other ways to connect to the system, with full functionality . See section Integration into a regular DNS tree. The recommended recipes are that the EmerCoin wallet is installed in the local computer or local network, and a gateway is created that “mixes” the ICANN and emcDNS domain zones. Pairing is done using any DNS Cache program. The examples are BIND, DNSMASQ, Acrylic.
Source: https://habr.com/ru/post/314368/
All Articles