DNS and wallet addresses

[metoro]

I was just thinking about the possibility of harnessing the conventional domain name system as a means to store wallet addresses such that you could direct a transaction to a URL something like:

wallet.mydomain.com

Could this be achieved using the TXT-type record on the DNS for the subdomain? Would be pretty cool to define a standard for this. The record could contain addresses for various wallet types - e.g.

wallet.mydomain.com. TXT "wallet=btc:1K59yRiX3Vvp2jZyHYDmmzGaGehLFL9aWy xrp:raiE52Ws8wYjh8k93dDDUqq4HwkfPhR6fA"

This seems so obvious that I assume I'm either being stupid somehow, or that this is an old idea, but thought I'd chuck it out there...

Ben

[1714482866]

1714482866

[1714482866]

1714482866

[toolbag]

I can't think of any reason that wouldn't work. I think you can create multiple TXT records for a domain, too, so you wouldn't have to cram every wallet address into a single record.

[metoro]

Yes, that makes sense, since I think the maximum length of a TXT is 255 chars.

[grue]

what's preventing a malicious registrar/ISP/government from intercepting the dns request? this is currently worse than posting the address on a https page.

[toolbag]

Perhaps such a scheme can only be secure if it's combined with DNSSEC or something like that.

[metoro]

Right, of course. Easy enough to misdirect to a different wallet by 'hacking' the record down river. DNSSEC looks like a good solution to that problem...

[harik]

I was just thinking about the possibility of harnessing the conventional domain name system as a means to store wallet addresses such that you could direct a transaction to a URL something like:

wallet.mydomain.com

Could this be achieved using the TXT-type record on the DNS for the subdomain? Would be pretty cool to define a standard for this. The record could contain addresses for various wallet types - e.g.

wallet.mydomain.com. TXT "wallet=btc:1K59yRiX3Vvp2jZyHYDmmzGaGehLFL9aWy xrp:raiE52Ws8wYjh8k93dDDUqq4HwkfPhR6fA"

This seems so obvious that I assume I'm either being stupid somehow, or that this is an old idea, but thought I'd chuck it out there...

Ben

So to pay someone on an anonymous transaction system you need to access a logging DNS server and leave a littered trail of queries?  I'm just verifying your plan here.  I'll be sure to use this on a torland website so idiots give me their IP addresses.

Congratulations, you just invented the 1x1 transparent .gif for bitcoin.

[toolbag]

Not everyone using Bitcoin is concerned with anonymity, and those who are use Tor anyway, so their DNS queries are already anonymized. DNS query results get cached, too, so not every query is going to be visible to the person running the authoritative DNS server for the domain in question. Even without Tor, if you use a popular public DNS server like 8.8.8.8, 4.2.2.2, etc., then there's a fair chance your queries will be returned from that server's cache anyway. I don't see how this is any more of a threat than running a Bitcoin client without Tor.

[harik]

Not everyone using Bitcoin is concerned with anonymity, and those who are use Tor anyway, so their DNS queries are already anonymized. DNS query results get cached, too, so not every query is going to be visible to the person running the authoritative DNS server for the domain in question. Even without Tor, if you use a popular public DNS server like 8.8.8.8, 4.2.2.2, etc., then there's a fair chance your queries will be returned from that server's cache anyway. I don't see how this is any more of a threat than running a Bitcoin client without Tor.

It's because you're crossing a security boundary with a bugged address.  Basically, if you posted your 1xxxx address on a torified website and you sent to it, no other information but that address has been passed on.  When you use a vanity name backed with txt record, you're putting a permanent bug in someone's client - since now it's a.b.c.d that needs to be looked up to be sent.  At any time their client leaves the security domain you have the chance of leaking IP addresses.

Not to mention having to wedge all of dnssec into the reference client in order to validate the signature.

[deepceleron]

much harder to forge:

http://explorer.dot-bit.org/n/74491

[toolbag]

OK, fair enough; those are good points. I guess we're running up on the old trade-off between security and convenience. In any case, I wasn't trying to argue that this is an idea that should be in the reference client ASAP, only that it's a decent idea worth looking at.

[Zeilap]

See also https://en.bitcoin.it/wiki/BIP_0015

[bitpop]

Make a site with a * cname record and let us add modules like mtgox payment form. It can't be forged if you match the address. But someone can hack it and make all the forms go to him.