DNS directly based upon Bitcoin's blockchain

[jbtcer]

Now that Bitcoin supports Taproot, wouldn't that unlock the possibility to setup a DNS registrar side-chain?

I am thinking about some protocol that uses the Bitcoin blockchain to register batch payment transactions while the registrar "chain" keeps track of which names are registered to which keys.

Eg.

I want to self register "sample.bitcoin" domain under my ownership, so I produce a Taproot transaction in Bitcoin that pays to some hash, apart from the network fees.

That hash is actually tied to a side chain name claim transaction that contains the name claimed, the public key claiming it and the signature from the private key. The claim is valid if that name had not been claimed beforehand from a different key on any side chain entry linked to a confirmed block in Bitcoin.

Maybe names ownership, if not reclaimed, is automatically dropped after some time decided at claim time, which could be 50 years by default and no more than 100 years in any case.

A transfer is agreed with someone to buy "sample.bitcoin" from me later on, so another transaction goes into Bitcoin for that. The taproot hash in the side chain is actually a "transfer agreement" which includes the signatures of the owner releasing the name and the new owner accepting it. It also includes the claim validity period, as a regular initial claim. The Bitcoin transaction will not only include the miner fees but also the payment from the name seller to the new owner.

This system could also allow for explicit name releases, if the owners decide they do not want to hold that name nor sell it to anyone else.

The bitcoin taproot transactions could be individual or made in group batches. Registrars would mint a bunch of collective registrar claim/transfers/drops from several participants into a single bitcoin transaction, offering lower transaction fees than if each participant decides to create their own individual registrar transaction. That is you are free to be your own registrar, it is only more expensive that allowing a registrar to add your claim to next batch going to the blockchain.

DNS full servers using this approach will have to keep track of the current registered names by running their own bitcoin full node or relying on some trustworthy one. And they would need to also keep listening to the side-chain updates, building the latest valid state from the longest bitcoin chain.

Other DNS servers might do a lighter check leveraging full server answers. And the client DNS servers might use the regular DNS protocol to query this system.

TLS certificates can be built on top of the trust on the owner of the name they protect. Eg. "myserver.sample.bitcoin" can be signed by any private key that is signed by the name owner private key.


Is anyone working on something like this or similar? Any links?

If not, why is that? what are the issues preventing this to happen or been explored?

[pooya87]

What you explained is suitable for a solution on bitcoin chain itself although I don't think it is a good idea to have something like that on it.
If the names database is supposed to be on a side chain then there is no need for Taproot. We already could create side chains without it and all the rules (the owner, the ownership transfer, etc.) could be enforced on that chain entirely.

The payment could also be to an OP_RETURN output (instead of just pushing hash in an arbitrary script that would create a UTXO in all nodes' chainstate db) and the data inside it should be evaluated inside that sidechain with its own rules.

[mendace]

Now that Bitcoin supports Taproot, wouldn't that unlock the possibility to setup a DNS registrar side-chain?

I am thinking about some protocol that uses the Bitcoin blockchain to register batch payment transactions while the registrar "chain" keeps track of which names are registered to which keys.

Eg.

I want to self register "sample.bitcoin" domain under my ownership, so I produce a Taproot transaction in Bitcoin that pays to some hash, apart from the network fees.

That hash is actually tied to a side chain name claim transaction that contains the name claimed, the public key claiming it and the signature from the private key. The claim is valid if that name had not been claimed beforehand from a different key on any side chain entry linked to a confirmed block in Bitcoin.

Maybe names ownership, if not reclaimed, is automatically dropped after some time decided at claim time, which could be 50 years by default and no more than 100 years in any case.

A transfer is agreed with someone to buy "sample.bitcoin" from me later on, so another transaction goes into Bitcoin for that. The taproot hash in the side chain is actually a "transfer agreement" which includes the signatures of the owner releasing the name and the new owner accepting it. It also includes the claim validity period, as a regular initial claim. The Bitcoin transaction will not only include the miner fees but also the payment from the name seller to the new owner.

This system could also allow for explicit name releases, if the owners decide they do not want to hold that name nor sell it to anyone else.

The bitcoin taproot transactions could be individual or made in group batches. Registrars would mint a bunch of collective registrar claim/transfers/drops from several participants into a single bitcoin transaction, offering lower transaction fees than if each participant decides to create their own individual registrar transaction. That is you are free to be your own registrar, it is only more expensive that allowing a registrar to add your claim to next batch going to the blockchain.

DNS full servers using this approach will have to keep track of the current registered names by running their own bitcoin full node or relying on some trustworthy one. And they would need to also keep listening to the side-chain updates, building the latest valid state from the longest bitcoin chain.

Other DNS servers might do a lighter check leveraging full server answers. And the client DNS servers might use the regular DNS protocol to query this system.

TLS certificates can be built on top of the trust on the owner of the name they protect. Eg. "myserver.sample.bitcoin" can be signed by any private key that is signed by the name owner private key.


Is anyone working on something like this or similar? Any links?

If not, why is that? what are the issues preventing this to happen or been explored?

Taproot is a proposed upgrade to the Bitcoin blockchain that, among other things, allows for more efficient and private transactions. It does not directly enable the creation of side chains, which are separate blockchains that are pegged to the main Bitcoin blockchain. While it is theoretically possible to create a side chain for DNS registration using the features enabled by Taproot, to the best of my knowledge, no one is currently working on a project like this.

There are several challenges that would need to be addressed in order to implement a system like the one you describe. For example, the concept of "name ownership" would need to be clearly defined and enforced, and a mechanism would need to be put in place to ensure the integrity of the DNS registration data on the side chain. Additionally, the system would need to be designed in a way that is secure, scalable, and resistant to attacks.

It's worth noting that there are already existing solutions for decentralized DNS registration, such as the InterPlanetary File System (IPFS) and the Ethereum Name Service (ENS). These systems may offer some insights into how a DNS registration system using the Bitcoin blockchain could be designed and implemented

[jbtcer]

Thanks for your explanation.

What you explained is suitable for a solution on bitcoin chain itself although I don't think it is a good idea to have something like that on it.
If the names database is supposed to be on a side chain then there is no need for Taproot. We already could create side chains without it and all the rules (the owner, the ownership transfer, etc.) could be enforced on that chain entirely.

The payment could also be to an OP_RETURN output (instead of just pushing hash in an arbitrary script that would create a UTXO in all nodes' chainstate db) and the data inside it should be evaluated inside that side-chain with its own rules.

Yes, ideally the Bitcoin blockchain sees only regular transactions with no other data than a reference that can be used in the side chain to verify the registrations (single or batch) were actually confirmed on chain.

Each single transaction there could map to several registrations, which are decomposed on the side chain together with the registrations themselves. That way the Bitcoin blockchain is not bloated with extra data it was not designed for, yet it is used for securing the payment for those transactions.

One could make a registration individually, but will have to pay the full Bitcoin transaction fee by oneself. A registrar would be an intermediary that aggregates registrations into a single Bitcoin transaction. They earn what they charge to all individual registrations minus the fee charged in by Bitcoin miners on chain. They compete with fees, so they must charge less than what the individual registration would pay in fees.

Registrations must be valid first AND confirmed on chain to take effect.

I guess I need to study Taproot more closely. For instance, I am guessing Taproot will not allow for us to aggregate several payments in a multi-registration as if it were a single transaction from one input. I mean, if the multi-registration has N different participants, it might mean no less than N inputs. Meaning those transactions might still have a size proportional to the number of registrations, putting pressure on the base blockchain and raising DNS registration costs.

[DooMAD]

Whether it would function as a Bitcoin sidechain is one question, but whether people would actually use it seems to be the far more pressing one in my mind.  It's a field which hasn't really experienced the levels of success people often assumed would come naturally.  One of the earliest altcoins, Namecoin, tried to serve this niche, along with the subsequent projects mendace mentioned in their post.  But from what I've seen, they've never really had any significant levels of adoption.  Personally, I don't see how building the same sort of service upon Bitcoin would garner any fresh interest in the concept.

It's difficult enough getting the masses to accept and understand Bitcoin as money, let alone as a means to secure domain names. 

[jbtcer]

...
There are several challenges that would need to be addressed in order to implement a system like the one you describe. For example, the concept of "name ownership" would need to be clearly defined and enforced, and a mechanism would need to be put in place to ensure the integrity of the DNS registration data on the side chain. Additionally, the system would need to be designed in a way that is secure, scalable, and resistant to attacks.

It's worth noting that there are already existing solutions for decentralized DNS registration, such as the InterPlanetary File System (IPFS) and the Ethereum Name Service (ENS). These systems may offer some insights into how a DNS registration system using the Bitcoin blockchain could be designed and implemented

Thanks, I will check those out.

Regarding the rules and integrity I was thinking something like this:
- All registrations has a the name registered, a deadline and a source and target.
- If you are claiming a name for the first time, it will have an empty source and the destination would be basically your owner private key signature and certificate.
- If the registration is a transfer, the source refers to the previous registration of that name and a signature of the seller, while the target is again an owner signature and certificate.
- A registration release has a source and an empty target. Maybe there is some rest period in which a new claim is not allowed unless the old owner makes an explicit transfer to the new recipient.

About integrity, as usual each registration and the registration set are hashed and the Bitcoin payment includes a hash to the registration set.

[jbtcer]

Whether it would function as a Bitcoin sidechain is one question, but whether people would actually use it seems to be the far more pressing one in my mind.  It's a field which hasn't really experienced the levels of success people often assumed would come naturally.  One of the earliest altcoins, Namecoin, tried to serve this niche, along with the subsequent projects mendace mentioned in their post.  But from what I've seen, they've never really had any significant levels of adoption.  Personally, I don't see how building the same sort of service upon Bitcoin would garner any fresh interest in the concept.

It's difficult enough getting the masses to accept and understand Bitcoin as money, let alone as a means to secure domain names.  

You have a point there, of course.

On the other, hand I think things are taking a very dark turn lately. Governments all over the world are seeing how its Fiat toy is dying, and are getting nervous. They are releasing CBDCs upon their population for total control. I expect that will make many more people interested in having a truly decentralized and censor resistant DNS service based upon THE one truly decentralized and censor resistant blockchain. Hopefully I am wrong and we do not get to that point.

But yeah, maybe the need is not there yet. I think the system is feasible and if/when the need arises, it can be done in a relatively short time.

[DooMAD]

On the other, hand I think things are taking a very dark turn lately. Governments all over the world are seeing how its Fiat toy is dying, and are getting nervous. They are releasing CBDCs upon their population for total control. I expect that will make many more people interested in having a truly decentralized and censor resistant DNS service based upon THE one truly decentralized and censor resistant blockchain. Hopefully I am wrong and we do not get to that point.

But yeah, maybe the need is not there yet. I think the system is feasible and if/when the need arises, it can be done in a relatively short time.

That's fair.  I suppose the "if you build it, they will come" argument would have to kick in at some point if things do worsen.  Some people being willing and able to benefit from such a system is better than none.  Based on the way things are going, I could envision a bleak future when a "free internet" will be in direct competition with a government-mandated one.  The demand may well be there one day, so it's better to be prepared.

[Artemis3]

But Namecoin was going to have its own blockchain no? Whatever happened to this?