DNSonChain: Delegating Privacy-Preserved DNS Resolution to Blockchain

Abstract

Domain Name System (DNS) is known to present privacy concerns. To this end, decentralized blockchains have been used to host DNS records, so that users can synchronize with the blockchain to maintain a local DNS database and resolve domain names locally. However, existing blockchain-based solutions either do not guarantee a domain name is controlled by its "true" owner; or have to resort to DNSSEC, a not yet widely adopted protocol, for verifying ownership. In this paper, we present DNSonChain, a new blockchain-based naming service compatible with DNS. It allows domain owners to claim their domain ownership on the blockchain where DNS records are hosted. The core function of DNSonChain is to validate the domain ownership in a decentralized manner. We propose a majority vote mechanism that randomly selects multiple participants (i.e., voters) in the system to vote for the authority of domain ownership. To provide resistance to attacks from fraudulent voters, DNSonChain requires two rounds of voting processes. Our security analysis shows that DNSonChain is robust against several types of security failures, able to recover from various attacks. We implemented a prototype of DNSonChain as an Ethereum decentralized application and evaluate it on an Ethereum Testnet.