Blockchain can offer superior availability, integrity and privacy for domains.
The DNS or Domain Name System acts like a phone book for the Internet, translating easy-to-understand domain names like google.com into a specific Internet Protocol (IP address). This allows web browsers such as Google Chrome and Microsoft Internet Explorer to find the correct website for the user.
Typically, DNS packets are not encrypted, so when users send queries to a DNS server, both the DNS server and all other parties along the route (including your internet service provider and anyone else on your WiFi) know exactly what websites you are visiting.
Currently, the DNS system is completely centralized and organized by ICAAN (Internet Corporation for Assigned Names and Numbers), a non-profit organization based in the United States. DNS data is distributed worldwide, but is managed by different organizations hierarchically, through a first tier, a root tier managed by registries, and a second tier system managed by registrars.
Right now, giants like Cloudflare, GoDaddy, Amazon, Google and Namecheap, among others, dominate the domain registration space by registering and leasing domain names to users in a centralized way that is neither private, democratized nor particularly secure. These services can delete or remove a customer’s domain at any time, and are vulnerable to hacking.
All of this means that while the DNS system is essential to our modern Internet, it has many vulnerabilities – vulnerabilities that could potentially be addressed by integrating blockchain technology into the current DNS system.
DNS hacks demonstrate the vulnerability of the current DNS system
The current DNS system is vulnerable to many different types of hacking and other manipulation techniques. One common attack is called a DNS hijacking or redirection attack, which redirects a user from an expected web address to another, usually malicious, website. This website may look like a real website, prompting the user to enter personal information or accidentally download a virus or malware to their computer.
DDOS or distributed denial of service attacks are another serious vulnerability of the current DNS system. DDOS attacks work by overwhelming the target with massive amounts of Internet traffic. DDOS attacks are often carried out by “bot farms” or large networks of computers that have been compromised and are now controlled by the hacker.
A DDOS attack on a single website is one thing, but a DDOS attack on the servers of a major registrar or even ICANN itself could take out a large part of the Internet, resulting in economic losses and even political chaos.
Another type of DNS attack is DNS tunneling, in which additional information is passed through the DNS protocol that normally resolves network addresses. Instead of transmitting only the necessary data, DNS tunneling injects more data into the DNS path and can often bypass firewalls and other security measures. DNS tunneling can allow a hacker to gain control of the domain in question and can also be used to steal large amounts of domain data. This method is known to have been used by Iranian hackers to sabotage corporate and government websites in other countries such as the US and Israel.
Decentralized DNS with blockchain can increase the security of domains and Internet users
Current blockchain technology involves a distributed network through which transactions are recorded in a distributed registry and replicated on a number of independent distributed nodes. Transactions are grouped into blocks that must be verified by a significant number of nodes in order to be permanently added to the registry.
Unlike some blockchain systems, in most cases blockchain DNS providers give each node the same voting rights. Typically, all nodes must participate in a “vote” to approve new changes to the DNS system. While the system is not perfect, it helps prevent “whales” or powerful groups of nodes from dominating the system and making potentially harmful changes.
By decentralizing and distributing the DNS network, it will be much harder for hackers to break into the system. It could also prevent DNS problems caused by natural disasters that could shut down servers at large registrars.
Since the data in the blockchain registry cannot be altered or changed ex post facto, it will reduce or eliminate the need for current DNS security measures such as DNSSEC or domain name system security extensions. Currently, this system requires significant maintenance and requires re-signing of DNS root zone public key information every three months as a security measure.
Blockchain can solve many DNS problems, but is still in its infancy
As we mentioned at the beginning of this article, the three main important components of an effective DNS system are availability, integrity, and confidentiality. DNS blockchain protocols are prepared to address each of these issues. The immutable and distributed nature of blockchain registers prevents availability problems caused by hackers or natural disasters; it also helps ensure data integrity.



