DNSSEC and Namecoin

https://www.namecoin.org/dot-bit/
Post Reply
justinwnewton
Posts: 1
Joined: Tue Aug 19, 2014 4:43 pm

DNSSEC and Namecoin

Post by justinwnewton »

Hi there,
I have seen on the wiki that folks are looking at how to make Namecoin and DNSSEC play well together. I am also interested in this, and we have a lot of expertise on the DNSSEC side of things.

How can we best get the conversation started?

Justin

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: DNSSEC and Namecoin

Post by biolizard89 »

justinwnewton wrote:Hi there,
I have seen on the wiki that folks are looking at how to make Namecoin and DNSSEC play well together. I am also interested in this, and we have a lot of expertise on the DNSSEC side of things.

How can we best get the conversation started?

Justin
Hi Justin,

Ryan is probably the one to talk to on that, at least initially. I'll see if I can point him to this thread.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

hla
Posts: 46
Joined: Mon Nov 10, 2014 12:01 am
os: linux
Contact:

Re: DNSSEC and Namecoin

Post by hla »

Hi.

I recently wrote a Namecoin-to-DNS daemon in Go which supports the use of DNSSEC. It serves records signed by the DNSSEC keys you provide, and also serves signed DS records where specified by the values in Namecoin.

The spec for putting DS records in Namecoin is on the wiki.

The daemon also supports suffix-based operation, meaning it will consider domains such as x.bit.y.com. to be equivalent to x.bit. (Of course this working depends on appropriate leeway in the configuration of nameservers webservers. Since the use of suffixes is probably one of the easiest ways to enable widespread usage of Namecoin, patches for nameservers and webservers which look for '.bit.' in hostnames and strip off suffixes would be useful.)

https://github.com/hlandau/ncdns.t - see doc/ directory for README, type 'make' to build.

ncdns is authoritative-only, so you either use it via a delegation from another authoritative nameserver, or configure a recursive resolver such as Unbound to use it as a stub zone.

Post Reply