Namecoin Forum

Hi there,
I have seen on the wiki that folks are looking at how to make Namecoin and DNSSEC play well together. I am also interested in this, and we have a lot of expertise on the DNSSEC side of things.

How can we best get the conversation started?

Justin

justinwnewton wrote:Hi there,
I have seen on the wiki that folks are looking at how to make Namecoin and DNSSEC play well together. I am also interested in this, and we have a lot of expertise on the DNSSEC side of things.

How can we best get the conversation started?

Justin

Hi Justin,

Ryan is probably the one to talk to on that, at least initially. I'll see if I can point him to this thread.

Hi.

I recently wrote a Namecoin-to-DNS daemon in Go which supports the use of DNSSEC. It serves records signed by the DNSSEC keys you provide, and also serves signed DS records where specified by the values in Namecoin.

The spec for putting DS records in Namecoin is on the wiki.

The daemon also supports suffix-based operation, meaning it will consider domains such as x.bit.y.com. to be equivalent to x.bit. (Of course this working depends on appropriate leeway in the configuration of nameservers webservers. Since the use of suffixes is probably one of the easiest ways to enable widespread usage of Namecoin, patches for nameservers and webservers which look for '.bit.' in hostnames and strip off suffixes would be useful.)

https://github.com/hlandau/ncdns.t - see doc/ directory for README, type 'make' to build.

ncdns is authoritative-only, so you either use it via a delegation from another authoritative nameserver, or configure a recursive resolver such as Unbound to use it as a stub zone.