[DNSOP] *.DNS metaTLD [ref: additional special names]

okTurtles <hi@okturtles.com> Sun, 02 March 2014 00:45 UTC

Return-Path: <hi@okturtles.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 1FB4B1A0B4D for <dnsop@ietfa.amsl.com>; Sat, 1 Mar 2014 16:45:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.412
X-Spam-Status: No, score=-0.412 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RAZOR2_CHECK=0.922, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OiI72LK--Uf4 for <dnsop@ietfa.amsl.com>; Sat, 1 Mar 2014 16:45:31 -0800 (PST)
Received: from homiemail-a60.g.dreamhost.com (caiajhbdcbbj.dreamhost.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3A63E1A0B47 for <dnsop@ietf.org>; Sat, 1 Mar 2014 16:45:31 -0800 (PST)
Received: from homiemail-a60.g.dreamhost.com (localhost []) by homiemail-a60.g.dreamhost.com (Postfix) with ESMTP id 7A5B23BC06A for <dnsop@ietf.org>; Sat, 1 Mar 2014 16:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=okturtles.com; h=from :content-type:mime-version:subject:message-id:date:to; s= okturtles.com; bh=zw7MD1NUTyg4IUXXH292aKO4KHY=; b=Cirxo/o067KHA3 p4wAlaoUw5NIRFGHbdwMiBlz+5u4Ltxs+2QXXDocyd0imFXZelIw7zdYxRGd7egV YvKMRzkMxA25MJrFyc7a9hS3xJV0cKahuQY45MTF8i7YydfbMpfuRHv3kYz96SCj YuuKRFisk3Cano4ymwXxoSC9iOsoU=
Received: from [] (173-31-103-210.client.mchsi.com []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: hi@okturtles.com) by homiemail-a60.g.dreamhost.com (Postfix) with ESMTPSA id 186CE3BC06E for <dnsop@ietf.org>; Sat, 1 Mar 2014 16:45:27 -0800 (PST)
From: okTurtles <hi@okturtles.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_127E32E8-B892-4FAE-BF42-08D100A46B3F"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Message-Id: <F88E53A6-A9CC-4F44-A986-AEB8F02EEFA1@okturtles.com>
Date: Sat, 1 Mar 2014 18:45:09 -0600
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/ptWFd4W3ZbeT9ao1PW4x2dzX5uQ
Subject: [DNSOP] *.DNS metaTLD [ref: additional special names]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 00:45:33 -0000

Hi list,

Just saw Stephane Bortzmeyer's email to the list:

On Mar 1, 2014, at 9:07 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> There is even better now, there is a .DNS :-)
> http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/
> Because it is very recent, it has no installed user base. This may be
> a good opportunity to get in touch with the author(s) and ask them if
> they would be willing to accept a dns.alt or something like that. Any
> volunteer for outreach?

That blog post was written, in part, so that it could serve as reference for related emails on this list. :-)

Some background for those who haven't read it:

I'm working on a blockchain-based DNS resolver and (and proxy-to-blockchain) called DNSChain. It is mostly implemented, and it works (I'm using it right now in fact, along with dnscrypt-proxy).

It introduces a meta-TLD called *.dns (dotDNS, with or without the hyphen). Details here:


The term "meta-TLD" (with or w/out hyphen) is used in place of "pseudo-TLD" to emphasize the fact that pseudo-TLDs have more in common with standard TLDs than they do with meta-TLDs.

metaTLDs are different from *.onion, *.bit, and other special TLDs, in that:

- They are not intended to globally resolve to a specific IP, but rather to the DNS server that you've chosen to connect to (in this case, DNSChain).
- They cannot be registered, because they already belong to you.

The blog post goes into detail about why they are useful, and what we use them for. Specifically, it shows how metaTLDs can be used in concert with a secure, distributed and decentralized database (read: blockchain) to protect online communications against TLS MITM attacks.

A related use is a secure method of public key distribution for GPG keys, see the GitHub page for an example of this:


The same friend who suggested I post here about this project also suggested that I mention that this project may be of interest to the folks at STRINT 2014.

> ask them if they would be willing to accept a dns.alt or something like that.

*.dns is a metaTLD, whereas I don't believe *.alt has been designated as such? As far as I was able to tell, *.dns has also not been used for anything else, so it's an ideal choice, as it creates an HTTP(S) interface to arbitrary name-resolution systems for JavaScript apps, including today's DNS.

Currently implemented is the namecoin.dns domain, but you can imagine web apps querying today's DNS system over something like `canonical.dns` (something that wasn't possible previously due to browser limitations).

Would an internet-draft or RFC-type specification be of interest?

Constructive feedback is very much appreciated.

Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.