Only the lazy haven’t criticized the classic DNS system, specified in RFC 1034. Indeed, despite high performance, it is all but secure. An attacker can hack it and then forward your traffic to fake websites by hijacking DNS responses for intermediate caching servers (cache poisoning, or spoofing). HTTPS provides a sort of protection using SSL certificates, which allow detecting a spoofed website. But users generally know nothing about SSL and click away from invalid-certificate warnings, sometimes losing money as a result.

To bring an end to the DNS spoofing and hijacking disgrace, IETF came up with DNSSEC, a security extension to the conventional DNS that is currently being rolled out across the ICANN-controlled Internet. Frankly, the implementation process is far from smooth: Most businesses and organizations blatantly ignore the challenges of the new era. Even such IT giants as Google and Yandex have no e-signatures for their DNS zones. “Competent gentlemen” who love sticking their noses into everyone else’s business act differently: The Russian FSB, for example, is not in a hurry to secure itself in this regard, while the CIA seems to be more sensible. Just as are organizations who develop DNSSEC themselves, such as verteiltesysteme.net. But what’s the use talking about some organizations, when around 10% of all top-level domains (TLDs) are still not DNSSEC-signed!

So how did this de-facto mass sabotage come around, despite DNSSEC’s having been free and publicly available for quite a while now? We see a number of reasons:

“Security is strong.” Ordinary sysadmins prefer not to mess with the subject, as it is too complex for them. It’s not enough to just create a DNSSEC zone. You must properly maintain it by updating keys and so on. Human optimism: “It’s never going to happen with us. Troubles are for other people. So we’re good as we are.” Hard to believe? Then here’s a quick question: Do you have a fire extinguisher at your house? HTTPS/SSL provide a viable alternative by reliably detecting fake sites. But in most cases users just ignore such warnings. DNSSEC only protects against outside cache poisoning. It does nothing against an attacker’s compromising the ISP server storing the cache, the domain zone server, or the domain registrar. By the way, that last thing was exactly what had led to the hijacking of blockchain.info. A DNSSEC server has a performance of around 20% of a classic DNS server. It also requires more networking and computational resources.

So we see that while DNSSEC is more secure than conventional DNS, it is still just a palliative because it does not entirely solve the data reliability problem — even if all the admins out there suddenly decided to work hard and do the right thing. And, mind you, an expensive palliative. A five-fold decrease in performance is no joke for a key subsystem that actually affects the Internet speed.

Also note that in case of both the conventional distributed DNS and its DNSSEC descendant, the system will search for a domain at the same time with your making a query. That is, at the very moment when you need computational and networking resources the most — for transferring data and not for finding out who is who or checking signatures. So cache updates and other DNS-related processes take place in the most expensive time, when you want your web page and not some under-the-hood work. Finally, you need all the involved name servers to be healthy and operable in order to use the network. If some intermediate server fails, a whole network segment gets lost, which does happen every now and then.

EmerDNS is a blockchain-based alternative to both conventional DNS and DNSSEC. Unlike the hierarchical structure of DNS/DNSSEC, EmerDNS is a peer-to-peer network that has no domain registrars, domain zone owners, or intermediate caches. And you can’t compromise something that just isn’t exist. Each EmerDNS node has the entire blockchain — that is, the complete database of names and other transactions. Data reliability — the fact that the database is the same for all nodes — is ensured by the blockchain technology itself and a PoS/PoW public consensus. The latter makes a “god mode” impossible for any user, including the system’s developers. Neither we, nor anyone else can just go and cancel or change any arbitrary record. Only specific record owners can do that, and no one else. In a way, EmerDNS is like the “hosts” file, which contains records about all known hostnames. But, unlike hosts:

Each EmerDNS record can only be modified by its owner and no one else.

“God”/super-admin mode is made impossible through miner consensus.

The file is the same for all users, thanks to the blockchain’s replication mechanism.

The file comes together with a fast search engine.

The database is updated using Push notifications as new blocks arrive — asynchronously with user requests. So when you want to visit a website, you already have all relevant and verified DNS records stored locally in a pre-indexed database. Domain names are translated into IP addresses locally, with no external queries, especially not recursive ones. This makes EmerDNS an exceptionally high-performance solution. Besides, resolving domain names does not rely on the good health of any name servers located somewhere in the Internet.

This architecture makes EmerDNS extremely fast, secure, and fault-tolerant. A drawback is that you must have a copy of the blockchain stored by every node — and it includes not only domain information, but also transactions and everything added to the database by everyone else. But with today’s storage prices and capacities, even an ordinary user can afford storing hundreds of gigabytes, so this seems to be a fair tradeoff for the performance and security you get. Besides, the Emer blockchain weights just above 300 megabytes.

Another disadvantage is that you’ll have to pay a certain fee in Emercoins for each domain record update. But the current prices (~$0.1 to create/$0.01 to update a record) anyway make it a much cheaper solution than maintaining your names with domain registrars (around $10/year). Indeed, these $10 will be enough to be buying three updates a day through the year.

The table below shows the differences between the various DNS approaches:

EmerDNS has been live and operating steadily since 2014. You can find detailed instructions on using it in the Emercoin project wiki.

When the Russian Internet regulator blocked a bunch of websites, their owners moved them to EmerDNS due to the system’s high fault-tolerance and security (read more here).

Maxima and Pornolab have instructions (in Russian) on connecting to the system via OpenNIC.

Peername and Fri-Gate provide EmerDNS browser plugins.

Of course, attackers can still hijack and spoof user queries when OpenNIC or other external servers are used. Theoretically, there might also be vulnerabilities related to compromising OpenNIC’s own DNS gateways. That’s why the most secure solution is to deploy an EmerDNS gateway in a trusted local/home/corporate network. Only it will hold the blockchain, and the users will communicate with it through lightweight DNS queries. Such an architecture gives the high reliability and security of EmerDNS without users’ having to store the blockchain on their PCs. The Wiki article provides examples of configuring such a server with the most popular DNS proxies — BIND and DNSMASQ.

We describe EmerDNS in more detail here.

You can learn more about Emercoin in our blog — medium.com/@emer.tech