ETHEREUM BASED DOMAIN NAME SYSTEM USING SMART CONTRACTS

(BC-DNS)

A Project

Presented to the faculty of the Department of Computer Science

California State University, Sacramento

Submitted in partial satisfaction of the requirements for the degree of

MASTER OF SCIENCE

in

Computer Science

by

Rodney Pinto

SPRING 2019

© 2019

Rodney Pinto

ALL RIGHTS RESERVED

ii

ETHEREUM BASED DOMAIN NAME SYSTEM USING SMART CONTRACTS

(BC-DNS)

A Project

by

Rodney Pinto

Approved by:

______, Committee Chair Dr. Jun Dai.

______, Second Reader Dr. Xuyu Wang.

______Date

iii

Student: Rodney Pinto

I certify that this student has met the requirements for format contained in the university format manual, and that this project is suitable for shelving in the library and credit is to be awarded for the project.

______, Graduate Coordinator ______Dr. Jinsong Ouyang, Ph.D. Date

Department of Computer Science

iv

Abstract

of

ETHEREUM BASED DOMAIN NAME SYSTEM USING SMART CONTRACTS

(BC-DNS)

by

Rodney Pinto

One of the most critical resources that ensure the current working of the internet is the domain name system (DNS). It is a decentralized, hierarchical naming system that is responsible for translating the human-readable domain name to its associated IP address.

The use of DNS thus eliminates the need for humans to remember the IP address of all their favorite websites (such as 172.217.6.68 an IPV4 address for google.com). Despite its widespread use, DNS is vulnerable to various security issues. This project focuses on replicating the basic functionality of the existing DNS on the blockchain and deploying it on a peer to peer network making it completely decentralized and, in the process, make it a bit more secure and reliable by addressing few of the security vulnerabilities of the existing system.

______, Committee Chair Dr. Jun Dai.

______Date

v

DEDICATION

To my family

Who instilled courage in me to believe anything I dream is possible to achieve

To my friends

Who helped me to accomplish my dreams

Finally, to my almighty God

vi

ACKNOWLEDGEMENTS

This project has helped me widen my technical expertise and it would not have been possible without the assistance of my mentors and guides. It has been an excellent learning experience researching and building this project. The encouragement, support, and guidance received from professor Dr. Jun Dai all along helped me to complete the project successfully. With deep gratitude, I extend my heartfelt thanks to him, for having guided me all along till the completion of my project work.

I would also like to thank and appreciate my second reader Dr. Xuyu Wang for his valuable feedbacks and efforts in reviewing the project report.

Finally, I would also like to thank all the reviewers for their valuable time and constructive comments.

vii

TABLE OF CONTENTS Page

Dedication ...... vi

Acknowledgements ...... vii

List of Tables ...... x

List of Figures ...... xi

Chapter

1 INTRODUCTION ...... 1

2 RELATED WORK ...... 4

3 TOOLS AND TECHNOLOGY ...... 8

3.1 Ethereum Blockchain: ...... 8

3.2 Solidity ...... 10

3.3 Remix ...... 10

3.4 Visual studio code ...... 11

3.5 Truffle...... 12

3.6 Metamask ...... 12

3.7 IPFS ...... 13

4 SYSTEM DESIGN ...... 14

4.1 Decentralized Application (Dapp) Layer: ...... 15 viii

4.2 Blockchain Layer: ...... 15

4.3 P2P Network Layer: ...... 16

5 IMPLEMENTATION ...... 17

5.1 Domain name registration: ...... 18

5.2 Domain Name lookup: ...... 21

5.3 Bid on an existing Domain Name: ...... 23

5.4 Transfer Domain Name Ownership: ...... 26

5.5 Extending Term of reservation:...... 28

5.6 Updating zone file: ...... 30

6 EVALUATION ...... 33

6.1 Operational cost of BC-DNS: ...... 33

6.2 Ethereum platform response time ...... 34

6.3 Improvements in security...... 36

7 CONCLUSION ...... 38

References ...... 39

ix

LIST OF TABLES

Tables Page

Table 1- Difference In Design Of BNS, ENS, And BC-DNS...... 6

Table 2 - BC-DNS Transaction Cost ...... 34

x

LIST OF FIGURES

Figures Page

Figure 1- Difference in bitcoin and Ethereum state handling method...... 9

Figure 2- Remix web browser-based IDE ...... 11

Figure 3 - Web3 injection using metamask...... 13

Figure 4 - Transaction in metamask ...... 13

Figure 5 - Ethereum based domain name system using smart contracts architecture...... 14

Figure 6 - Basic structure of the BC-DNS smart contract...... 18

Figure 7- Domain name registration implementation in smart contract...... 20

Figure 8 - User interface for domain name registration...... 21

Figure 9 - Domain name lookup implementation in smart contract...... 23

Figure 10 - User interface for name lookup...... 23

Figure 11 - Domain name bidding implementation in smart contract...... 25

Figure 12 - User interface for domain name bidding...... 25

Figure 13 - Transfer ownership implementation in smart contract...... 27

Figure 14 - User interface for transfer domain name ownership...... 27

Figure 15 - Extend name reservation implementation in smart contract...... 29

Figure 16 - User interface for extending the term of reservation...... 30

Figure 17 - Update zone file implementation in smart contract...... 32

Figure 18 - User interface for updating zone file...... 32

xi

1

1 INTRODUCTION

If you want to access the internet or communicate with a friend over the internet or even want to watch videos of cats, all of this is accomplished by accessing servers that host these services. Every device connected on the Internet must have a unique IP address which can be used by other devices to access its services [1]. It is difficult for humans to remember the IP address of each machine that they are interested in but rather it is easier for humans to associate a friendly readable name with their favorite website. This process of looking up the IP address using a human-readable domain name is accomplished using Domain

Name System (DNS) [1]. Without the help of the DNS, surfing the internet would be a nightmare; it would not be as easy as we do today. Humans do better with a name like

"www.example.com," while computers do well with numbers like 123.54.39.132. Hence, we need a DNS to handle the conversion of names that we are comfortable with into the numbers (IP) that computers deal with [2].

Since the users accessing the internet is vast and are spread across the globe, the current

DNS was built to scale by using a large number of servers, that are arranged hierarchically and are distributed around the world. These hierarchal structures are divided into three classes on the DNS server. First, the root DNS server, second, the top-level DNS server and third, the authoritative DNS servers [3].

The way these servers handle a client’s name resolution request such as

“www.example.com” is as follows.

2

 The client connects with one of the root DNS servicers which intern responds with

the IP address of the top-level DNS server for the top-level name "com."

 The client using the IP from the previous step and connects to top-level DNS server

which then responds with the IP address of the authoritative DNS server for the

domain name "example.com."

 Finally, the client connects to the authoritative DNS server, example.com and gets

the IP address associated with hostname www.example.com [3].

To improve the response type DNS servers heavily make use of caching [3]. It works by one DNS server caching the mapping received as a response by DNS servers reply.

As DNS is now the fundamental aspect that makes the use of the internet an easy task, it is highly probable that attackers could exploit its vulnerabilities. The current DNS is susceptible to several types of attacks.

 Attacks like DNS cache poisoning, distributed denial-of-service (DDoS), and

amplified DDOS, can suspend critical internet services rendering the users helpless.

 Furthermore, the current design of the DNS trusts, certain hidden services that can

cause users to connect involuntarily connect to malicious websites [4].

These security problems have exposed significant flaws in the current DNS which needs to be addressed.

Although the DNS is large and decentralized in nature, users must place their trust on the servers to get the correct information. However, the distributed blockchain can store information on nodes that are in the order of millions across the globe. With a proper

3 consensus mechanism, there would not be any need to trust any back-end servers to resolve name queries. The immutable nature of the blockchain can mitigate most of the attacks thus addressing application from a security perspective.

Blockchain-based DNS is a project designed as a prototype to replicate the basic functionality of the existing DNS on the Ethereum blockchain, making it completely decentralized and in the process make it a bit more secure to address a few of these attacks.

Blockchain-based DNS focuses on eliminating all the centralized aspect of the existing system by making peer to peer decentralized network.

4

2 RELATED WORK

A security study conducted by measurement factory, an internet performance firm shows that 84% of over 1.3 million DNS servers were vulnerable to various types of attacks. The research shows that pharming attack (i.e., redirects the web traffic from its intended destination (via cache poisoning) to attackers website to access users sensitive information or to initiate a denial of service attack on the original website) would likely succeed on most of the servers [5].

As the current DNS is getting older and older several of its flaws have been studied in detail, and several works have been presented to build a new DNS that address many of these flaws.

One such alternative approach is provided by Blockstack [6]. “The Blockstack Naming

Service (BNS) is a network system that binds names to off-chain state without relying on any central points of control [7].” It accomplishes this by inserting logs messages form control plane into the public blockchain. BNS names are organized in a three-layered hierarchy: Namespaces, BNS names, BNS subdomains.

Namespaces are analogous the DNS top-level domains. All registered names must belong to exactly one namespace. BNS names are the names that recorded on the blockchain.

Anyone user can create BNS name for an already existing namespace. The state of BNS names is stored on the Atlas network. BNS subdomains are names that are stored off-chain but are collectively referenced to the blockchain. Unlike BNS namespaces and names, BNS subdomains do not persist on the blockchain.

5

The way our project differs from BNS is, in Blockstack the design is based around a concept of “virtualchain”, where nodes look for the other shared “virtualchain” they’re interested in and reach consensus. The blockchain transaction contains the virtualchain operations as additional meta-data. Although nodes on the blockchain can see the raw data, only the virtualchain contains the logic to process these operations [8] whereas in our project we make use of Ethereum smart contracts that run on-chain. All nodes on the

Ethereum network need to process the smart contracts to reach consensus.

Blockstack makes use of “dumb drivers” where users can use any arbitrary storage backends for companies like Google, Amazon, Dropbox. And Blockstack only maintains a pointer to these storage backends [9]. In our project we make use of a peer to peer network called IPFS (InterPlanetary File System) this allows the required data file to be cached across multiple nodes as needed thus eliminating a single point of failure.

Another Solution is provided by Ethereum Name Service (ENS). It is a naming system that is based on the Ethereum blockchain that is distributed and extensible [10]. The goals of

ENS are like that of a DNS; however, they both have significantly different architecture, due to the way the Ethereum blockchain is designed and way the features and functionality it provides. Like the DNS, ENS also operates on dot-separated hierarchical names, and allocation of any subdomains under that domain is completely controlled by the owner of the domain.

The way ENS differs from our project is, in ENS top-level domains are owned by smart contracts called registrars, that maintain rules that govern the creation of the subdomain.

6

However, in our project, we use a single smart contract that maps the top-level and second- level domain to the zone file which oversees the subdomain allocation for that specific domain name.

Table 1- Difference In Design Of BNS, ENS, And BC-DNS.

BNS ENS BC-DNS

Bitcoin (previously on namecoin, but Blockchain Ethereum Ethereum advertised as any blockchain can be used)

Opensource Yes Yes No

4 (blockchain, virtualchain, routing(p2p), 3 (blockchain, Dapp, # of layers NA storage) storage(p2p))

P2P network Advertised as any P2P network can be used NA IPFS

Smart Contract NA Yes Yes

Resolver Multiple Multiple Single

Use of external Yes NA No database

This paper is follow-up work of the above pioneering work [6] [10], extending the layered implementation of DNS to Ethereum based on smart contracts. This paper attributes all the blockchain-derived innovations and related ideas to the above pioneering work and is more focused on further exploring the potentials in different implementations summarized in

Table 1 above.

7

Apart from these two projects, there is another project, which generates a browser plugin called the blockchain DNS (BDNS) that resolves domain names for Namecoin and

Emercoin [11]. This plugin can only resolve domain names for top-level names like

“.emc”, “.bazar”, “.coin” names for Emercoin, “.bit” names for Namecoin, and others

(OpenNIC). This project differs from our project in the way it is implemented i.e., it acts as an interface to provide the DNS services of the Namecoin and Emercoin and is limited to the top-level domain name supported by these blockchains. Our project, however, makes use of Ethereum blockchain for validation and uses zone files that allow users to use their existing domain name and hierarchical structure.

8

3 TOOLS AND TECHNOLOGY

3.1 Ethereum Blockchain:

Ethereum is a distributed public network that enables the building of decentralized application using smart contracts using blockchain technology. These applications run exactly as they are designed or programmed without any downtime or intervening of a third-party system or any fraudulent activity [12]. As bitcoin was the first application that securely managed monetary transaction without any involvement from a third-party organization/system. Ethereum is designed to do the same thing to the application what bitcoin does to monetary transaction thus making a programmable blockchain [13].

Ethereum is now the second biggest blockchain behind the bitcoin. The design and structure of Ethereum blockchain are in many ways like that of bitcoin. In bitcoin blockchain, each node on the network system has a copy of complete transaction history while in Ethereum not only does each node of the network store the complete transaction history it also maintains the most current state of the smart contract [14]. To maintain proper functioning of the network, Ethereum must track the status of each applications current state, Ethereum user's balance, code for smart contracts deployed and its location.

Figure 1 shows the differences in the bitcoin and the Ethereum blockchain.

9

Figure 1- Difference in bitcoin and Ethereum state handling method.

Ethereum uses Ether as its decentralized digital currency, it is used for all the transactions and computational services on the network, and furthermore, it is a tradable cryptocurrency.

The code written in the smart contacts using any supporting language is compiled and translated into bytecode. This bytecode is a series of bytes, each representing a specific operation [15]. These codes can access the information from the incoming messages like the value, data and the sender information. In addition to the data access from the message, they can also access block header data and return an array of bytes as output. All of this is accomplished using the low-level, stack-based language known as the Ethereum virtual machine (EVM) [15], it acts as a runtime environment for smart contracts. The most

10 important feature of the EVM is that it is Turing complete, meaning it can carry out to encode any computation.

3.2 Solidity

Solidity is a high-level language that is object-oriented and is mainly designed for creating smart contracts. It was specifically designed to support the smart contracts deployed on the ether rum virtual machine and include many features to support the transactions and states on the Ethereum network [16]. Other languages like JavaScript, Python, and C++ mainly influence this language, including and supports features like inheritance, statically typed, complex user-defined types and libraries and more. It is advised that while deploying smart contracts on the Ethereum virtual machine to use the latest version of the solidity as this is a new language and bug fixes and new features are regularly introduced in the new versions.

3.3 Remix

Remix is a powerful, open sourced, web browser-based integrated development environment designed to help in writing smart contracts [17]. Remix makes developers life easier by providing an easy to use interface for developing smart contracts and by supporting testing, debugging and deployment and much more directly from a web browser. For quick testing, debugging and deployment, Remix support three different environments for deployment.

11

 JavaScript VM: A sandbox blockchain in the browser for a quick and easy test of

smart contracts. Reloading the page will remove all previous data and create a new

blockchain from scratch.

 Injected Provider: will make use of the injectable web3 providers like metamask or

Mist to connect to a local blockchain network or a testnet or even the mainnet.

 Web3 Provider: will connect directly to the remote node provided as URL address

to networks like geth, parity or any Ethereum client [18].

Figure 2- Remix web browser-based IDE

3.4 Visual studio code

Visual studio code is an open-sourced, powerful, lightweight code editor that is supported on platforms like the Windows, macOS, and Linux. It supports JavaScript and NodeJS right out of the box and supports extensions for many other popular languages like C++,

12

C#, Java, Python, PHP, Go and many more. It also includes a huge array of features including support for debugging, intelligent code completion, embedded Git control, syntax highlighting and code refactoring [19].

3.5 Truffle

Truffle is a powerful development environment and testing framework that makes the development of decentralized application on Ethereum blockchain. Truffle framework provides features like smart contract compilation, linking, deployment and binary management also enables rapid development by supporting automated contract testing, migration framework. It can be used for network management to deploy smart contracts on many private and public blockchains [20].

3.6 Metamask

Metamask is a browser plugin that enables distributed applications (Dapps) access to

Ethereum blockchain from the web browser. The browser plugin extension works by injecting Ethereum web3 API instance into the web pages JavaScript context, which enables the Dapp to access and modify the information on the supporting blockchain.

Metamask allows users to create, manage and connect to their blockchain accounts using the private key and other supporting wallets, thus ensuring secure transactions when the

Dapp performs any transaction on the blockchain. It also provides an easy and user-friendly interface for approving, rejecting and reviewing transactions [21].

13

Figure 3 - Web3 injection using metamask.

Figure 4 - Transaction in metamask

3.7 IPFS

Inter-Planetary File System is a distributed file system that uses the new hypermedia distribution protocol, which uses identities and content to locate resources. It is designed to link all the computing nodes with file system [22]. It enables developers to build a completely distributed decentralized application. IPFS is a peer-to-peer file system, and no single node has any special privileges. Each node stores the data on local storage and connects to other nodes and transfer data. These data can be a file or other specific data structure to IPFS [23].

14

4 SYSTEM DESIGN

The main idea of this project is to replicate the basic functionality of existing Domain name system on the Ethereum blockchain and deploy it on a peer to peer network such that it is completely decentralized, and no single point of failure is ensured.

Figure 5 - Ethereum based domain name system using smart contracts architecture.

The overall architecture of this project is represented in Figure 5. There are three main interacting components/layers in this project.

 First, the Dapp is responsible for managing the interaction between the users and

other interacting components.

 Then blockchain, an immutable data storage that provides a distributed trust-based

system. It is responsible for storing the mapping of the domain name with its

associated zone file details.

15

 Finally, the p2p network, IPFS which is a peer to peer distributed file system

responsible for storing the actual zone files and the entire DNS Dapp is deployed

on this network.

4.1 Decentralized Application (Dapp) Layer:

The DNS Dapp handles the overall interaction between the user and the system. The Dapp is responsible to accept the users domain name lookup query or registration request, parse the input to extract the top-level names, query the blockchain to access the associated zone file mapping or store the mapping between the domain name and its zone file details, access the stored zone file from the IPFS, reading and parsing the zone file to access the IP address associated with the domain name.

4.2 Blockchain Layer:

Ethereum is a decentralized platform that is open source and supports the deployment of a decentralized application. It uses a blockchain data structure and proof-of-work consensus protocol to eliminate the trust-based system. It also supports the creation and maintenance of self-executing code segments called smart contracts.

This project makes use of the Ethereum blockchain to store the domain name, zone file mapping. The main reason for using the Ethereum blockchain is because of its popularity and sheer size of the network. A blockchain is strongest when it has many interacting nodes, and no one central entity is responsible for updating the block on the network thus preventing any unauthorized updates/addition of the block.

16

4.3 P2P Network Layer:

The interplanetary file system (IPFS) is a peer to peer network used to store and share files on the distributed file system [24]. For any file stored on the network, it returns a unique hash based on the content stored on the network. For this project we make use of this peer to peer network to store the zone file contents and to deploy the Dapp, making it accessible across the globe via any of the node connected to the IPFS network.

17

5 IMPLEMENTATION

As the application is deployed on the IPFS peer to peer network a user can access the Dapp on any of the IPFS nodes gateways. There are many external gateways publicly made available by many companies that we can use or deploy an IPFS instance on the local system.

For the Dapp to interact with the Ethereum blockchain, we need a web3 (a JavaScript library to interact with the blockchain) instance. It allows us to access the users Ethereum account and access the smart contract deployed on the blockchain. Every user looking to register a domain name must have metamask (a bridge that allows users to access the distributed blockchain network) plugin installed and an Ethereum account on the network where the smart contract is deployed. The metamask plugin injects a web3 instance to the

Dapp which is used to interact with the blockchain network. For this project, we are using a local blockchain instance and kovan testnet which is an actual Ethereum network like the

Ethereum mainnet.

The structure of the smart contract is simple and straight forward. We have defined a struct that is responsible for storing data related to the domain name and its owner. We define a mapping between the domain name and the struct that is responsible to store all the domain name data. Contract owner address is also maintained to facilitate payment for domain name creation. Finally, we define all the events corresponding to the functionalities of the smart contract. Figure 6 below shows the structure of the smart contract.

18

Figure 6 - Basic structure of the BC-DNS smart contract.

5.1 Domain name registration:

Any user with a valid Ethereum account on the network that contains the smart contracts, can make use of the domain name registration service to register a domain name for them self. The user will have to provide the domain name, the length of registration and the appropriate zone file for their domain name.

 A user interested in registering a domain name fills out a web form on the Dapp

that captures the top-level domain name (such as .com, .net) and the second-level

domain name (such as Google, Facebook) along with the registration period and

the zone file that contains the name-IP mapping.

19

 The Dapp uses the smart contract metadata and its contract address to query the

blockchain to check if the name is already registered. If so, rejects the user's request

by providing a failure message.

 If the domain name is available for registration, the Dapp connects to the IPFS

network and adds the zone file on the IPFS network which then returns a unique

hash value based on the contents of the zone file.

 The Dapp then contacts the smart contract deployed on the blockchain to

create/modify a record that maps the domain name with the zone file hash and

stores it on the blockchain.

 During the registration process, the owner (the requesting party) of the domain

name is charged 1 ether to register the name and 0.5 ether for per year of

registration.

 The smart contract upon receiving the registration request verifies if the requested

name is available to be registered and then transfer the five either registration fee

to the contract owner. Once the transaction is successful, it proceeds to create a

domain name and zone file hash mapping along with the domain name owner

details.

 The smart contract converts the top-level and the second-level domain name into

byte format and uses it to map the owner's address and the zone file hash value.

This approach prevents the need for creating a tree structure that maps the top-level

name to second-level name. As the cost of each transaction is calculated based on

the number of operations performed by the smart contract, this process particularly

20

proves to be effective because it reduces the number of operations needed to create

a record.

 Once the mapping is successfully created the smart contract sends a confirmation.

 The Dapp upon receipt of confirmation will display a message confirming

successful name registration.

Figure 7 below gives low-level implementation details of domain name registration in the smart contract and Figure 8 provides a look at the user interface of domain name reservation in BC-DNS.

Figure 7- Domain name registration implementation in smart contract.

21

Figure 8 - User interface for domain name registration.

5.2 Domain Name lookup:

Since any user on the internet can request DNS lookup, it is possible that the user might not have an Ethereum account and might not have metamask plugin installed. In such a situation the Dapp has a fallback method that creates a web3 instance without an Ethereum account that allows access to the smart contract deployed on the Ethereum network.

 A user interested in looking up the IP address associated with the domain name

uses the Dapp and searches for a specific domain name.

 The Dapp extracts the top-level and second-level name for the input domain name

and uses the smart contract metadata and its contract address to query the smart

contract deployed on the blockchain network to retrieve the zone file hash

associated with the name.

 The smart contract upon receiving the request, will checks if it’s a valid name and

converts the name to byte form to check if there is a mapping associated with that

name.

22

 If there is a mapping associated with the name it returns the zone file hash else

throws an error.

 If the Dapp receives an error message, it responds to the user with an error message.

 If the Dapp receives a zone file hash, it connects to the IPFS network to access the

zone file contacts using the hash value.

 Once the Dapp receives the zone file contents, it parses the zone file to create a

JSON file that maps the record type with the associated record data from the records

in the zone file.

 The Dapp then starts to resolve the domain name by first looking for the 3rd level

domain name in the JSON file to check if there is a direct mapping if so the IP

address associated with the name is returned.

 If there is no direct mapping, then check if there is any canonical name associated

with the name if so the alias name is then used to check if there is a direct mapping

and the process continues until we find an IP or no mapping in which case we return

an error message.

Figure 9 below gives low-level implementation details of name lookup in the smart contract and Figure 10 provides a look at the user interface for name lookup in BC-

DNS.

23

Figure 9 - Domain name lookup implementation in smart contract.

Figure 10 - User interface for name lookup.

5.3 Bid on an existing Domain Name:

If the Domain name that the user is interested in is already been taken by some other user, the user can bid on this existing domain name using this service. In order to bid on an existing name using this service, the user will need to have a valid Ethereum account and metamask plugin installed in their browser.

 The user interested in a specific domain name that is already registered to another

user can search for the name.

24

 The Dapp extracts the top-level and second-level name for the input domain name

and uses the smart contract metadata and its contract address to query the smart

contract, to check if it is already registered.

 If the name is not registered it redirects the user to the registration page.

 If the name is already registered, the Dapp extracts the minimum bidding amount

and asks the user to bid an amount starting with the minimal value.

 Once the user fills out the form for the bidding and approves the transaction

charges, the Dapp extracts the bidding amount followed by the users account details

and sends the data to the smart contracts to register a bid against the already existing

name.

Figure 11 below gives low-level implementation details of domain name bidding in the smart contract and Figure 12 provides a look at the user interface for domain name bidding in BC-DNS.

25

Figure 11 - Domain name bidding implementation in smart contract.

Figure 12 - User interface for domain name bidding.

26

5.4 Transfer Domain Name Ownership:

If the owner of the domain name decides to sell the domain name to the highest bidder, they can use this service to do so. In order to complete this transaction, the owner must initiate the process by accepting the bid and incurring the transactional cost.

 The domain name owner can check the highest bid registered against their domain

name using the transfer name ownership service.

 The owner starts by entering the domain name that he is interested in selling.

 The Dapp extracts the top-level and second-level name for the input domain name

and uses the smart contract metadata and its contract address to query the smart

contract to check if it is already registered and if so does it belong to the requesting

user.

 If the requesting user is not the owner of the domain name, the Dapp rejects the

request and displays an appropriate message.

 If the requesting user is indeed the owner of the domain name, the Dapp connects

to the smart contract and extracts the details of the highest bid and displays the data.

 If the owner decides to accept the highest bid and approves the transaction, the

smart contract transfers the bidding amount to the existing owner and once the

complete transfers the ownership to the highest bidder.

 Once the name transfer is completed the Dapp notifies the user.

27

Figure 13 below gives low-level implementation details of domain name ownership transfer in the smart contract and Figure 14 provides a look at the user interface for transfer domain name ownership in BC-DNS.

Figure 13 - Transfer ownership implementation in smart contract.

Figure 14 - User interface for transfer domain name ownership.

28

5.5 Extending Term of reservation:

If the domain name reservation term is about to expire or if the owner simply just wants to extend the reservation term they can do so by using this service. The registered name owner can select the term that he wants to extend the ownership for and the cost will be calculated based on the number of years they extend the name reservation.

 The domain name owner interested in extending the term of domain name

ownership uses extend term service.

 The domain name owner starts by entering the domain name that he is interested in

extending the service.

 The Dapp extracts the top-level and second-level name for the input domain name

and uses the smart contract metadata and its contract address to query the smart

contract to check if it is already registered and if so does it belong to the requesting

user.

 If the requesting user is not the owner of the domain name, the Dapp rejects the

request and displays an appropriate message.

 If the requesting user is indeed the owner of the domain name, the Dapp connects

to the smart contract and extracts the details of the existing contract and displays

the data.

 If the domain name owner decides to extend the name reservation term, they can

select from an available list of extension terms and submit approve the transaction.

29

 Once the transaction is approved the smart contract transfer the name registration

charges to the contract owner, once the transaction is approved the reservation term

is extended for the domain name.

 After the reservation term is extended the Dapp notifies the user.

Figure 15 below gives low-level implementation details of the extension of domain name reservation in the smart contract and Figure 16 provides a look at the user interface for extending the term in BC-DNS.

Figure 15 - Extend name reservation implementation in smart contract.

30

Figure 16 - User interface for extending the term of reservation.

5.6 Updating zone file:

The registered owner of the domain name can use this service to update the zone file associated with their domain name. The domain name owner will have to provide the new zone file which will be replaced by the existing file and will be used for any future name lookup.

 The domain name owner interested in updating the zone file uses the update zone

file service.

 The domain name owner starts by entering the domain name that he is interested in

to update the zone file.

 The Dapp extracts the top-level and second-level name for the input domain name

and uses the smart contract metadata and its contract address to query the smart

31

contract to check if it is already registered and if so does it belong to the requesting

user.

 If the requesting user is not the owner of the domain name, the Dapp rejects the

request and displays an appropriate message.

 If the requesting user is indeed the owner of the domain name, the Dapp connects

to the smart contract and extracts the details of the existing zone file and displays

the data.

 The user can view the existing zone file or download to make any required

modification.

 If the user decides to update the zone file, he can upload the now zone file and

submit and approve the transaction.

 Once the transaction is approved the smart contracts uploads the new zone to the

IPFS network and retrieves the hash associated with the file.

 The Dapp then connects to the smart contract and send in the hash.

 The smart contract then replaces the existing hash value with the new hash return

the details of the transaction.

 After the zone file is updated the Dapp notifies the user.

Figure 17 below gives low-level implementation details for updating zone file in the smart contract and Figure 18 provides a look at the user interface for update zone file in BC-DNS.

32

Figure 17 - Update zone file implementation in smart contract.

Figure 18 - User interface for updating zone file.

33

6 EVALUATION

6.1 Operational cost of BC-DNS:

Transactions are an integral part of Ethereum Blockchain or any blockchain in general.

Transactions are what keeps the network running, any interaction on the blockchain is a transaction and to complete each transaction a processing fee associated with the transaction must be paid. These charges are used for the processing the transaction itself and to reward the miners for working towards uploading the block of transactions on the blockchain. The cost of each transaction is calculated based on the number of operations performed. Each operation performed on the Ethereum virtual machine has a cost associated with it and the cost of the transaction is the sum of all the operations. Operations performed here can be addition, multiplication, etc. These operations costs are measured in gas, the value of gas represents the complexity of the operation [25]. It is also important to note that 21000 gas is a standard based cost of all transaction and the final cost of the transaction is the base cost plus the gas price for operations associated with the transaction

[26]. Ethereum uses Ether tokens, a cryptocurrency as a mode of payment for each transaction, and the final calculated gas cost is paid in Ethers. It is worth noting that users must pay for the transaction regardless if it is successfully added to blockchain or not, as miners must be compensated for processing a transaction. The transaction details, like the cost of the transaction, the gas used the cost for mining that transaction and other essential details can be viewed on the Etherscan website.

All the operations in this project that modify the states on the blockchain have a transactional cost associated with it. These transactional costs must be paid solely by the

34 owners of the domain name, and any user looking for name lookup can do so without any transactional cost. Apart from the transaction cost the owner of the domain name is charged

1 Ether for registering a domain name plus 0.5 Ether for each year they register/extend the registration. These registration fees are then transferred to the contract owner as charges for using the registration services. Table 2 below shows the cost of each operation of the

Ethereum based domain name system using smart contracts.

Table 2 - BC-DNS Transaction Cost

Transaction for Gas Ether USD

BC-DNS smart contract creation 2507787 0.062694675 9.71

Registering a domain name 630802 0.000630802 0.098

Bid on an existing domain name 280251 0.000280251 0.043

Transfer domain name ownership 466290 0.00046629 0.072

Updating zone file 48007 0.000048007 0.0074

Extend reservation term 47700 0.0000477 0.0074

Domain name lookup 0 0 0

6.2 Ethereum platform response time

The time it takes to mine a block on the blockchain is called the Block time. Both the bitcoin and the Ethereum blockchain define an expected time and an average time required to create a block on the network. Expected time is used to ensure that miners do not perform more computation to add blocks and thus possibly compromising the security of the

35 network. Bitcoin and the Ethereum blockchain currently use proof of work consensus algorithm to allow miners adding blocks to the network. Bitcoin has an expected time of

10 minutes and Ethereum’s expected time is 10 to 20 seconds. After a predetermined number of blocks are added, the average block time is calculated for the network. If the average block time is less than the expected block time, the difficulty level of the proof of work consensus algorithm is increased and if the average block time is exceeding the expected block time then the difficulty level is reduced thus ensuring a consisting rate at which the blocks are added to the network [27]. At the time of writing, Bitcoin has an expected block creation time of 9.172 minutes [28] while the expected time for Ethereum is 13.29 seconds [29].

As the popularity of the Ethereum network grows, a greater number of contracts are added to the network thus increasing the number of users interacting with the network. This increase in users and contracts in the networks will thus increase the time it takes to mine a transaction and thus eventually the block. The engineers at Ethereum organization are working continuously on improving the scalability of the system and have explored two solutions.

 Sharing resources: In this, a small ratio of the nodes on the network see and process

each transaction thus allowing multiple other transactions to be processed in

parallel.

 Off-chain processing: In this solution, a data link layer or a layer 2 protocol is

created that is responsible for handling the transactions off chain and communicate

with the underlying blockchain [30].

36

6.3 Improvements in security.

The DNS was designed to direct the internet traffic to the correct destination and is being used everywhere by everyone to resolve the domain name. Because all the internet’s web traffic flows through the DNS, it is a highly important system and is susceptible to various attacks that exploit its vulnerabilities. Attackers have found many creative and calculated ways to target and exploit DNS servers. But with the use of the latest technologies and its features this project manages to address some of these vulnerabilities of existing DNS.

DNS cache poisoning is one of the attacks that has disrupted the proper functioning of the existing DNS. In this type of attack, the attacker compromises the resolver’s (ISP) cache that redirects the users to unintended websites or even infects their system with malware.

This project prevents cache poisoning attack by using the content-based addressing technique used in IPFS instead of location-based addressing which is widely used in the current internet. In content-based addressing, a hash is created based on the contents of the file and any updates to the file will lead to change in the hash. Any node on the network that decides to maintain a copy of the file will have the same hash associated to that file. A node on the network can cache the file to is local repository by asking the network who has the file and providing the hash of the file and someone in the network will provide it.

Because it uses content-based addressing the nodes on the network can be sure that the received file is not tampered with. In this project since the hash of zone file used for name resolution is stored on the blockchain and the same hash is used by the Dapp deployed on the IPFS nodes, the Dapp can guarantee that the cached zone file on the IPFS node used to resolve a name is not tampered with, thus making it secure.

37

An important aspect of deploying a Dapp on the peer to peer network like the IPFS is it eliminates a single point of failure. Also, because of content-based addressing and content- signing, it makes attacks like DDoS more difficult [30]. Traditionally attacks like DDoS are targeted on data farms or data centers hosting web services, however since the IPFS is a peer to peer network the contents will be hosted on multiple nodes distributed across the network, thus making it extremely difficult to flood all these nodes.

38

7 CONCLUSION

Given the current state of the internet and its massive dependence on its safe and continued operation, it is time to explore different ideas to make it safer and efficient. The domain name has gone through many improvements over the years, but even so, it suffers from several vulnerabilities. Many times, these vulnerabilities are focused on a single point of failure and there are time attackers take advantage of the DNS’s trust in the interacting system to exploit its vulnerabilities.

Using the blockchains trust-based system to eliminating any third-party trust agent is one way to make the system cleaner and effective. Deploying the DNS on the peer to peer network to ensure constant availability and eliminating any single point of failure make the system one step closer to being more secure. With Ethereum a massively decentralized blockchain and IPFS as the peer to peer network for hosting the application, this variant of

DNS tries to provide an alternate solution to make current internet more secure.

39

8 REFERENCES

[1] Cloudflare, “What Is DNS? | How DNS Works,” [Online]. Available:

https://www.cloudflare.com/learning/dns/what-is-dns. [Accessed: Mar. 06, 2019].

[2] D. Both, "Introduction to the Domain Name System (DNS)," opensource.com, Apr.

06, 2017. [Online]. Available: https://opensource.com/article/17/4/introduction-

domain-name-system-dns. [Accessed: Mar. 09, 2019].

[3] J. F. Kurose and K. W. Ross, "DNS—The Internet’s Directory Service," in

Computer Networking: A Top-Down Approach (6th Edition), Pearson, 2012, pp.

130-144.

[4] S. Rosenblatt, "Fake Turkish site certs create threat of bogus Google sites,"

cnet.com, Jan. 03, 2013. [Online]. Available: https://www.cnet.com/news/fake-

turkish-site-certs-create-threat-of-bogus-google-sites. [Accessed: Mar. 09, 2019].

[5] The Measurement Factory, "The Measurement Factory DNS Survey Executive

Summary," Measurement-factory.com, 2018. [Online]. Available:

http://dns.measurement-factory.com/surveys/sum1.html. [Accessed: Mar. 09,

2019].

[6] M. Ali, J. Nelson, R. Shea and M. J. Freedman, "Blockstack: A Global Naming and

Storage System Secured by Blockchains," in 2016 USENIX Annual Technical

Conference (USENIX ATC ’16), Denver, CO, USA, June 22-24, 2016. pp. 181-194.

40

[7] Blockstack, "Blockstack Naming Service (BNS)," blockstack.org, Apr. 30, 2019.

[Online]. Available: https://docs.blockstack.org/core/naming/introduction.html.

[Accessed: Apr. 30, 2019].

[8] M. Ali, R. Shea, J. Nelson and M. J. Freedman, "Blockstack: A New Internet for

Decentralized Applications," Blockstack Technical Whitepaper, Version 1.1, Oct.

12, 2017. [Online]. Available: https://blockstack.org/whitepaper.pdf. [Accessed

Mar. 09, 2019].

[9] M. Ali, “What is the difference between blockstack and Ethereum?,” Blockstack

Forum, Mar. 02, 2017. [Online]. Available: https://forum.blockstack.org/t/what-is-

the-difference-between-blockstack-and-ethereum/781/3. [Accessed: Mar. 09,

2019].

[10] Ethereum Name Service, "Introduction: Ethereum Name Service," ens.domains.

[Online]. Available: https://docs.ens.domains. [Accessed: Mar. 09, 2019].

[11] "Blockchain-DNS.info – Blockchain Name Resolver," Blockchain-DNS.info, 2018.

[Online]. Available: https://blockchain-dns.info. [Accessed: Apr. 17, 2019].

[12] "ethereum: Blockchain App Platform," ethereum.org. [Online]. Available:

https://www.ethereum.org. [Accessed: Mar. 09, 2019].

[13] S. Raval. "Ethereum Explained," YouTube, Oct. 17, 2017 [Video file]. Available:

https://www.youtube.com/watch?v=-_Qs0XdPpw8 [Accessed: Mar. 09, 2019].

[14] "How Ethereum Works," coindesk.com, 2017. [Online]. Available:

https://www.coindesk.com/information/how-ethereum-works. [Accessed: Mar. 09,

2019].

41

[15] V. Buterin, "A Next-Generation Smart Contract and Decentralized Application

Platform," Ethereum White Paper, 2012. [Online]. Available:

https://fermatslibrary.com/s/ethereum-a-next-generation-smart-contract-and-

decentralized-application-platform#email-newsletter. [Accessed Mar. 09, 2019].

[16] “Solidity — Solidity 0.5.5 documentation,” readthedocs.io, 2016. [Online].

Available: https://solidity.readthedocs.io/en/v0.5.5/index.html#solidity.

[Accessed: Mar. 09, 2019].

[17] "Welcome to Remix documentation!," readthedocs.io, 2018. [Online]. Available:

https://remix.readthedocs.io/en/latest/#welcome-to-remix-documentation.

[Accessed: Mar. 09, 2019].

[18] "Running transactions," readthedocs.io, 2018. [Online]. Available:

https://remix.readthedocs.io/en/latest/run_tab.html. [Accessed: Mar. 09, 2019].

[19] “Visual Studio Code,” visualstudio.com, Apr. 14, 2016. [Online]. Available:

https://code.visualstudio.com/docs. [Accessed: Mar. 09, 2019].

[20] “Truffle Suite | Documentation | Truffle | Overview,” truffleframework.com,

[Online]. Available: https://truffleframework.com/docs/truffle/overview.

[Accessed: Mar. 09, 2019].

[21] "MetaMask Developer Documentation," github.io, 2019. [Online]. Available:

https://metamask.github.io/metamask-docs. [Accessed: Mar. 09, 2019].

[22] IPFS, "IPFS is the Distributed Web," github.com, Dec. 19, 2018. [Online].

Available: https://github.com/ipfs/ipfs. [Accessed: Mar. 09, 2019].

42

[23] J. Benet, “IPFS -Content Addressed, Versioned, P2P File System (DRAFT 3),”

[Online]. Available: https://github.com/ipfs/ipfs/blob/master/papers/ipfs-

cap2pfs/ipfs-p2p-file-system.pdf?raw=true. [Accessed Mar. 09, 2019].

[24] Protocol Labs, "IPFS Documentation - What is IPFS?," ipfs.io, 2017. [Online].

Available: https://docs.ipfs.io/introduction/overview. [Accessed Mar. 09, 2019].

[25] D. Ryan, "Calculating Costs in Ethereum Contracts," hackernoon.com, Jun. 28,

2017. [Online]. Available: https://hackernoon.com/ether-purchase-power-

df40a38c5a2f. [Accessed: April. 01, 2019].

[26] D. G. Wood, "Ethereum: A secure decentralised generalised transaction ledger,"

Byzantium Version 53edd02, Apr. 29, 2019.

[27] P. Siriwardena, "The Mystery Behind Block Time," facilelogin.com, Oct. 15, 2017.

[Online]. Available: https://medium.facilelogin.com/the-mystery-behind-block-

time-63351e35603a. [Accessed: Mar. 31, 2019].

[28] "Bitcoin Block Time historical chart," bitinfocharts.com. [Online]. Available:

https://bitinfocharts.com/comparison/bitcoin-confirmationtime.html. [Accessed:

Mar. 31, 2019].

[29] "Ethereum Block Time History," etherscan.io, 2015. [Online]. Available:

https://etherscan.io/chart/blocktime. [Accessed: Sept. 12, 2004].

[30] L. Mearian, "Ethereum explores a fix for blockchain's performance problem,"

computerworld.com, Jan. 31, 2018. [Online]. Available:

https://www.computerworld.com/article/3245928/ethereum-explores-a-fix-for-

blockchains-performance-problem.html. [Accessed: Mar. 31, 2019].

43

[31] A. Case, "Why The Internet Needs IPFS Before It’s Too Late," techcrunch.com,

Oct. 04, 2015. [Online]. Available: https://techcrunch.com/2015/10/04/why-the-

internet-needs-ipfs-before-its-too-late. [Accessed: Apr. 10, 2019].

[32] L. Holeczek and C. Team, "CoreUI for React.js," coreui.io, 2018. [Online].

Available: https://coreui.io/react/. [Accessed: Jan. 12, 2019].