pull down to refresh

The Inherent Flaw: Why Decentralized Domain Naming Systems are Doomed to Fail
142 sats \ 9 comments \ @ZezzebbulTheMysterious 11 Jan bitcoin

The Inherent Flaw: Why Decentralized Domain Naming Systems are Doomed to Fail

ZezzebbulTheMysterious and Gemini

2025-01-10

The promise of decentralized technologies has captivated the imagination of many, with visions of censorship resistant systems and user controlled data. However, not all applications of blockchain technology are created equal. While Bitcoin has emerged as a revolutionary force in the realm of digital currency, the concept of Decentralized Domain Naming Systems (DDNS) has consistently fallen short of its lofty ambitions. DDNS offers several apparently ideal attributes:
  • The promise of uncensorable names.
  • True cryptographic control, ownership and transferability of names.
  • Enhanced resilience by eliminating single points of failure.
The fundamental reason for this discrepancy lies in the critical difference between transferring value and establishing identity: Bitcoin deals with the former, while DDNS attempts the latter, a task for which decentralized blockchain technology is fundamentally unsuited in a way that remains trustless and permissionless.
Bitcoin's success stems from its elegant solution to the problem of double-spending in a digital context. By utilizing a decentralized ledger and a proof of work consensus mechanism, Bitcoin enables the secure and verifiable transfer of value without the need for a central authority. This system works precisely because the value being transferred is self-contained within the blockchain. A Bitcoin transaction is not inherently tied to any real-world entity; its validity is determined solely by the cryptographic rules of the network and the energy expended in mining. Its validity is determined solely by internal cryptographic rules, requiring no external trust.
In stark contrast, DDNS attempts to map human-readable names to real-world entities, such as individuals, organizations, or online resources. This creates a fundamental problem: how to establish a binding link between an on-chain name and an off-chain entity and ensure their accuracy – and still remain trustless and permissionless?
In centralized and partially-centralized blockchains, this connection is typically implemented as an oracle. While an oracle can be configured to be decentralized, and the largest oracle service provider, Chainlink claims to be decentralized; but it is not trustless. Trust is extended to the service provider to provide accurate data. The sources that produce the real world data feeds for the oracle are trusted third parties. It's trust all the way down, like anything in the human meatspace world.
Unlike a Bitcoin transaction, which exists solely within the digital realm, a domain name inherently implies a connection to something outside the blockchain. For example, a company claiming ownership of a domain name must demonstrate a legal existence and verifiable identity in the real world. It is of critical importance to security that these names be accurate.
Unlike a Bitcoin address, which can be spontaneously generated and exchanged over an established communication channel, the accuracy in domain names is necessary to construct a secure communication channel in the first place. If names can be hijacked, all future communication channels can be compromised.
This reliance on real world validation, whether through centralized authorities or decentralized trust mechanisms like oracles, exposes a critical vulnerability in DDNS, particularly concerning the scale and impact of malicious activity. This vulnerability sharply contrasts with Bitcoin's resilience.
Consider a malicious act involving Bitcoin: if a user's Bitcoin is stolen (distinguishing between legal and cryptographic ownership), the integrity of the Bitcoin blockchain itself remains unaffected. The theft is an isolated incident, impacting only the victim, and does not disrupt the network's operation or affect other users' holdings. The blockchain continues to function, producing blocks and facilitating transactions as usual. While the theft is unfortunate for the individual, it poses no systemic risk.
In contrast, malicious use of DDNS:
  • Malware command and control server resolution.
  • Phishing attacks exploiting DDNS hosted websites.
  • Registration of fraudulent or offensive names.
  • Name hijacking through outspending legitimate owners.
  • Miners censoring legitimate updates.
The consequences of these attacks introduces systemic risk for the entire network. These actions directly undermine the trust and utility of the entire system. Because DDNS attempts to link on-chain names to off-chain entities without a robust, cryptographic binding, malicious actions against one name can have cascading effects, eroding confidence for all users. This fundamental difference highlights the inherent weakness of DDNS: its reliance on external mechanisms for validation, integrity and accuracy creates a single point of failure that a purely on-chain system like Bitcoin avoids.
While the promise of DDNS is alluring, its inherent reliance on external validation mechanisms creates a fundamental contradiction. Unlike Bitcoin, which operates within a self-contained digital realm, DDNS attempts to bridge the gap between the blockchain and the real world, a task for which it is fundamentally ill-equipped in a trustless and permissionless manner.
While some might argue that future technological advancements could address these challenges, the fundamental mismatch between the on-chain nature of blockchain and the off-chain requirements of establishing real-world identity presents a persistent obstacle. The inherent reliance on external validation mechanisms means that DDNS, in its current conceptualization, cannot achieve true trustlessness and permissionlessness, casting serious doubt on its long-term viability as a truly decentralized solution.
write
preview
related posts
120 sats \ 8 replies \ @lightcoin 13 Jan
In contrast, malicious use of DDNS:

    Malware command and control server resolution.
    Phishing attacks exploiting DDNS hosted websites.
    Registration of fraudulent or offensive names.
    Name hijacking through outspending legitimate owners.
    Miners censoring legitimate updates.

The consequences of these attacks introduces systemic risk for the entire network. These actions directly undermine the trust and utility of the entire system.
I don't see how these attacks are any worse for DDNS than the equivalent attacks would be for bitcoin:
Malware command and control server resolution.
no different than bitcoin malware on the user's computer that can steal their private key or swap out the destination addresses, etc
Phishing attacks exploiting DDNS hosted websites.
no different than a phishing attack on any website that accepts bitcoin, tricking the user into sending BTC to the wrong place
Registration of fraudulent or offensive names.
what is a "fraudulent name"? and why should I care if "offensive" names are registered?
Name hijacking through outspending legitimate owners.
what DDNS system enables users to hijack names by "outspending legitimate owners"?
Miners censoring legitimate updates.
no different than miners "censoring" any other type of time-sensitive bitcoin transaction
Because DDNS attempts to link on-chain names to off-chain entities without a robust, cryptographic binding, malicious actions against one name can have cascading effects, eroding confidence for all users.
can do a simple find and replace here:
Because bitcoin attempts to link on-chain addresses to off-chain entities without a robust, cryptographic binding, malicious actions against one address can have cascading effects, eroding confidence for all users.
do you see why this critique falls flat?
I have my own reservations with DDNS and have a preferred alternative, namely I think that the squatter problem and the phishing problem (perhaps what you are referring to as "fraudulent names") make pet names better than DDNS. But if we are going to critique DDNS then the arguments should be strong, and if those arguments can be just as strongly applied to bitcoin then perhaps they point to areas of improvement for bitcoin as well.
reply
0 sats \ 7 replies \ @ZezzebbulTheMysterious OP 13 Jan
Re DDNS vs Bitcoin, My point is about the scale.
Yes malware can steal keys, but it cannot effect the integrity of other peoples UTXOs. Its isolated. In DDNS one malicious name effects each and every user of the namespace. I feel I addressed the difference between the scope of attack in the essay.
Fraudulent name implies registering a malicious name under fraud, so the phishing context, but also just faking the real name. So more than just phishing, just any name based fraud. I think we generally agree here.
I dont agree about your replace -- Bitcoin does not link an on-chain address to an off-chain entity. This is the fundamental difference about application of Blockchain integrity for Store of Value vs other human constructs. And the point of the essay.
reply
21 sats \ 6 replies \ @lightcoin 13 Jan
In DDNS one malicious name effects each and every user of the namespace.
I don't see how that is the case, any more than it is for centralized DNS -- I can use DNS just fine even if someone else gets scammed by a phisher or someone else has their domain hijacked. Yes those attacks worry me but only because I am aware of them, most people are not and go about their day just fine even with various attacks happening all the time.
Bitcoin does not link an on-chain address to an off-chain entity
It does, or intends to, a bitcoin address represents "the place to send BTC if you want to send BTC to this off-chain entity". If you have a secure way to pass someone your address so that they do not send money to the wrong place, then you also have a secure way to pass someone a DDNS name so that they don't go to the wrong website.
reply
0 sats \ 5 replies \ @ZezzebbulTheMysterious OP 13 Jan
No sir, that is not how Bitcoin works at all. Not in the slightest. You may be missing the nuance here.
There is nothing about 'off chain entities' in the Bitcoin protocol. There is ScriptPubKey and ScriptSigs (and Witnesses). The protocol does not specify how addresses are relayed in the real world. Its not part of the protocol. How humans exchange "bitcoin addresses" is not part of the protocol. There used to be an pay-to-IP component in the protocol, but this is now deprecated.
The point is that discussing how humans exchange human readable addresses between each other is the layer above this problem, and that is the layer in which the DDNS problem exists.
So we are discussing very different things here.
Clarification: Bitcoin does not let me transmit an invalid tx, because it is self contained and must consume an existing output, and send to a new output. The input ScriptSig must be correct as per the bitcoin protocol. DDNS lets me submit any invalid names, be it fake, fraud, phishing, squatting, just plain wrong. There is no way to validate it it in protocol. This is the fundamental difference.
reply
0 sats \ 4 replies \ @lightcoin 13 Jan
The point is that discussing how humans exchange human readable addresses between each other is the layer above this problem, and that is the layer in which the DDNS problem exists. So we are discussing very different things here.
No they are not different, it's the same problem. Again:
If you have a secure way to pass someone your address so that they do not send money to the wrong place, then you also have a secure way to pass someone a DDNS name so that they don't go to the wrong website.
Bitcoin does not let me transmit an invalid tx, because it is self contained and must consume an existing output, and send to a new output. The input ScriptSig must be correct as per the bitcoin protocol. DDNS lets me submit any invalid names, be it fake, fraud, phishing, squatting, just plain wrong. There is no way to validate it it in protocol. This is the fundamental difference.
"submitting an invalid name" ("incorrect" is a better term than "invalid" here) is no different than "submitting an incorrect bitcoin address", which the bitcoin protocol will let you do. Address replacement is a well-known attack. See e.g.
https://medium.com/immunefi/the-malware-that-swaps-your-address-and-drains-your-wallet-552915fba542
https://unchainedcrypto.com/address-poisoning-attacks/
reply
0 sats \ 3 replies \ @ZezzebbulTheMysterious OP 13 Jan
You are missing what I am saying here. The address substitution is occurring at the layer above bitcoin, eg: before it is signed by the user with wallet. This is meat space.
Bitcoin protocol does not allow an attacker to modify a bitcoin transaction when signed. A node cannot interpret a tx as anything but how it was signed. (eg: tx mutability). As long as the meatspace signing part worked (and we have to assume it did, because Bitcoin cannot effect meatspace).
Everything about DDNS is a problem in the meatspace. You cannot solve it with Bitcoin, which cannot effect meatspace.
reply
0 sats \ 2 replies \ @lightcoin 13 Jan
As long as the meatspace signing part worked
this is the central caveat which makes it the same problem
you cannot assume this part works in either scenario
reply
0 sats \ 1 reply \ @ZezzebbulTheMysterious OP 13 Jan
Which is the fundamental thesis of my essay, that it cannot solve this problem.
I'm glad you agree with me.
view replies