how to decentralize TLD registration

So basically move the root zone file out of the hands of the government and into a P2P network. This can be done with a small daemon that interfaces with:

  • bind9
  • bitcoind
  • ipfs

Take the root zone file as it is today, and basically “snapshot it”. Make this snapshot your template root zone file. The daemon will add and remove new lines to it.

Registration information will be stored in bitcoin. Anyone can register a new TLD. You simply have to post a bitcoin transaction linking to the information.

The registration will look like this:

“<Valid bitcoin transaction><one input><output to OP_RETURN><append the following string “tld:SHA256hash”>”

Benefits of using bitcoin:

  • It’s the most durable
  • It will protect against bloat, because the block size is limited. Only few people in the world will be able to register TLDs. While at the same time, anyone can do it, as long as you can cover the transaction fee.
  • It supports a already good protocol. The more transactions in the bitcoin network, the higher the fee reaches, the more power the miners have to secure the ledger.

Now, how does the daemon register a TLD after it detects a valid transaction in bitcoin?

  1. It takes the SHA256 hash and reaches out to an IPFS gateway or node to retrieve a valid bind9 zone file.
  2. It checks that the zone file adds a TLD that is not already registered.
  3. If the TLD is already registered, then it checks that the new transaction is from the same input address. If it’s from the same input, then it must be the same person registering, and the new zone file is used, the previous zone file is erased.
  4. For every transaction detected, the registration time of one year is added. So to register a TLD for 100 years, you’ll need to post 100 transactions to bitcoin.
  5. Only the zone file of the most recent transaction is used. If you need to change your DNS information for the TLD, then you must post a new bitcoin transaction.

IPFS is used blindly. You don’t need to trust anything, because the integrity of the file served is verified by the SHA256 hash that was used to grab it. You can use a gateway (such as cloudflare’s) or a full node if you need ultimate trust. The technology behind IFPS is imperfect, but growing. What happens behind the scenes is not important, as all that matters is you demand a hash, and a file is returned that produces that hash. Nothing else about the IPFS technology matters.

With each new TLD registered or updated, you add it to the root zone file that we “snapshotted” at the start, and thus, we have the new, decentralized file. Use this file in bind9 to create your own DNS resolver. Point your computers to this resolver.

Eventually, demand that servers like and also use the decentralized file. Ask people to host their own public resolvers in the meantime. With each new oppression that happens (like SOPA and PIPA), create publicity and drama about the centralization of the root zone file. Ignore everything else and draw public attention to nothing else but the root file. Eventually, it’ll hit a critical mass and become common parlance in the nerd culture, then eventually spread out to popular culture.

How to write the daemon:

  • Use the API in bitcoind to detect each new confirmed block
  • Take the current block height and subtract 100
  • Search that block (the 100th most recently confirmed) for valid tld:transactions
  • Verify they are valid by:
    • Making sure it matches the transaction syntax above, using OP_RETURN and a string with “tld:SHA256hash”
    • Retrieve the file from IPFS and verify it with the hash
    • Verify it’s a valid bind9 file
    • Verify it’s not registered
    • If it is registered, then verify it’s the same person doing it
  • If the verifications pass, then take the new zone file and append it to the root zone file (erasing previous version of the TLD if exists)
  • Reload bind9

That is it. Its very simple, but incredibly strong. It’s strong enough and useful enough to replace the current system of hosting the root file on military bases (etc) under central control.

Some notes:


  • Bloat is controlled by the bitcoin network. Anyone can register, but they need to pay a transaction fee. Each transaction only gains 1 year of registration. So realistically, a new TLD would need to pay for 100 transactions to have a century of registration. If each bitcoin transaction costs $1000, then a century would cost $100,000, a similar price to what we’re doing today.

Bitcoin network fees

  • Soon, bitcoin will only use the blockchain as a courthouse, rather than a ledger. All financial transactions will descend onto the lightning network. The only transactions that ever land on the blockchain at that point will be settlement transactions due to either a rogue or failing node in the lightning network. In this sense, the blockchain will no longer be a ledger, but a courthouse, simply settling troubled transactions that happen in the lightning network. The fees will be very high, over 1000 dollars, and paid for by the failures. This fee will apply also to anyone who wants to register a TLD.
  • The higher the fee, the better. Bitcoin will thrive under high fees. It will mean the blockchain will be as secure as humanly possible because the fees pay the miners who secure the bitcoin protocol.

Please contact me with any criticism or comments.