Blockstack makes DNS more secure by building on top of the blockchain


A new blockchain-based domain name service (DNS) system has been proposed by Blockstack that would use the Bitcoin blockchain in order to register and cryptographically protect domain names with a decentralized ledger. As a decentralized blockchain, Blockstack promises to be more secure than the centralized traditional DNS system, allow private administration of domain names, provide protection from cache poisoning and resist censorship.

Other proposals for similar DNS setups have been presented using blockchain technology in the past include Namecoin, which is a cryptocurrency-service that solves the problem differently. Blockstack acts as an agnostic system that runs on top of another blockchain—which means that it can run atop the Bitcoin blockchain. By leveraging the security of the blockchain it is built atop, Blockstack also increases its value by sending fees for domain name registration to miners.

A blockchain can provide a provisioned ledger for holding public information, while at the same time providing an auditable trail of private keys that allow for editing that information. The blockchain is also a distributed database containing all of its information and can therefore be used as a trusted database (any query can check multiple peers to verify reliability of an answer). As a result, a blockchain is excellent for keeping domain name service (DNS) information where a computer takes an English-readable string of text (e.g. and changes it into a computer-readable IP address (e.g. or 2607:f8b0:400e:c01::8a).

How does a Blockstack node work?

Bitcoin functions by distributing its blockchain freely between all nodes in the network and network nodes act as validators for new blocks added to the chain. While miners work to pack transactions into new blocks and broadcast them to the network, this is incumbent upon the network accepting those new blocks and nodes accept those blocks based on if all the rules had been followed by the miner.

Blockstack adds its own infrastructure on top of a blockchain by providing Blockstack nodes. These nodes process domain name transactions—each node contains its own ledger of domain names, the cryptographic keypairs for domain ownership and records of what the names resolve to (i.e. the IP addresses). Domain name transactions on the network include registrations, transfers and data updates. These “name operations” are encoded into the underlying blockchain through transactions (in the case of Bitcoin it would be bitcoin transfers).

Since the Blockstack node is also a Bitcoin node it runs alongside bitcoind and uses the Remote Procedure Call (RPC) API in order to do its work and update its own database.

Installing and using Blockstack for developers

Installation is extremely easy and it uses a Python installation (Blockstack is written in Python). On Linux the command “sudo pip install blockstack” will get it installed; pip is a tool that comes with most Python packages. For OSX Python may need to be installed with “brew install python” and then pip can be used.

Blockstack is available via a GitHub repository and is fully described in a whitepaper published as “Blockstack: Design and Implementation of a Global Naming System with Blockchains” by Muneeb Ali, Jude Nelson, Ryan Shea, and Michael Freedman (Draft v3, under peer review, Feb 2016).

Blockstack documentation is substantive and the code available on GitHub includes both server and client for the network. As for tools, a Virtualchain Python-based library is included that allows for creating virtual blockchains atop other blockchains (for example the Blockstack chain) as well as a resolver (for scaling name resolution) and a bulk registar server for mass registrations. The package also includes JavaScript code for generating, decoding and verifying auth requests on the network.

Image credit: Courtesy of