LogoLogo
  • Introduction
    • Terminology
  • Frequently Asked Questions
  • Domains Deployments
  • Registrar Frequently Asked Questions
  • Deploying Domains on a Private Chain
  • DNS Registrar guide
  • Domains Improvement Proposals
    • DomainsIP-1: Domains
    • DomainsIP-2: Initial Hash Registrar
    • DomainsIP-3: Reverse Resolution
    • DomainsIP-4: Support for contract ABIs
    • DomainsIP-5: Text Records
    • DomainsIP-6: DNS-in-Domains
    • DomainsIP-7: Interface Discovery
    • DomainsIP-8: Multichain Address Resolution
    • DomainsIP-9: Wildcard Resolution
    • DomainsIP-10: EVM compatible Chain Address Resolution
    • DomainsIP-11: Avatar Text Records
    • DomainsIP-12: SAFE Authentication for Domains
    • DomainsIP-13: On-chain Source Parameter
  • DAPP DEVELOPER GUIDE
    • Domains Enabling your DApp
    • Domains Libraries
    • Working with Domains
    • Resolving Names
    • Managing Names
    • Registering & Renewing Names
    • Domains Front-End Design Guidelines
    • Domains AS NFT
    • Domains Layer2 and offchain data support
    • Domains Data guide
  • CONTRACT API REFERENCE
    • Name Processing
  • Registry
  • ReverseRegistrar
  • TestRegistrar
  • PublicResolver
  • .tomi Permanent Registrar
    • Registrar
    • Controller
  • DNS Registrar
  • Subgraph
    • Query Examples
  • CONTRACT DEVELOPER GUIDE
    • Resolving Names On-chain
    • Writing a Resolver
    • Writing a Registrar
    • TOMI DISCUSSION FORUM
    • TOMI SUPPORT CHAT
  • TOMI MIGRATION (FEBRUARY 2020)
    • Guide for DApp Developers
    • Technical Description
Powered by GitBook
On this page
  • Deployed DNSRegistrar addresses
  • Typescript/Javascript Libraries
  • Examples
  • Retrieving proof from DNS
  • Retrieving the DNS text record
  • Submitting the proof to the DNSRegistrar

DNS Registrar

PreviousControllerNextSubgraph

Last updated 9 months ago

At Domains, we have two smart contracts, DNSSECOracle and DNSRegistrar.

DNSSEC (The Domain Name System Security Extensions) establishes a chain of trust from the root key which is signed by ICANN (.) and down through each key. We start off knowing the hash of the root key of DNS (this is hard coded in the smart contract oracle). Given the hashes of that key, we can pass in the actual key, we can verify that it matches the hash and we can add it to the set of the trusted records.

Given that key, we can now verify any record that is signed with that key, so in this case, it’s the hash of the root of the xyz top-level domain. Given that, we can recognize the key, and so on and so forth.

DNSSEC oracle allows anyone to submit proof of any DNSSEC-signed DNS record on the Ethereum blockchain, as long as it was signed using supported public key schemes and digests. DNSRegistrar grants Domains domains to anyone who can prove ownership of the corresponding domain in DNS through DNSSEC Oracle to prove this.

Deployed DNSRegistrar addresses

  • Mainnet, 0xDDe6812a9CEaaC3B6b3AB49F29D3951F2C0A71D8

When you register Domains names, you can look up the registrar contract address by looking up its parent domain owner (eg: .tomi, for .xyz.tomi). However, when you register via DNSSEC Registrars, the parent domain owner may not exist if you are the first person to register under the TLD.

Typescript/Javascript Libraries

To help you interact with DNSSEC data and the DNSRegistrar, we provide two libraries.

  • DNSProvejs = A library for querying and validating DNSSEC data from DNS

  • dnssecoraclejs = A library for generating proof data for the Domains DNSSEC Oracle.

Examples

Retrieving proof from DNS

import { Oracle } from '@tdnsdomains/dnssecoraclejs'
import { DNSProver } from '@tdnsdomains/dnsprovejs'

const textDomain = '_tdns.matoken.xyz'
const prover = DNSProver.create("https://cloudflare-dns.com/dns-query")
const result = await prover.queryWithProof('TXT', textDomain)

Retrieving the DNS text record

const result = {
  answer: SignedSet {
    records: [{
      name: '_tdns.matoken.xyz',
      type: 'TXT',
      ttl: 300,
      class: 'IN',
      flush: false,
      data: [Array]
    }],
    signature: {
      name: '_tdns.matoken.xyz',
      type: 'RRSIG',
      ttl: 300,
      class: 'IN',
      flush: false,
      data: [Object]
    }
  },
  proofs: [
    SignedSet { records: [Array], signature: [Object] },
    SignedSet { records: [Array], signature: [Object] },
    SignedSet { records: [Array], signature: [Object] },
    SignedSet { records: [Array], signature: [Object] },
    SignedSet { records: [Array], signature: [Object] }
  ]
}

// Retrieving the text record
result.answer.records[0].data.toString()
// 'a=0xa5313060f9fa6b607ac8ca8728a851166c9f612'

queryWithProof returns answer and proofs. answer contains the human-readable record of the DNS record and its signing signature (RRSIG). The example above shows that the leaf of the chain (the first returned record) contains the TXT record type in a=$POLYGON_ADDRESS format.

Submitting the proof to the DNSRegistrar

import { Oracle } from '@tdnsdomains/dnssecoraclejs'
import { abi } from '@tdnsdomains/contracts/abis/dnsregistrar/DNSRegistrar.json'
import { Contract } from 'ethers'

// The registrar address nees to be hard-coded
const registrarAddress = '0xDDe6812a9CEaaC3B6b3AB49F29D3951F2C0A71D8'
const registrar new Contract(registrarAddress, abi, provider)
const oracleAddress = await registrar.oracle()
const oracle = new Oracle(oracleAddress, provider)
const { data, proof } = oracle.getProofData(result)

if(data.length === 0){
    // This happens if someone has submitted the proof directly to DNSSECOracle, hence only claim a name on the registrar.
    return registrar.claim(claim.encodedName, proof)
}else{
    // This submits proof to DNSSECOracle, then claim a name.
    return registrar.proveAndClaim(claim.encodedName, data, proof)
}