An idea about reducing DNSOracle/DNSRegistrar gas cost

According to DNS Registrar - ENS Documentation

Submitting proof to DNSSEC Oracle takes up a lot of gas because it is heavy computation work. It will take up even more gas if you submit the first domain under the specific TLD. This is because it submits proof of both your domain and its parent domain(eg: , as well as .live ). When tested on Ropsten network, it cost 1,663,953 gas

The gas cost is about 1.6M gas units, due to the recursive chain of trust validation of DNSKEY and validation of .xyz and . (root). If we know that

  1. expiration of .xyz is 2day (172800sec)
  2. other owners has already validated .xyz’s DNSKEY

It seems a feasible way to reduce the gas cost by only revalidate when DNSKEY and sig are expired. Has there been any discussion about possibly this route?



This is what the original (stateful) version of the DNSSEC implementation did. Unfortunately due to the low rate of imports, it helped only infrequently, and when we moved to supporting validation at read time (for offchain resolution), we dropped support for caching results.


Ok, that makes a lot of sense. Thanks for explaining @nick.eth

Meanwhile, have there been attempt to petition the RSA to become a precompile contract from ENS standpoint?