Charter for the DNS integration working group


The below is the draft charter for the DNS integration WG. Comments and feedback appreciated!

Chair and editor nominations are tentative. If you want to chair a WG, or be responsible for editing the proposal to keep up to date with the current consensus, please say.

WG Name: DNS Integration
Chairs: TBD
Editors: Chris Remus

A key factor in the success of ENS will be the degree to which it interoperates with legacy systems, chiefly DNS. At DevCon 3 in November 2017, preliminary support was announced for the use of DNS names on ENS, permitting users to securely ‘claim’ a DNS name on ENS through DNSSEC. This provides first steps towards better integration between the two systems.

The DNS integration WG will discuss and standardise means of improving integration between DNS and ENS.

The products of the DNS integration WG will be:

  • A standard for representing DNS resource record sets on ENS.
  • A standard for the representation, storage, and verification of DNSSEC record sets on Ethereum, suitable for immediate implementation.
  • A standard for an ENS registry that permits allocation of domains to accounts that can demonstrate ownership of a domain via DNSSEC.
  • Proposals for a standard method for adding support for new TLDs and 2LDs on ENS with DNSSEC support.
  • Statements on the expectation of how DNS-based TLDs will be governed with respect to ownership of the corresponding DNS registry.



A couple of items that need to be added to the above:

  • ENS registrar design capable of handling both registrars and domains as owners of names. For example, the .uk domain has registrars (, and domains ( at its second level. No idea if this is possible with the current registrar but if not it will need this functionality
  • A statement around canonical ownership of domains in DNS and ENS. That is, if a domain changes hands in DNS can the new owner take over the relevant ENS domain? There is no right answer to this, but it needs to be clear which way ENS goes on this so that everyone is clear about it. It will also have an impact on the registrar contract

Also, are there situations where DNSSEC is unavailable to some DNS domain owners, and if so is there a way to claim a domain without requiring DNSSEC?


I’ve added a couple of points expressing more general versions of your suggestions; I hope that looks okay.

Some TLDs do not have DNSSEC enabled, or have it enabled but only use ciphers or hashes that cannot currently be implemented on Ethereum.

In that case, there’s presently no workaround, since we can’t trustlessly prove ownership of the domain onchain.


Worth linking here the work that I have done to date on DNS integration.

A smart contract that implements record-based storage of DNS records as an ENS resolver:

A fork of CoreDNS that queries the ENS resolver to answer DNS queries:

Details of how the above systems work:

HOWTO to test the system:

Ethereal can be used to get and set records in the ENS resolver once it has been claimed.


Thanks Jim! That might be better posted as a separate thread, to make it more discoverable.