While I’m delighted we finally have DNSSEC support launched for all top-level domains that support it, everyone will be aware that with gas prices as they are, the cost of claiming a DNS domain on ENS can be prohibitive for many. I’d like to outline an idea for an alternate way of handling this that can massively reduce the gas costs of claiming a DNS domain, at the cost of a change in the security model.
The basic idea is to use a “bonded attester” model. Anyone wishing to can put down a deposit - for the sake of argument, say it’s 100 ETH. Once they are bonded, they can sign DNSSEC proofs with their key, attesting that the signed message validates correctly. The DNS registrar will accept such messages, and only needs to validate the attester’s signature, and that they still have a valid deposit, before acting on the message. The entire message (containing all the DNSSEC proofs) and the signature are then emitted as an event. This would reduce the cost of claiming a DNS-based name to somewhere in the region of 100k gas.
Anyone can call a slashing method on the registrar, passing in a signed message; the registrar then runs the existing DNSSEC validation code, and if it does not validate, slashes the attester’s deposit, burning most but giving a portion to the submitter. A backup option, validating an entry the ‘old fashioned’ way and updating it without requiring a signature, will also be provided.
Both signer and watchtower processes will be very simple to implement. A signer simply receives a message that the user claims is a valid DNSSEC proof, and calls the validation method on the registrar, signing it only if the registrar claims it to be accurate. The signer doesn’t have to understand any of the signing process - only how to call the registrar. Likewise, a watchtower process can simply watch for events, and perform a local call to the registrar for each one, looking for any that don’t validate.
The tradeoff here is that the security model changes: if someone is willing to sacrifice the deposit, they can write an invalid entry to the ENS registry, including replacing existing names. Although they would be quickly discovered and slashed, it’s possible an attacker might consider that worthwhile in order to temporarily take over some names.
Financially, there is little reason to run an attester unless there’s a reward for signing. This could be provided, but even without one the ENS team would be happy to run an attester as a public service.
There are a few subtleties to an implementation:
- It will still have to track the inception time of the signature over the TXT record used to prove ownership of the name, to prevent replay attacks reverting names to previous values.
- The DNSSEC oracle code will require some modifications to remove any reliance on stored record hashes and instead always validate the entire chain; this is to ensure that an attester can’t be slashed for a valid signature chain that relies on a key that is later replaced with an updated one.
- Likewise, the attestation will need to include the address of the DNSSEC oracle and the hash of the root keys at the time, in order to prevent changes from either of these resulting in an invalid attestation.
- If the risk of allowing anyone to bond is deemed too high, the ability to become an attester could be access-controlled by the multisig or any other ENS governance organisation.
I’d be really interested to hear peoples’ thoughts on this - is this a worthwhile tradeoff for the very substantial gas cost savings it would offer?