Post Fusaka, Ethereum can now cheaply verify real-world DNSSEC proofs onchain. I built dnssec.eketc.co to test the new P-256 precompile in practice—specifically for gasless resolution and verification as a foundation for importing DNS data onchain.
The demo:
- Fetches proofs offchain via gateway.eketc.co and verifies them onchain using the precompile
- Fetches proofs from
_ens.{domain}records, resolves them, and shows the verification chain - Displays gas benchmarks comparing the P-256 oracle against the current implementation
I’ve implemented and tested this update in PR #509, which replaces the EllipticCurve dependency in P256SHA256Algorithm.sol with the EIP-7951 precompile. The change follows ENS’s existing ModexpPrecompile pattern and maintains full compatibility with the existing Algorithm interface.
Technical specification → DNSSEC Onchain Resolution - Eureka