
Show HN: DNS Live on Handshake - rasengan
http://live.ix/
======
rasengan
SS: You will need a Handshake [1] resolver to view this page. This is DNS Live
[2] via a Handshake name! It's setup using a reverse proxy [3].

I was pleasantly surprised to see that HN accepts Handshake Names! :-)

[1]
[https://news.ycombinator.com/item?id=22684048](https://news.ycombinator.com/item?id=22684048)

[2] [https://dns.live/](https://dns.live/)

[3] [https://dns.live/redirect](https://dns.live/redirect)

~~~
zamadatix
HN accepts anything that looks like a URL as URL. It's almost certainly
unaware it is a Handshake name or what Handshake is as are most readers.
[https://handshake.org/](https://handshake.org/) would have been better to
link unless you're really trying to show off a reverse proxy which just
happens to be hosted on Handshake instead of Handshake itself.

~~~
rasengan
I wasn't actually sure that the URL would work when posting. I was hoping to
show the reverse proxy
([https://dns.live/redirect](https://dns.live/redirect)), that DNS is live on
handshake, and that DNS Live is available via handshake but also wanted to be
clear as to what Handshake is since there could be confusion.

(Copied from the link in my previous comment):

Handshake is a naming system built in a decentralized way utilizing
blockchain. It's been quietly in development for several years, but it only
launched in February of 2020. The system builds on top of the legacy DNS
system, further extending and improving upon it, so all legacy domains will
continue to resolve (e.g. ycombinator.com). However, since ycombinator was in
the top 100K Alexa, it can also claim ycombinator. and simply use that name
(more on this later).

The blockchain distributes names by 'releasing' permission to open an auction
on a schedule wherein a SHA3 hash of a name is modulo'd (%) against 52 to
determine the week it will be available. When a name is available, anybody can
send an OPEN transaction which will subsequently open up a public blind
Vickrey auction for everyone to participate. Potential buyers can then send
bids and, whoever wins, will pay the second highest bid [1]. They can also add
an optional blind to the bid to mask their actual bid (so I can bid 10, but
add a blind of 50 to make it look like I bid 60 to try to scare people off for
example - like a bluff in poker). After bidding ends, a reveal period starts
where the actual bids are revealed.

Since launch, there have been a number of domains opened and sold. Some names
have sold for quite a bit of value, such as crypto for 200,000 HNS [2]! This
is at the time of this writing, the equivalent of $32,000.

Past naming projects have struggled for adoption due to the fact that existing
stakeholders in the space (e.g., popular websites, etc.) were unable to obtain
their own names. In order to make sure this would make sense for everyone in
the world, the blockchain prereserved the top 100K domains (and the legacy
internet, so all existing tlds) for the people who are leasing/holding these
names today [3].

Recently, major websites including torrentfreak, voat and brave have claimed
their names [4].

In terms of funding, the project received $10m from early sponsors [5] and
donated it all to FOSS projects and non profit organizations
[6][7][8][9][10][11][12]!

Unlike many of the 'blockchains' that have come into existence, a fundamental
difference of Handshake has been that the founding team and earliest
developers did not receive a substantial amount of coins. Instead, they
received similar amounts to that of the original coin sponsors which includes
the who's who of Silicon Valley. Further, the vast majority of the genesis
coins have been distributed to FOSS developers (that's worth ~150m today) and
FOSS/non profit projects [13]. There are a lot more coin allocations described
in the design notes [14]. The blockchain is owned at a minimum by the open
source internet community or, at best, the whole of humanity [15].

From an ownership perspective, the internet namespace, and the world namespace
really, should belong to the people. Handshake is an experiment to deliver it
to its rightful owners. From a technical perspective, Handshake creates an
opportunity to finally upgrade our technology to gain real security as we will
no longer need to rely on third party CAs [16] nor keep hot keys on servers
since DNSSEC keys can be stored offline [17]. To be clear, without Handshake,
DANE is a backdoor [18]. With Handshake, DANE is complete and the internet is
more secure.

How can you get involved?

1\. Start using a hosted or local resolver [19][20]!

2\. Register a name and use it [21][22]!

3\. Develop and integrate the Handshake Naming System with existing software.

4\. Submit PRs to hsd[23] or the newer implementations that are being
developed like the Rust implementation, rsd[24].

[1] [https://www.namebase.io/blog/tutorial-3-basics-of-
handshake-...](https://www.namebase.io/blog/tutorial-3-basics-of-
handshake-..).

[2] [https://hsd.tools/leaderboard](https://hsd.tools/leaderboard)

[3] [https://dns.live/top.html](https://dns.live/top.html)

[4] [https://dns.live/topclaim-clean.html](https://dns.live/topclaim-
clean.html)

[5]
[https://web.archive.org/web/20191123130625/https://handshake...](https://web.archive.org/web/20191123130625/https://handshake..).

[6] [https://www.fsf.org/news/free-software-foundation-
receives-1...](https://www.fsf.org/news/free-software-foundation-
receives-1..).

[7]
[https://www.debian.org/News/2019/20190329](https://www.debian.org/News/2019/20190329)

[8] [https://www.gnome.org/news/2018/08/gnome-foundation-
receives...](https://www.gnome.org/news/2018/08/gnome-foundation-receives..).

[9] [https://www.gimp.org/news/2018/08/30/handshake-gnome-
donatio...](https://www.gimp.org/news/2018/08/30/handshake-gnome-donatio..).

[10] [https://dot.kde.org/2020/01/21/kde-receives-generous-
donatio...](https://dot.kde.org/2020/01/21/kde-receives-generous-donatio..).

[11] [https://calligra.org/news/handshake-
donation/](https://calligra.org/news/handshake-donation/)

[12] [http://guix.gnu.org/.i18n/de/blog/2018/gnu-guix-receives-
don...](http://guix.gnu.org/.i18n/de/blog/2018/gnu-guix-receives-don..).

[13] [https://github.com/handshake-org/hs-
airdrop](https://github.com/handshake-org/hs-airdrop)

[14]
[https://handshake.org/files/handshake.txt](https://handshake.org/files/handshake.txt)
; Search for: "# Stakeholders"

[15]
[https://handshake.org/files/handshake.txt](https://handshake.org/files/handshake.txt)
; Search for: "# Project Summary"

[16] [https://www.thesslstore.com/blog/what-is-a-rogue-
certificate...](https://www.thesslstore.com/blog/what-is-a-rogue-
certificate..).

[17] [https://github.com/handshake-org/hdns](https://github.com/handshake-
org/hdns)

[18] [https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-
con...](https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con..).

[19] [https://nextdns.io/](https://nextdns.io/)

[20] [https://github.com/handshake-org/hsd](https://github.com/handshake-
org/hsd) \--rs-port 53 | port forward dest 127.0.0.1:53 -> 5350

[21] [https://www.namebase.io](https://www.namebase.io)

[22] [https://github.com/kyokan/bob-wallet](https://github.com/kyokan/bob-
wallet)

[23] [https://github.com/handshake-org/hsd](https://github.com/handshake-
org/hsd)

[24] [https://github.com/UrkelLabs/rsd](https://github.com/UrkelLabs/rsd)

~~~
presumably
Your [18] is a 404.

Would like to hear more on your allegation regarding DANE.

~~~
rasengan
Sorry about that. It cut on the cut/paste. Here is the full link:

[https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-
con...](https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-control-the-
internet/)

Edit: If any other links fail here is the original
[https://news.ycombinator.com/item?id=22684048](https://news.ycombinator.com/item?id=22684048)

~~~
presumably
That article is incredibly misleading in what it leaves out: by using same
logic, our existing CA system is equally a “backdoor”.

We have certificate transparency to help address that, and were DANE to be in
actual use similar systems would quickly appear, for example using the RIPE
Atlas.

DANE is not a backdoor. To exercise it as one would require replacing
operator-controlled keys with government (or other) keys. This would be no
less visible than doing the same with an existing certificate authority.

------
funfunfunction
A thread on Handshake from 6 months ago:

[https://news.ycombinator.com/item?id=20995969](https://news.ycombinator.com/item?id=20995969)

------
eloahx
for anybody confused like I was (takes 1min to setup)

check out [http://www.nextdns.io](http://www.nextdns.io) (like Pi-hole) gives
you control over things like ads, blacklists, etc

set your DNS Servers to whatever it says, mine are

45.90.28.42

45.90.30.42

and go to that website [https://my.nextdns.io](https://my.nextdns.io)

click settings and enable handshake

then you're good to go and can access TLDs from the chain

check out [http://ix](http://ix)

took me 2 minutes to figure it out

I'd love for browsers to support HTTPs on these TLDs.

Firefox already supports NextDNS, there's instructions on how to set up DNS
over HTTPS

I'm kinda liking nextdns anyways over 1.1.1.1 (cloudflare)

project has my interest

~~~
theamk
What kind of use do you see for this? Is this just general "I want to play
with blockchains", or do you have a specific use case in mind?

~~~
ca98am79
one major use is that it opens up the TLD space which is currently
bottlenecked by ICANN

Another use is the ability to actually own your own domain name (instead of
rent it).

~~~
theamk
Yes, I have heard the solutions it provides. But what are corresponding
problems do those things solve? I can come up with some examples:

“I really hate suffixes, so I want my address to be myproject and not
myproject.io”

“I have a business idea which requires me to be a TLD, but I don’t have a ton
of money to pay for it”

“I don’t think ICANN dispute resolution process will work in my favor, so I
would like to get a domain name not subject to it”

“I think the blockchains are the future, and I really want people to use them”

...but I think they either have a better solution, or not worth trying to
deploy yet another domain name system.

~~~
troquerre
Handshake can improve how security on the Internet works. There are also
geopolitical reasons for why it's important:
[https://www.namebase.io/blog/meet-handshake-
decentralizing-d...](https://www.namebase.io/blog/meet-handshake-
decentralizing-dns-to-improve-the-security-of-the-internet/)
[https://www.namebase.io/blog/you-can-make-a-
difference](https://www.namebase.io/blog/you-can-make-a-difference)

------
axtg
Reminds me op xttp.com back in the days. Where you "just" had to add one line
to regedit to allow xttp://mydomain. Good times!

------
troquerre
Took a minute to set up nextdns on my phone but surprisingly the site resolved
like normal on iOS Safari after setup. There are more Handshake sites here too
[https://github.com/namebasehq/awesome-
handshake](https://github.com/namebasehq/awesome-handshake)

------
sjtindell
Fun project thanks for sharing.

~~~
rasengan
You’re welcome! It really is an exciting project!

------
fenderq
I would like to show this thread some love. Nice work!

