DNS Security for dnslink

dnslink is the way to make nice names for IPFS content, but since it is just Plain Old DNS there is no verification that the records you get are not being altered… and since IPFS doesn’t sign content with certs containing the DNS name no way to tie the content to the name…

Is the idea here that DNSSEC is going to be here soon enough and will be good enough for our purposes? Or are there other proposals floating around that I should read?

3 Likes

It doesn’t necessarily discuss anything concrete, but there’s some discussion about potential future replacements in this thread: Deprecation plan for DNS?

DNSSEC is good enough to ensure that you get the authoritative answer to a DNS query. So yes, it’s good enough for IPFS’ purposes.