Blockchain DNS: A Solution in Search of a Problem?

Written By JOSHUA KUO

The Internet is full of buzz words. Some interest me more than the others. I have to say, the craze over everything "blockchain" a few years ago largely escaped me. With one exception: Blockchain DNS. I first learned of the concept of blockchain DNS years ago at one of the DNS-OARC presentations. Something I thought was just an intellectual curiosity has turned into a sizable part of the Internet DNS footprint. Today, I want to spend some time to discuss what it is, and why it may cause more problems than it solves.

What Even Is Blockchain? A Quick Primer

Before we dive into how blockchain "improves" DNS, let's briefly break down what blockchain actually is. Imagine a massive digital ledger, like a giant accounting book, that's not kept in one place but is replicated and shared across thousands of computers, or nodes, around the world.

Whenever a transaction happens (say, sending digital currency or, in this case, registering a domain), it's grouped with other transactions into a block. This block is then cryptographically linked to the previous block, forming an unbreakable "chain." Every node on the network gets a copy of this entire ledger, and they all constantly check each other to make sure no one is trying to cheat or alter old records. It's designed to be transparent, immutable, and operate without a central authority. Sounds great, right?

Blockchain DNS: The High-Level, Flawed Vision

So, how does this apply to DNS? In a nutshell, instead of having a domain name like dnsinsecurity.com registered with a traditional registrar and managed by a hierarchy of DNS servers, blockchain DNS proposes to store these name-to-address mappings directly on a blockchain.

  1. Making an Entry: If you want to register myawesomesite.crypto, you initiate a transaction on the blockchain. This transaction includes the domain name and the cryptographic address (or other data) it should point to. This transaction is then broadcast to all the nodes.

  2. Propagation: Unlike the lightning-fast, highly optimized propagation of the traditional DNS, a blockchain entry's "propagation" means it has to be validated by the network's nodes, bundled into a new block, added to the blockchain, and then this entire updated ledger needs to be synchronized across every single full node. This is a slow, resource-intensive process.

  3. Resolution for End Users:This is where it gets truly clunky. To resolve myawesomesite.crypto, your browser or application can't just ask your regular ISP's DNS resolver. It either needs to:

    • Run a Full or Partial Node: Store a copy of the entire or partial blockchain and query it directly.

    • Use an API Gateway: Rely on a third-party service to query the blockchain for you. (We’ll come back to this third-party later).

The Glaring Limitations and Disadvantages

This brings us to the core of why blockchain DNS, in its current incarnation, is a house of cards.

Scalability Limitations

As more people use these systems (like Bitcoin or Ethereum, cited in a recent Afnic paper), the network slows down dramatically. Every single transaction must be processed by every single full node. For perspective, the Bitcoin network handles around 482,000 transactions per day, while Ethereum handles about 1.633 million daily transactions. Compare this to the DNS, where Akamai alone processes more than 13 trillion queries every single day, and Cloudflare's resolver handles an average of 1.9 trillion queries daily. The current DNS handles trillions of queries daily with incredible speed. Blockchain? Not even close. It's a fundamental architectural limitation.

Storage Demands

Want to run a full node to be truly "decentralized"? You're looking at needing hundreds of gigabytes, even terabytes, for the blockchain ledger. The Bitcoin blockchain size, for example, reached 664.32 gigabytes in August 2025 and the Etherum blockchain size is even larger, in the range of terabytes. This isn't feasible for the vast majority of users, forcing them back into relying on centralized intermediaries. Which, frankly, defeats one of the arguments that blockchain DNS puts power in the hands of the users, if they have to rely on other parties for name resolution. See that? This is the call back from earlier: we have re-introduced the "trusted third party" that blockchain was supposed to eliminate!

Name Collisions and Lack of Governance

The existing DNS, despite its flaws, has a single, globally recognized root managed by ICANN. This ensures unique names. Blockchain DNS, being decentralized (in governance) by definition, has no such global arbiter. This leads to name collisions—the same domain name existing on different blockchains, causing chaos and confusion. The DNS Research Federation has even produced a report highlighting the serious problem of name collisions, noting there is no appropriate legal mechanism for blockchain domain names that infringe on brands or trademarks.

Security Theater, Not Security Reality

While blockchain data itself is immutable, the access to it is often anything but secure for the average user. If you lose your private keys to your blockchain domain, it's gone forever. No help desk, no recovery. Furthermore, as the Afnic paper highlighted, most users rely on centralized API gateways for resolution, reintroducing the exact same "trust" issues (and potential for censorship/manipulation) that blockchain claims to solve. I attended an online meeting last year (I don't remember which one) for blockchain DNS security, and the community is trying to tackle the problem of detecting and removing domain names registered for malicious reasons (such as hosting malware). I applaud their initiative, but while they are just starting to work on the problem, the traditional DNS community has been at this for literally decades and has a much more mature set of tools, community, and procedures around dealing with malicious domain names.

A Haven for Scammers

The unregulated, often pseudonymous nature of these systems makes them a perfect hunting ground for bad actors (no, I don’t mean Nicholas Cage). We're seeing rampant cybersquatting, phishing attempts mimicking legitimate brands, and fraudulent wallet addresses designed to trick users into sending their precious crypto into the abyss. There's no ICANN to complain to, no legal recourse, just the cold, hard, irreversible reality of the blockchain. With traditional DNS, you can report domain abuse to registrars as well as to ICANN itself. ICANN offers many ways for you to submit the complaint, including UDRP (Uniform Domain-Name Resolution Policy) to figure out issues such as copyright infringements.

Complexity with No Benefit

For what benefit are we enduring this added complexity? The current DNS is robust, efficient, and highly resilient. Blockchain DNS introduces massive technical overhead, significant security risks for the user, and a chaotic governance model, all to solve problems that largely don't exist in the context of domain resolution, or to create new ones entirely.

And let’s not forget all the security add-ons we’ve created for DNS such as DNSSEC, encrypted DNS, RPZ, and the one I am most excited about, Deleg (I think it is the final missing piece to secure the entire global DNS namespace).

In conclusion, while the allure of "decentralization" and "censorship resistance" is strong, the reality of blockchain DNS is far from the utopian vision. It does not deliver on some of the promises, is riddled with practical limitations, and, in far too many instances, appears to be little more than a vehicle for speculation and outright scams by those who either misunderstand or deliberately exploit the complexities of internet infrastructure.

Stick to the tried and true DNS. Your domain, and your wallet, will thank you.

JOSHUA KUO
Next

Summer Sale Scam: Watch Out for $99 Griddles and Lookalike Domains