Fistbump vs. Traditional DNS
The Domain Name System works. It is one of the most successful distributed systems ever built. But it depends on institutional trust — in IANA, in accredited registrars, in certificate authorities — and any of those parties can revoke a name on a phone call. Fistbump removes those trust assumptions.
The trust hierarchy
Traditional DNS is a hierarchy of delegations. The root zone is managed by IANA, a function of ICANN. IANA delegates authority for each top-level domain to a registry operator. The registry operator delegates individual registrations to accredited registrars. The registrar's account holds your domain on your behalf.
Layered on top is the web PKI: certificate authorities issue TLS certificates to domain holders, and browsers trust any certificate signed by any CA in their root store. Any CA can issue a certificate for any domain.
The system is operationally reliable but has four documented classes of failure:
- Domain seizure. The US Department of Justice has seized thousands of domains through civil forfeiture, including over 2,700 in a single 2020 operation.
- Infrastructure fragility. The 2016 Dyn DDoS attack took down Twitter, Reddit, and GitHub by targeting a single DNS provider.
- Barriers to entry. A new gTLD application costs $185,000, limiting participation to well-funded organizations.
- Certificate authority compromise. DigiNotar (2011), Symantec's mis-issuance (2017), and various subordinate-CA incidents have shown that the web PKI has structural weaknesses.
Fistbump moves all four attack surfaces off of trusted third parties and into the blockchain's consensus rules.
Summary table
| Property | Fistbump | Traditional DNS |
|---|---|---|
| Root zone governance | Public blockchain (consensus rules) | IANA / ICANN |
| Name ownership | Private key on-chain | Registrar account |
| Seizure resistance | No party can revoke | Registrar, registry, or law enforcement can |
| New TLD cost | Vickrey bid (market-priced) | $185,000 application fee |
| Registration time | ~7 days (auction cycle) | Minutes (existing TLDs) |
| Renewal costs | 1% of registration, annually | $10–20 per year (typical) |
| DNS record types | Standard RFCs (A, AAAA, NS, MX, TLSA, CAA, ...) | Standard RFCs (same set) |
| Certificate validation | Native DANE — no CA needed | Web PKI (CA-dependent) |
| DNSSEC | Used for premium-name gating | Optional deployment |
| Client compatibility | Standard DNS over any recursive resolver | Standard DNS |
1. Domain seizure
In traditional DNS, a domain can be removed from you by multiple parties: the registrar can suspend your account; the registry can update its zone; a court order can compel the registry or registrar; ICANN can withdraw a registrar's accreditation; and IANA can change root zone delegations.
In Fistbump, name ownership is defined by which UTXO the name is bound to. Control of that UTXO requires the private key. There is no account to suspend, no registry to lean on, no authority with unilateral revocation power. The only way your name can be taken is if you sign a TRANSFER covenant or let it expire.
This is a strong property, and it comes with a corresponding responsibility: you are on the hook for your own private key management. Lose the key, lose the name.
2. Registrars
ICANN-accredited registrars intermediate nearly every domain registration. They hold customer accounts, process payments, and submit the actual record changes to registry operators. They also create a business model where the per-domain margin is small and the incentive to automate abuse handling — sometimes by suspension — is large.
Fistbump has no registrars. Name registration is a direct transaction to the chain, submitted by any full node. The same software that validates blocks also submits auction covenants. There is no third party in the registration path.
3. Certificate authorities
TLS certificates are issued by certificate authorities. Browsers trust any CA in their root store, which means any CA can issue a certificate for any domain. CAA records offer limited protection by letting a domain declare which CAs are permitted, but browsers do not check CAA — only the CAs do.
The DigiNotar breach in 2011 allowed attackers to issue valid certificates for *.google.com and other domains. Symantec's chronic mis-issuance led to Google distrusting its certificates in 2018. These are not hypothetical risks.
Fistbump supports DANE natively via on-chain TLSA records. A domain owner publishes a TLSA record binding their certificate (or the CA that issued it) to the name. A client that supports DANE can validate the certificate against the on-chain record without consulting any CA. This removes the CA from the trust path entirely.
4. Native DANE
DANE (DNS-Based Authentication of Named Entities, RFC 6698) has existed for over a decade but has seen limited deployment in traditional DNS because it requires DNSSEC to be widely deployed — and DNSSEC deployment is uneven.
In Fistbump, the chain is the authentication. DNS records on-chain are authenticated by consensus, not by DNSSEC signatures over zone data. A TLSA record retrieved from any fbd node is cryptographically authentic provided the node's chain tip matches consensus. DANE becomes a first-class certificate model rather than an opt-in extension.
5. Operational compatibility
Fistbump serves standard DNS. Any recursive resolver can be pointed at a Fistbump node. Any browser, email server, SSH client, or HTTP client can resolve Fistbump names. No client software change is required.
This is important: Fistbump is not a separate "alternative internet." It slots into the existing DNS resolution path at the root zone. Your ISP's resolver, your OS stub resolver, CloudFlare, Quad9 — any of them can, in principle, forward root-zone queries to a Fistbump-aware resolver chain.
6. Costs
A typical .com domain costs $10–20/year via a registrar. A Fistbump regular TLD has a minimum bid of 10,000 FBC at genesis (halving with block rewards) and a renewal cost of 1% of the registration price annually.
At current mining costs and modest name demand, these are broadly comparable orders of magnitude. Premium names (6 bytes or fewer) are more expensive in Fistbump because they require a DNSSEC proof of ICANN-domain ownership and carry a 100× block-reward minimum bid.
Tradeoffs
Fistbump does not solve every DNS problem, and it introduces tradeoffs that are important to be clear about:
- Self-custody of names. Lose the key, lose the name. There is no registrar to reset your password.
- Chain tip dependency. A resolver needs a recent view of the chain (or a light-client proof) to answer authoritatively. Serving Fistbump from a stale tip is a resolution hazard.
- Bootstrapping. For Fistbump names to be universally resolvable, either major recursive resolvers need to forward queries to Fistbump-aware nameservers, or users need to configure their own. This is a network-effects problem that traditional DNS has already solved.
- Hash-rate security. Fistbump is as secure as the hash rate securing it. Memory-hard PoW broadens the pool of possible miners but does not eliminate concentration risk.
These are real costs. Whether they are worth paying depends on how much you value unilateral revocation power not sitting with ICANN, a registrar, or a certificate authority.